boot-architecture

boot-architecture@lists.linaro.org

1 participants
646 discussions

by Francois Ozog

Hi Daniel, We will be conducting a UEFI gap analysis to support EFIBootGuard in U-Boot. As we are working on UEFI SecureBoot implementation in U-Boot, how do you expect the boot process to be secured? Would U-Boot UEFI SecureBoot verify EFIBootGuard signature and in turn EFIBootGuard will check either grub or Linux signature? Please elaborate on your vision of a secured boot process. Cheers FF PS: you may want to subscribe to the boot-architecture mailing list in Linaro.

6 years, 2 months

Re: Standalone MM interface on U-Boot

by Francois Ozog

Hi, I suggest we move the discussion to https://lists.linaro.org/mailman/listinfo/boot-architecture I am sending the subscription link to BKK19 boot sprint attendees. Cheers FF On Thu, 11 Apr 2019 at 10:31, Francois Ozog <francois.ozog(a)linaro.org> wrote: > > > On Thu, 11 Apr 2019 at 10:23, AKASHI, Takahiro <takahiro.akashi(a)linaro.org> > wrote: > >> On Thu, 11 Apr 2019 at 16:49, Joakim Bech <joakim.bech(a)linaro.org> wrote: >> > >> > Hi, >> > >> > @Takahiro, thanks for teaching me what is right and wrong :) >> >> No, no. Everything is right, but some are only suitable for a specific >> relationship :) >> >> > @Ilias, @FF, replies inline below. >> > >> > On Thu, 11 Apr 2019 at 09:22, Francois Ozog <francois.ozog(a)linaro.org> >> wrote: >> >> >> >> >> >> >> >> On Thu, 11 Apr 2019 at 08:51, Ilias Apalodimas < >> ilias.apalodimas(a)linaro.org> wrote: >> >>> >> >>> Hi Akashi-san, >> >>> >> >>> > > I'm just drafting a new card for running the Standalone MM >> >>> > > as Trusted Application in OP-TEE. The use case as I understand >> >>> > > it is to call this TA from U-Boot environment (and when Linux is >> >>> > > up and running). >> >>> > >> >>> > I heard the almost same thing from Francois. >> >>> > I don't mind how the service will be implemented in secure world. >> What I'd >> >>> > like to do here is to add an interface for communicating with >> secure world >> >>> > on U-Boot side (normal world). >> >>> Can we try and avoid double and triple Jira epics, while still giving >> credit to >> >>> SIGs/Groups doing the work? >> >>> We already have an initiative up for u-boot relasted issues. >> >>> https://projects.linaro.org/browse/LEDGE-134 >> >>> >> >> >> >> My proposal is that EPICS related to OPTEE are owned by SWG, even if >> they are resourced by LEDGE. >> >> For instance, I can task a LEDGE assignee to do the OPTEE work under >> Joakim guidance and reporting on a SWG EPIC. >> > >> > This is inline with my thoughts. >> > >> >> >> >> LEDGE Initiative would include an EPIC link to the SWG EPIC: LEDGE can >> then track the many tasks done in KWG and SWG. >> >> Actually I proposed the creation of a lead project: dependable boot. >> >> >> >> For the time being, lets create all the Jira cards we think we need to >> address. Lets check each other iniatives to ensure we have identified all >> pieces of work. >> >> https://projects.linaro.org/browse/LEDGE-151 >> >> https://projects.linaro.org/browse/LEDGE-134 >> > >> > As we're speaking I'm drafting the work for a Standalone MM OP-TEE as >> well as the fTPM stuff: >> > https://projects.linaro.org/browse/SWG-372 (I'm going to add more >> details here after having a chat with Ard ... who is travelling to US for >> the moment). >> > https://projects.linaro.org/browse/SWG-373 >> > >> > Note that I'll more and more start creating Initiatives instead of >> Epics, since I believe the consensus after TSC voting is that our current >> Initiatives are too broad containing unrelated features. Having that said, >> beneath the Initiatives I'll split up sub-tasks as Epics. >> >> Let me make clear; I started my UEFI-related tasks almost >> independently from other groups' activities. In this sense, my >> 'initiative' is KWG-339 (I don't care much though). KWG-403 is >> a card where I want to keep my status updated. >> >> >> >> >> >> >>> >> >>> > >> >>> > Yes, I remember that we discussed lots about running Standalone MM >> as >> >>> > OP-TEE application, and what I'm asking is >> >>> > - do you have any chance to use Standalone MM service on SPM, or >> >>> > - do you want to use it solely as OP-TEE application. >> >>> For the moment all LEDGE platforms we know of are based on u-boot. >> >>> The only platform we have that not u-boot based is the SynQuacer box, >> but Ard >> >>> has already finished his StandaloneMM in SPM on that. >> >> >> >> >> >> SPM does not work with ST32MP1 which is a LEDGE 32 bit target platform >> and, AFAIK, will not work with virtualization in trustzone. >> >> So SPD is our way to go. >> > >> > Yes, and IIRC, this is why we need to make Ard's current Standalone MM >> implementation possible to run as an OP-TEE Trusted Application (basically >> SWG-372). It's even useful on Armv8 devices until we have support for >> running multiple SP's. >> >> So even for some sort of prototyping or POC, you won't use Standalone >> MM services >> in the current form and will be willing to wait for the completion of >> SWG-372? >> >> I think we can swap very easily the protocol used between u-boot and the > Standalone MM. You can surely do a first iteration with SPM version as it > exists today and you can just add the u-boot part. > This allows working in parrallel on different aspects of the > implementation. > We will focus on the SPD part. > > I heard from Ard that some assignee has finished porting Standalone MM >> services >> to qemu, and so I will be able to work on it integrating it into my >> current secure boot patch. >> >> > Sounds perfect! > > >> In addition, in my previous e-mail, I think that I raised some topic >> that we should >> discuss, image authentication as well as rolls of secure world and >> non-secure world. >> This will have impacts on my secure boot patch; in some scenario, my >> current work will >> make almost no sense. >> >> That needs proper discussion: > shall we use the boot-arch mail alias as the mailing list so that we reach > a broad community for comments? > shall we setup a weekly call ? (most attendees are europe to asia time > zones I believe) > > >> Thanks, >> -Takahiro Akashi >> >> >> >> >> >>> >> >>> Cheers >> >>> /Ilias >> > >> > >> > Regards, >> > Joakim >> > > > -- > [image: Linaro] > <https://www.linaro.org/assets/content/RGB-Linaro_Standard.png> > François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group* > T: +33.67221.6485 > francois.ozog(a)linaro.org | Skype: ffozog > > -- [image: Linaro] <https://www.linaro.org/assets/content/RGB-Linaro_Standard.png> François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group* T: +33.67221.6485 francois.ozog(a)linaro.org | Skype: ffozog

