All,
I saw the meeting notes on the wiki:
Ilias: PKCS7, ACS, authenticated UEFI variables. U-Boot will not support all types of certificate, probably will break SIE ACS. Need a test using an unsupported certificate in dbx, try to boot, should be rejected by bootloader
Heinrich: edk2 will support all types. At least make sure we support the secure certificate types (e.g. not sha1) Action: Ilias to run SIE ACS on Synquacer, Vincent to follow up with Stuart
Currently the certificates used in the SIE ACS are all X.509, RSA2048, SHA256.
That is also what is reflected in the SCT public spec for the new secure boot tests: https://github.com/stuyod01/edk2-test/blob/secure-boot/uefi-sct/Doc/UEFI-SCT...
What certificate types will u-boot not support?
Thanks, Stuart
On 12/6/22 7:07 AM, Vincent Stehlé wrote:
Thank you for attending the call yesterday,
The notes are now on the wiki[1] (feel free to amend if you find any mistake or if anything is missing).
Best regards,
Vincent Stehlé System Architect - Arm
boot-architecture mailing list -- boot-architecture@lists.linaro.org To unsubscribe send an email to boot-architecture-leave@lists.linaro.org