On Fri Apr 19 10:48:51 UTC 2019 François Ozog francois.ozog@linaro.org wrote
We will be conducting a UEFI gap analysis to support EFIBootGuard in U-Boot.
As we are working on UEFI SecureBoot implementation in U-Boot, how do you expect the boot process to be secured? Would U-Boot UEFI SecureBoot verify EFIBootGuard signature and in turn EFIBootGuard will check either grub or Linux signature?
Please elaborate on your vision of a secured boot process.
The UEFI spec is quite clear about this:
An implementation of SecureBoot will check the signature of any EFI binary before starting it. StartImage() will return EFI_SECURITY_VIOLATION when trying to start an image that is neither correctly signed nor whose hash is known.
As we use StartImage() for starting any image the signature of EFIBootGuard would be checked first and then any of the child applications it starts.
You will not be able to start GRUB or the Linux kernel if their signature are not added to U-Boot's key database.
Of cause you could implement inside EFIBootGuard your own mechanism to start a loaded image without calling StartImage(). In this case U-Boot cannot protect you from invalid images.
Best regards
Heinrich