Hi Leif/Ard,
Currently, what security properties does secure boot in edk2 on arm guarantee? How should one enable secure boot on the ARM Juno platform?
I've tried copying sections related to "SECURE_BOOT_ENABLE" from OpenPlatformPkg/Platforms/ARM/VExpress/* into corresponding files in OpenPlatformPkg/Platforms/ARM/Juno/ and setting SECURE_BOOT_ENABLE = True. After rebuilding edk2 and arm-tf for Juno, I did a sanity test to check if the kernel image is verified during boot. I didn't sign the kernel image or provide any certificate, etc. so I expect the boot process to fail at kernel verification. However, the boot process continue until the Linux shell prompt. What did I miss here?
I also came across this doc which includes some instructions on secure boot: https://github.com/tianocore/tianocore.github.io/wiki/How-to-Enable-Security Could you elaborate on how the DATA block (which include VARIABLE_STORE_HEADER) is created?
Best Regards,
Tommy IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.