Of capsules, signatures and device trees, TGTBTU

[François Ozog]

Hi,

Following the EFI capsule revert, here* is a contribution to
understand the context in which we designed the patch set. (everyone
is a commenter, please be mindful).

The presentation explores booting, with more details for the Arm
context, pre and post U-Boot. On Arm, pre-U-Boot is shaped after
Firmware Framework-A and other interfaces. There is a similar approach
in RISC-V with OpenSBI.

There is nothing to agree on: many elements of the presentation are
specifications for the Arm ecosystem. The purpose is to reach common
understanding of those for rest of the journey.

Careful reading is required because as we all know very well the
topic, we may skip over stuff and miss key elements that may have
changed since you last checked.  So I'll attract your attention on:

Slide 9: there can be multiple device trees in a Trusted Firmware FIP
(nothing to agree on...)
Slide 11: roles and responsibilities of firmware go far beyond booting
and OTA. CoreBoot and SPL will have to take those into account in the
future.
Slide 17: there is a new boot flow based on "give-me-my-initrd" UEFI protocol
Slide 24: when the firmware is stored on Secure Storage which is a
common case for products,  U-Boot/Linux have absolutely no means to
perform the update (see notes for details).
Slide 28: there are plenty of keys needed, the U-Boot and U-Boot
updater can be different; as well as all firmware components.

I acknowledge that the presentation is hard to read without enough
speaker notes or myself talking to it. Let's say that I prefer to keep
the ball rolling before we can actually program a call: could you send
me in private message your preferred day of the week and best time
(with TZ) for such a thing?

Cordially,

-- 
François-Frédéric Ozog

*) https://docs.google.com/presentation/d/1AHTf9xMNqPXbiDLkBpoKt45UTjV8s34JdtmrxYlfp9M/edit?usp=sharing