[U-Boot] [PATCH 0/9] EFI payload / application support
Blibbet
blibbet at gmail.com
Fri Dec 25 20:34:13 CET 2015
On 12/22/2015 05:57 AM, Alexander Graf wrote:
> This is my Christmas present for my openSUSE friends :).
>
> U-Boot is a great project for embedded devices. However, convincing
> everyone involved that only for "a few oddball ARM devices" we need to
> support different configuration formats from grub2 when all other
platforms
> (PPC, System Z, x86) are standardized on a single format is a nightmare.
This is a very exciting patch!
The potential to one day run CHIPSEC on U-Boot systems is VERY EXCITING!
https://github.com/chipsec/chipsec
CHIPSEC is a UEFI-centric. Though I've heard someone got it to work on
coreboot-based Intel-based Android system, not sure how.
After UEFI Shell works, I hope a goal is to get UEFI port of CPython
2.7x working, and Intel CHIPSEC running. CHIPSEC is a hardware/firmware
vulnerability detection tool, GPL open source. As I've heard them say,
the Intel CHIPSEC team is open to patches from all architectures for all
firmware targets, not just Intel x86/x64.
Linaro has started to investigate port of CHIPSEC from x86/x64 to
AArch64, as part of port of LUV (Linux UEFI Validation) project. Once
CPython and CHIPSEC run on U-Boot, this enables a whole new level of
hardware/firmware security detection! Once ported to AArch64, the ARM
security teams needs to add some AArch64-centric security test modules
to CHIPSEC, as it'll do little good on ARM, except for a few portable
UEFI variable and SPI tests, otherwise.
https://wiki.linaro.org/LEG/Engineering/luvOS
Hopefully ARM can fund Linaro to also port LUV/CHIPSEC to AArch32, all
of their products need hardware/firmware vulnerability detection
software, not just the latest 64-bit ones.
For U-Boot on MIPS, there is an unofficial UEFI MIPS port, but nobody
has touched it in a while, and CHIPSEC hasn't yet been ported there.
https://github.com/kontais/EFI-MIPS
I didn't think U-Boot ran on OpenPOWER, if it does, I missed that,
sorry. If so, there are two ports of UEFI to OpenPOWER by different
developers at IBM, but (AFAIK) no official OpenPOWER interest in UEFI,
and no CHIPSEC port to OpenPOWER yet. And no OpenPOWER-centric security
modules.
http://firmwaresecurity.com/2015/10/12/tianocore-for-openpower/
http://firmwaresecurity.com/2015/10/12/second-port-of-tianocore-to-openpower/
For other architectures that U-Boot runs on, I'm afraid porting UEFI
will be necessary before CHIPSEC can be attempted. :-( Is there any
marketshare data that shows which architectures coverage by U-Boot?
Dumb question: it appears Intel is not involved in U-Boot's x86/x64
port, or maybe I've just missed their involvement. I see Intel very
involved with coreboot and UEFI, but not U-Boot, even though U-Boot is
targetting Intel platforms. Can someone explain that to me? :-)
Thanks,
Lee Fisher
RSS: http://firmwaresecurity.com/feed
More information about the U-Boot
mailing list