6 years, 2 months

Re: [Arm.ebbr-discuss] [EXT] Re: EBBR SC meeting on-site at Connect

by AKASHI Takahiro

# My apology if this kind of discussion is not appropriate in this ML. On Tue, Apr 09, 2019 at 04:20:48PM +0100, Yang Zhang wrote: > On Tue, 9 Apr 2019 at 16:18, Udit Kumar <udit.kumar(a)nxp.com> wrote: > > > Thanks for information AKASHI > > > > IMO for EBBR, we need to define subset of test-cases, which are required > > in EBBR specs. > > > > +1 Since I have been away from SCT long time, I almost forgot details of how SCT runs but at the first glance, it would be quite simple and straightforward as SCT already has a feature to run only a specific list of test cases (through TestCase.ini file). * create a list of test cases (TestCase.ini is automatically generated by SCT if we want to run all.) * check/mark only interested cases (There are always two types of tests: conformance and function.) * run SCT with this list The issue would be who maintain this list and where :) and I don't know that the 'granularity' of each test case would fit well for our subset. > > > I expect some fail in u-boot. > > Also need to find a better way to build uefi-sct > > > > +1 I used pre-built binary of SCT. -Takahiro Akashi > > > > Regards > > Udit > > > > > -----Original Message----- > > > From: AKASHI Takahiro <takahiro.akashi(a)linaro.org> > > > Sent: Tuesday, April 9, 2019 10:53 AM > > > To: Grant Likely <Grant.Likely(a)arm.com> > > > Cc: Udit Kumar <udit.kumar(a)nxp.com>; Dong Wei <Dong.Wei(a)arm.com>; Eric > > > FINCO <eric.finco(a)st.com>; Robert Oshana <robert.oshana(a)nxp.com>; Tony > > > Wu <tonywu(a)realtek.com>; boot-architecture(a)lists.linaro.org; arm.ebbr- > > > discuss <arm.ebbr-discuss(a)arm.com>; LEDGE SC <ledge-sc(a)linaro.org>; > > Varis, > > > Pekka <p-varis(a)ti.com>; nd <nd(a)arm.com> > > > Subject: [EXT] Re: EBBR SC meeting on-site at Connect > > > > > > WARNING: This email was created outside of NXP. DO NOT CLICK links or > > > attachments unless you recognize the sender and know the content is safe. > > > > > > > > > > > > On Sat, Apr 06, 2019 at 07:42:46PM +0000, Grant Likely wrote: > > > > Hi Udit, > > > > > > > > We talked about testing. We generally agreed that UEFI-SCT is > > > > important, even though it is limited. LuvOS (which includes UEFI-SCT) > > > > is a good candidate to do more complete testing, and we also talked > > > > about getting UEFI test cases into the U-Boot CI testing. > > > > > > Just FYI, it was last July that I ran UEFI SCT with U-Boot on qemu. > > > Here is a summary of the result: > > > > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.goo > > > gle.com%2Fspreadsheets%2Fd%2F17e45yojM2nLdRovx0gcgHIAmvv9b_yc9iIUjZ > > > 2LY22c%2Fedit%3Fusp%3Dsharing&data=02%7C01%7Cudit.kumar%40nxp. > > > com%7Cc5b24ae4bd26466e1a7008d6bcab1c5c%7C686ea1d3bc2b4c6fa92cd99 > > > c5c301635%7C0%7C0%7C636903840436702643&sdata=00NOqcpsKPi8DkJ > > > u8y%2F7mLqSI8qQGFSGqzBhbpo3bbE%3D&reserved=0 > > > (Please note that this is not for public review, but just informative.) > > > > > > In my experience, I saw lots of failure cases (some or most of them are > > trivial > > > and can be duplicated ones though), and running through all the test > > cases took > > > a whole week. This is partly because SCT crashes occasionally and I > > needed to > > > restart it next morning :) > > > > > > So I'm not sure that U-Boot UEFI is ready for automated testing with SCT. > > > (We made lots of improvements recently, but I have had no time to re-run > > SCT > > > these days. Give me a fast machine :) > > > > > > -Takahiro Akashi > > > > > > > Linaro LEDGE is looking at adding U-Boot testing to their backlog, but > > > > they don't have any engineering resources who can be assigned to the > > > > work right now. I'm also going to try and resource this from Arm. > > > > > > > > g. > > > > > > > > On 04/04/2019 16:08, Udit Kumar wrote: > > > > > Hi Grant > > > > > > > > > >>>- other business > > > > > > > > > > See, if you can add compliance test suits for EBBR, or subset of > > > > > UEFI-SCT is enough ? > > > > > > > > > > Regards > > > > > > > > > > Udit > > > > > > > > > > *From:* arm.ebbr-discuss-bounces(a)arm.com > > > > > <arm.ebbr-discuss-bounces(a)arm.com> *On Behalf Of *Grant Likely > > > > > *Sent:* Wednesday, April 3, 2019 12:49 PM > > > > > *To:* Dong Wei <Dong.Wei(a)arm.com>; Eric FINCO <eric.finco(a)st.com>; > > > > > Robert Oshana <robert.oshana(a)nxp.com>; Tony Wu > > > <tonywu(a)realtek.com>; > > > > > boot-architecture(a)lists.linaro.org; arm.ebbr-discuss > > > > > <arm.ebbr-discuss(a)arm.com>; LEDGE SC <ledge-sc(a)linaro.org>; Varis, > > > > > Pekka <p-varis(a)ti.com> > > > > > *Subject:* Re: [Arm.ebbr-discuss] EBBR SC meeting on-site at Connect > > > > > > > > > > Agenda for today: > > > > > > > > > > - EBBR v1.0 released (yay!) > > > > > > > > > > - goals for v1.1 or v2.0 > > > > > > > > > > - other issues > > > > > > > > > > - secure world interfaces > > > > > > > > > > - non-block storage > > > > > > > > > > - identification of protected blocks > > > > > > > > > > - other business > > > > > > > > > > --- > > > > > > > > > > Grant Likely > > > > > > > > > > Sr. Technical Director SW Engineering > > > > > > > > > > -------------------------------------------------------------------- > > > > > ---- > > > > > > > > > > *From:*Grant Likely > > > > > *Sent:* Wednesday, April 3, 2019 1:49:23 PM > > > > > *To:* Dong Wei; Eric FINCO; robert.oshana(a)nxp.com; Tony Wu; > > > > > boot-architecture(a)lists.linaro.org; arm.ebbr-discuss; LEDGE SC; > > > > > Varis, Pekka > > > > > *Subject:* Re: EBBR SC meeting on-site at Connect > > > > > > > > > > details for those who had trouble with the calendar invite: > > > > > > > > > > Room: Lotus 5-6 > > > > > > > > > > Time: 5:00pm > > > > > > > > > > Sorry for those of you who aren’t here. I’m not going to have a dial > > > > > in, but I’ll take good notes. > > > > > > > > > > g. > > > > > > > > > > > > > _______________________________________________ > > > > boot-architecture mailing list > > > > boot-architecture(a)lists.linaro.org > > > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist > > > > s.linaro.org%2Fmailman%2Flistinfo%2Fboot- > > > architecture&data=02%7C01 > > > > > > > %7Cudit.kumar%40nxp.com%7Cc5b24ae4bd26466e1a7008d6bcab1c5c%7C686 > > > ea1d3b > > > > > > > c2b4c6fa92cd99c5c301635%7C0%7C0%7C636903840436702643&sdata=F > > > Rd8%2B > > > > nzRF827ZMG1fYeDwEr90V%2BZHvIHbFiIPAhBFiQ%3D&reserved=0 > > > > _______________________________________________ > > Arm.ebbr-discuss mailing list > > Arm.ebbr-discuss(a)arm.com

