EBBR Notes 2024.08.26 - ARM-software/ebbr GitHub Wiki
-
Heinrich Schuchardt (Canonical)
-
Ricardo Salveti (Foundries.io/Qualcomm)
-
Etienne Carrière (STMicroelectronics)
-
Ilias Apalodimas (Linaro)
-
Jon Humphreys (TI)
-
Vincent Stehlé (Arm)
- Reminder: we have a poll on-going
- (to try to find an even better schedule for our EBBR call)
- Pull requests
-
#131: Update UEFI version to 2.10 A
-
#132: Boot Manager requirements
- The UEFI 2.11 draft adds the Chinese SM2, SM3 crypto algorithms. Is this something we need to considering in the EBBR specification? (Heinrich)
- UEFI 2.11 draft adding Chinese SM2, SM3 crypto algorithms
- We need to clarify if this impacts capsule authentication.
- In all cases, keep in mind for when adding Secure Boot requirements into EBBR.
- Pull request #131 "Update UEFI version to 2.10 A" approved.
- Pull request #132 "Boot Manager requirements" needs some respin.
- Also, require more "discovery" variables in EBBR.
- Updates from Ilias on
pmem node, uefivar storing variables to a file, and dynamic GUIDs v5 in U-Boot.
- UEFI 2.11 draft adding Chinese SM2, SM3 crypto algorithms
- Firmware shipping in China; would it have other algos as well?
- Current U-Boot not implementing SM algos; would not be able to check user's
PK/KEK signed with those algos.
- EBBR not requiring Secure Boot right now, not requiring algos (except for capsule authentication).
- Add that if we support Secure Boot, then some
CryptoIndications* must be implemented?
- And also maybe capsule authentication
- Is this for capsule authentication, too?
- Action: dig into the spec and clarify
- Pull requests
-
#131: Update UEFI version to 2.10 A
-
#132: Boot Manager requirements
- (see issue #130)
- Problem with
BootOptionsSupport and proposed wording
- Ideally, discovery variables such as
BootOptionSupport should be required
- Could be a separate pull request
-
Ilias: needed for capsule update on-disk, too.
- Note: U-Boot can do the menu
- Why not have an EBBR config fragment in U-Boot?
- Arm IR docs try to capture that, too, only a bit outdated
- Action: respin pull
- Update on
pmem node (Ilias)
- Problem with some installers and
pmem node
- Problem with finding the iso on medium
- Fedora, Ubuntu, Rocky & Debian do not work
- openSUSE & Debian mini.iso work
- Potential kernel bug revealed
- Reserve the
pmem memory area as a workaround?
- Removing from the UEFI memory map better
- Linked to sparse mem mapping
- When sparse mem is disabled, always works
- Problems with some v7 systems, when poking a hole in the memory map
- U-Boot patch to remove the
pmem area from the UEFI memory map
-
SetVariable() at runtime (Ilias)
-
Patch to
uefivar is the last missing piece for the case where storing UEFI variables in a file
- After the patch,
uefivar package will support it when U-Boot is configured correctly
- Every time userspace writes to the UEFI variables, variables will be stored to a file transparently
-
OSFC next week
- U-Boot patches flying on dynamic GUIDs v5
- Keep hardcoded GUID option for now, remove in the future?
⚠️ **GitHub.com Fallback** ⚠️