Skip to content

EBBR Notes 2022.12.05

Jump to bottom Edit New page
Vincent Stehlé edited this page Dec 6, 2022 · 3 revisions

Attendees

  • Ilias Apalodimas (Linaro)
  • Heinrich Shuchardt (Canonical)
  • Andreas Färber (SUSE)
  • Vincent Stehlé (Arm)

Agenda

  • Preparing for version 2.1.0
    • Patch to require RISCV_EFI_BOOT_PROTOCOL from Heinrich
  • Issues scrub
  • Continue the discussion on Minimum Viable Product (MVP)
  • No meeting on Dec 19, confirm Jan 2 meeting

Notes

  • Ilias: PKCS7, ACS, authenticated UEFI variables. U-Boot will not support all types of certificate, probably will break SIE ACS.
    • Need a test using an unsupported certificate in dbx, try to boot, should be rejected by bootloader
    • Heinrich: edk2 will support all types. At least make sure we support the secure certificate types (e.g. not sha1)
    • Action: Ilias to run SIE ACS on Synquacer, Vincent to follow up with Stuart
  • 2.1.0 very soon
  • Heinrich: GRUB Devicetree command
    • Andreas: SUSE usually takes bootloader input unmodified. openSUSE has kernel dtb packages.
    • Heinrich: systemd-boot calling into the firmware to do the fixup, Ubuntu's GRUB on non-secure-boot systems does the same.
  • Issues scrub
    • Issue #63, Variable update at runtime
      • Longstanding, hard issue. Kernel could override setvariable at runtime in some cases (e.g. eMMC RPMB). Violate capsule update spec.
      • Action: Ilias will send patch to add explanations to EBBR, close #63
    • Issue #65, Add reference to EFI_TCG2_PROTOCOL
      • Action: Ilias will submit a pull request, keep #65
      • Need to make sure it is compatible with Arm BBSR
    • Issue #68, EFI_DT_FIXUP_PROTOCOL
      • Let the protocol live in U-Boot? Put in EBBR as optional?
      • Action: Vincent to organise call with Samer & Heinrich
      • Difficult to sign initrd/devicetree
    • Issue #70, EBBR provisions for UART console
      • We have stdout-path in chosen node
      • Action: require chosen node & close #70
    • (Stopping there on the issue list because of time.)
  • Next EBBR call
    • Cancel call on 2nd
  • MVP table
    • Ramdisk. Is that EFI_RAMDISK_PROTOCOL? Ilias: NFIT protocol. U-Boot code missing.
    • TCP & HTTP / wget in U-Boot now. Ilias: why keep re-inventing the wheel? In an ideal world, link against an external lib. License must be compatible, though.
  • Last meeting of 2022, thanks for the work on EBBR and see you next year.

Links

Add a custom footer
Add a custom sidebar
Clone this wiki locally