Hi Udit,
Hi Ilias
-----Original Message----- From: Ilias Apalodimas ilias.apalodimas@linaro.org Sent: Friday, May 24, 2019 9:57 PM To: Udit Kumar udit.kumar@nxp.com Cc: boot-architecture@lists.linaro.org; Varun Sethi V.Sethi@nxp.com Subject: Re: [EXT] Securing the boot flow in U-Boot
Caution: EXT Email
Hi Udit,
What do you think?
Here we are talking about image signing and image validation. I am not sure, what are your plan to make keys data base (platform key, KeK and DBs) secure while writing. AFAIU, This is one of requirement of secure uefi that these secure variable
should be written in MM mode. The plan on that is run stMM as an OP-TEE TA. This will allow us to run StMM + fTPM simultaneously. The current plan is to support UEFI specs on U-Boot without having secure variable storage. That one is our next step.
May be I am asking too early about your next step
Indeed :) We'll try to have the UEFI secure boot spec in u-boot first, *without* storing the variables in a secure storage. Once we complete this we can start planning the secure part of the varibles.
A bit of history on this. One of the things we are going to try is split U-Boot ENV and UEFI variables. By decoupling those, storing the variables in a different storage should be straightforward (or at least a lot easier than it is today).
Where you see flash driver sitting, Possible options I see, 1/ In OP-TEE and StMM is making sys-call to access it 2/ in TFA (EL3) itself and stMM is making smc calls 3/ OP-TEE is doing sort of mmap to flash controller area and driver is residing in Sec-EL0 itself
All three sound valid. This also depends on the hardware design as well. This is too soon for us, if anyone else has any suggestions it might be a good idea to sum those up in a new thread?
Thanks /Ilias