| HTTP(S) boot |
|
U-Boot has TCP and HTTP support, with wget command now. Need to expose through UEFI, HTTPS. |
| FIDO device onboarding |
Wait? |
Only OS involved for now; firmware involvement in the future |
| Authenticated capsules |
Mandatory by v3.0.0 |
|
| A/B update |
|
|
| Secure Boot |
Mandatory by v3.0.0? |
|
| TPM(2) / fTPM |
Add in v3.0.0 |
Add conditional requirement (if TPM then TCG2). Implemented in U-Boot and EDK II already. |
| Media / display |
|
|
| Devicetree |
|
|
| Power management |
|
|
| PKCS7 |
|
Maybe not require but recommend in EBBR to implement |
| UEFI Ramdisk |
Drop for now |
Support OS installation through the network but currently requires ACPI NFIT |
| Hardening |
|
Make sure we can conciliate with EBBR requirements |
| Ethernet |
|
Useful for CI and deployment |
| ESRT |
|
More requirements on resource entries? |
| SCMI |
|
Arm only |
| Firmware protected from the OS |
|
eMMC write protect, flash in secure world (Arm only) |
| Allowing fixed PK |
|
SetupMode fixed to 0. PK and AuditMode RO. |