On Sun, Mar 31, 2019 at 05:52:00PM +0000, Grant Likely wrote:
Hi Takahiro,
Answers below, but first I'd like to introduce you to a colleague or mine who is looking at U-Boot secure boot. Sughosh meet Takahiro; Takahiro meet Sughosh. If you're here at Connect then the three of us should find some time to meet.
Yeah, I know him by e-mail so far:)
On 27/03/2019 15:40, AKASHI Takahiro wrote:
On Tue, Mar 26, 2019 at 09:10:38AM +0000, Grant Likely wrote:
Hi all,
Last week I tagged v1.0-rc1 of EBBR. The release .pdf can be found here:
https://github.com/ARM-software/ebbr/releases
It should represent the content we've discussed in the regular meetings for a baseline v1.0 EBBR. Please review and comment. If there are no major objections I intend to release v1.0 final on Friday this week ahead of Linaro Connect.
I haven't caught up with the latest changes, and so let me ask a couple of questions:
What is the current status of Peter's capsule-based runtime variable access patch[1]? Was this idea discarded?
[1] https://lists.linaro.org/pipermail/boot-architecture/2018-October/000883.htm...
It isn't discarded, but it needs to be implemented and tested. We deferred on specifying the method in EBBR because it hasn't been implemented. On EBBR platforms the OS needs to be prepared to have its own infrastructure to update variables at boot time.
I made prototype of Peter-proposed "runtime variable access" on U-Boot, but it lacks support for variable authentication. So I'm moving on UEFI secure boot implementation.
Thanks, -Takahiro Akashi
When we have a working implementation we can revisit the issue for EBBR
Section 2.5.3 says, "Even when SetVariable() is not supported during runtime services, firmware should cache variable names and values in EfiRuntimeServicesData memory so that GetVariable() and GetNextVeriableName() can behave as specified."
Is this feature now required in EBBR?
This is a "should" recommendation. It is not required.
g.