[PATCH v4 00/16] efi_loader: add secure boot support
Ilias Apalodimas
ilias.apalodimas at linaro.org
Fri Jan 17 07:39:40 CET 2020
[...]
> > > If we implement secure boot according the UEFI specification, one option
> > > would be to package the device tree as a UEFI driver image and let the
> > > stub install it as a configuration table. The unload callback could be
> > > used to remove the device tree.
> > >
> >
> > Sure but this is not in scope for the current patchset is it?
>
> Exactly.
>
> > Similarly you can just include the DTB in U-Boot and naturally have it verified.
> >
> > I am not arguing that DTB verification is needed. We absolutely agree on that.
> > All i am saying is that the extra functionality can be added in the future,
> > since we already have a valid way of providing it with the current patchset.
>
> BTW, Ilias,
> where should such a discussion about dtb verification be held,
> Boot-arch ML, Linaro Connect, ELC or whatever else conference?
> Otherwise just leave the decision in distributors' hands?
We did send some e-mails on boot-arch ML in the past [1]. The subject is quite
controversial since there are a lot of opinions on this.
I think Linaro is working on a device tree evolution project at the moment with
one of the subjects being device tree verification.
We can certainly discuss more during Linaro Connect.
[1] https://lists.linaro.org/pipermail/boot-architecture/2019-June/001053.html
Thanks
/Ilias
>
> Thanks,
> -Takahiro Akashi
>
> > Regards
> > /Ilias
> > >
> > > > >
> > > > > Best regards
> > > > >
> > > > > Heinrich
> > > >
> > >
More information about the U-Boot
mailing list