EBBR Notes 2024.01.15

Attendees

Issue #114: ConnectController isn't mandated but used: agreement to clarify that it must be implemented.
Issue #113: clarify location of firmware for removable storage: agreement to remove some unclear sentences.
Support for OS provided DTBs: discussions around the need for the OS loader to replace the default DTB provided as a UEFI System Table, the practical solutions, as well as the implications in the case of UEFI Secure Boot.

ConnectController()
- Cannot return unsupported thus must be implemented.
- In a future version of EBBR -> clarify.
Clarify firmware location with removable storage
- Firmware in ESP.
- One example: SPL in SPI flash + edk2 in ESP (SPI flash not large enough).
- -> Clarify the sentence.
- Remove sentence about boot order (unclear):
  - "the recommended boot sequence is to first search for firmware in a dedicated firmware partition, and second search for firmware in the ESP."
Support for OS provided DTBs
- Some OS supply a dtb, expect to be booted with it.
- Secure Boot & no agreed method to sign dtb -> issue.
- In U-Boot, no "easy" way to override dtb except bootefi / script.
- There is the EFI_DT_FIXUP_PROTOCOL proposal in issue #68.
- Teach U-Boot boot manager to override the DT; use load options compatible with UEFI.
  - Initramfs supported; do something similar for dtb.
- (Existing) UEFI protocol to authenticate non-executable with UEFI pkcs#7 against Secure Boot db.
  - Apply to initramfs and dtb.
  - Could be used by e.g. GRUB and systemd-boot.
- It could be good to standardize signing and configuring the initramfs and DTB, but ideally push this to UEFI and avoid conflicting specifications.