Skip to content

EBBR Notes 2024.08.26

Jump to bottom Edit New page
Vincent Stehlé edited this page Aug 26, 2024 · 6 revisions

Attendees

  • Heinrich Schuchardt (Canonical)
  • Ricardo Salveti (Foundries.io/Qualcomm)
  • Etienne Carrière (STMicroelectronics)
  • Ilias Apalodimas (Linaro)
  • Jon Humphreys (TI)
  • Vincent Stehlé (Arm)

Agenda

  • Reminder: we have a poll on-going
    • (to try to find an even better schedule for our EBBR call)
  • Pull requests
    • #131: Update UEFI version to 2.10 A
    • #132: Boot Manager requirements
  • The UEFI 2.11 draft adds the Chinese SM2, SM3 crypto algorithms. Is this something we need to considering in the EBBR specification? (Heinrich)

Notes

  • UEFI 2.11 draft adding Chinese SM2, SM3 crypto algorithms
    • We need to clarify if this impacts capsule authentication.
    • In all cases, keep in mind for when adding Secure Boot requirements into EBBR.
  • Pull request #131 "Update UEFI version to 2.10 A" approved.
  • Pull request #132 "Boot Manager requirements" needs some respin.
    • Also, require more "discovery" variables in EBBR.
  • Updates from Ilias on pmem node, uefivar storing variables to a file, and dynamic GUIDs v5 in U-Boot.

Raw notes

  • UEFI 2.11 draft adding Chinese SM2, SM3 crypto algorithms
    • Firmware shipping in China; would it have other algos as well?
    • Current U-Boot not implementing SM algos; would not be able to check user's PK/KEK signed with those algos.
    • EBBR not requiring Secure Boot right now, not requiring algos (except for capsule authentication).
      • Add that if we support Secure Boot, then some CryptoIndications* must be implemented?
        • And also maybe capsule authentication
    • Is this for capsule authentication, too?
    • Action: dig into the spec and clarify
  • Pull requests
    • #131: Update UEFI version to 2.10 A
      • Looks good: merge
    • #132: Boot Manager requirements
      • (see issue #130)
      • Problem with BootOptionsSupport and proposed wording
      • Ideally, discovery variables such as BootOptionSupport should be required
        • Could be a separate pull request
      • Ilias: needed for capsule update on-disk, too.
      • Note: U-Boot can do the menu
      • Why not have an EBBR config fragment in U-Boot?
        • Arm IR docs try to capture that, too, only a bit outdated
      • Action: respin pull
  • Update on pmem node (Ilias)
    • Problem with some installers and pmem node
      • Problem with finding the iso on medium
      • Fedora, Ubuntu, Rocky & Debian do not work
      • openSUSE & Debian mini.iso work
    • Potential kernel bug revealed
      • Reserve the pmem memory area as a workaround?
        • Only sometimes
      • Removing from the UEFI memory map better
      • Linked to sparse mem mapping
        • When sparse mem is disabled, always works
      • Problems with some v7 systems, when poking a hole in the memory map
    • U-Boot patch to remove the pmem area from the UEFI memory map
  • SetVariable() at runtime (Ilias)
    • Patch to uefivar is the last missing piece for the case where storing UEFI variables in a file
    • After the patch, uefivar package will support it when U-Boot is configured correctly
    • Every time userspace writes to the UEFI variables, variables will be stored to a file transparently
  • OSFC next week
  • U-Boot patches flying on dynamic GUIDs v5
    • Keep hardcoded GUID option for now, remove in the future?

Links

Add a custom footer
Add a custom sidebar
Clone this wiki locally