On Fri, 26 Apr 2019 at 12:36, Bryan O'Donoghue bryan.odonoghue@linaro.org wrote:
On 26/04/2019 10:29, Ilias Apalodimas wrote:
I’d rather see Secure Boot image authentication implemented generically
for all u-boot platforms, even when secure world variable updates are not available.
Akashi and Sughosh already have code on that. It's not 100% complete or
tested
yet, but the basic concept works.
Is that to say that u-boot will provide, Runtime services for EFI capsule update ?
That shall be one of the few runtime services supported as well as get/set variables.
Is that the current POR ?
Yes
Maybe its a stupid question but, on x86 the way this works is you submit a capsule to the EFI runtime service, reboot and the EFI firmware does your update.
On Arm then the flow is
#1 Linux capsule update -> reboot -> BootROM -> [BL31],[BL32 TEE] -> u-boot
and u-boot performs the update ? The bracketed items [] being optional ?
only for the untrusted parts. S-EL3 shall update or validate the updates.
A question then would it not also be possible to bypass capsule submission in Linux ?
In a different thread (EFIBootguard: do you follow this one too?), someone
proposed that in the context of A/B partitions, Linux software agent updates a partition and the reboot cycle validates if it accepts. This may be a flow but I see issues in this approach that need a lot of discussion.
#2 Linux -> reboot -> BootROM -> [BL31],[BL32 TEE] -> u-boot
with u-boot looking for say /boot/FirmwareUpdate.cap
In the second case, there's no need from Runtime services is why I ask.
bod _______________________________________________ boot-architecture mailing list boot-architecture@lists.linaro.org https://lists.linaro.org/mailman/listinfo/boot-architecture