EBBR Notes 2024.09.09

Attendees

• Heinrich Schuchardt (Canonical)
• Jon Humphreys (TI)
• Joakim Bech (Linaro)
• Ricardo Salveti (Foundries.io/Qualcomm)
• Etienne Carrière (STMicroelectronics)
• Vincent Stehlé (Arm)

Agenda

• Pull request #132: Boot Manager requirements

Notes

• Pull request #132 needs some rework around the default boot behaviour: respin.
• Continuing the discussion on Chinese crypto algorithms: we should clarify EBBR crypto requirements.

Raw notes

• Pull request #132: Boot Manager requirements
  • Default boot behaviour confusion; this is removable boot media we want -> respin
• Chinese crypto algo
  • Current UEFI spec 2.10 A: SHA-256 for PKCS#7 (and we do not require at this point).
  • Upcoming UEFI spec 2.11 says SHA-256 can be replaced by the Chinese algos.
  • Today EBBR does not modify § 2.6.5 requirements (Cryptographic Algorithm Requirement). Can we leave that as it is?
    • -> We should clarify where we stand w.r.t. § 2.6.5
    • -> Ask if § 2.6.5 should/will refer to the Chinese algos. in upcoming UEFI spec 2.11.
  • Upcoming UEFI spec 2.11 does not change § 2.6.5; strange?
• While at it -> move the extensions out of source so that we do not grep the index by mistake when looking for terms.

Links

• https://github.com/ARM-software/ebbr/pull/132
• https://uefi.org/specs/UEFI/2.10_A/02_Overview.html#cryptographic-algorithm-requirement