-
Notifications
You must be signed in to change notification settings - Fork 37
EBBR Minimum Viable Product (MVP) discussion
Vincent Stehlé edited this page Mar 6, 2023
·
13 revisions
| Features / keywords | Timeframe | Details / comments |
|---|---|---|
| HTTP(S) boot | U-Boot has TCP and HTTP support, with wget command now. Need to expose through UEFI, HTTPS. | |
| FIDO device onboarding | Wait? | Only OS involved for now; firmware involvement in the future |
| Authenticated capsules | Mandatory by v3.0.0 | |
| A/B update | ||
| Secure Boot | Mandatory by v3.0.0? | |
| TPM(2) / fTPM | Add in v3.0.0 | Add conditional requirement (if TPM then TCG2). Implemented in U-Boot and EDK II already. |
| Media / display | ||
| Devicetree | ||
| Power management | ||
| PKCS7 | Maybe not require but recommend in EBBR to implement | |
| UEFI Ramdisk | Drop for now | Support OS installation through the network but currently requires ACPI NFIT |
| Hardening | Make sure we can conciliate with EBBR requirements | |
| Ethernet | Useful for CI and deployment | |
| ESRT | More requirements on resource entries? | |
| SCMI | Arm only | |
| Firmware protected from the OS | eMMC write protect, flash in secure world (Arm only) | |
| Allowing fixed PK | SetupMode fixed to 0. PK and AuditMode RO. |