6 years, 2 months

Re: EBBR SC meeting on-site at Connect

by Grant Likely

details for those who had trouble with the calendar invite: Room: Lotus 5-6 Time: 5:00pm Sorry for those of you who aren’t here. I’m not going to have a dial in, but I’ll take good notes. g. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

6 years, 2 months

Re: [edk2] [edk2-announce] ATTN: List Transition Begins Today

by Leif Lindholm

FYI: EDK2 development mailing list changing to devel(a)edk2.groups.io This will give us some better flexibility with regards to whitelisting non-subscribers and suchlike currently not possible through 01.org. On Wed, Apr 03, 2019 at 10:59:31AM -0500, stephano wrote: > tl;dr > If you're sending emails to this list, now would be a good time to switch > over to the new list: https://edk2.groups.io/g/devel > > > We will be transitioning to Groups.io today for our devel mailing list. At > some point today, this email will begin to bounce any incoming messages. > I'll be working on getting the archive of old emails uploaded to Groups.io. > When I have a timetable for the archives I'll update the new list. > > Cheers, > Stephano > _______________________________________________ > edk2-devel mailing list > edk2-devel(a)lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel

6 years, 3 months

EBBR SC meeting on-site at Connect

by Grant Likely

[Updated with new room] Hi all, For those of you at Linaro Connect, I’ve scheduled an EBBR Face to Face on Wednesday. I’ll email around an agenda tomorrow. Email me if you’ve got anything specific you’d like to discuss. For those of you who aren’t here, I’ll try to provide a remote dial-in but I’m not hopeful that it will work. I will make sure good notes are taken, and we’ll do a summary on the next regular conference call. Cheers, g. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

6 years, 3 months

EBBR SC meeting on-site at Connect

by Grant Likely

Hi all, For those of you at Linaro Connect, I’ve scheduled an EBBR Face to Face on Wednesday. I’ll email around an agenda tomorrow. Email me if you’ve got anything specific you’d like to discuss. For those of you who aren’t here, I’ll try to provide a remote dial-in but I’m not hopeful that it will work. I will make sure good notes are taken, and we’ll do a summary on the next regular conference call. Cheers, g. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

6 years, 3 months

EBBR SC meeting on-site at Connect

by Grant Likely

6 years, 3 months

EBBR v1.0-rc1

by Grant Likely

Hi all, Last week I tagged v1.0-rc1 of EBBR. The release .pdf can be found here: https://github.com/ARM-software/ebbr/releases It should represent the content we've discussed in the regular meetings for a baseline v1.0 EBBR. Please review and comment. If there are no major objections I intend to release v1.0 final on Friday this week ahead of Linaro Connect. g.

6 years, 3 months

EBBR v0.8 released

by Grant Likely

Hi all, Yesterday I tagged EBBR v0.8 in the git repo and published a new pdf. Please go review and comment. https://github.com/ARM-software/ebbr/releases/tag/v0.8 We're nearing the end of the v1.0 process. I would like to tag a v1.0 release before the end of March. Feedback comments from v0.6 and v0.7 have been incorporated. Presuming no major objections, I will tag a v1.0-rc1 on Monday 18 March 2019, to be followed by a final v1.0 on Friday 29 March, There is one more outstanding change that didn't make it into v0.8, but will be in the next release. The UEFI requirements appendix has been removed as it merely duplicates requirements already listed in the UEFI specification. Thanks, g.

6 years, 3 months

← Newer
1
...
32
33
34
35
36
37
38
...
65
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

boot-architecture