Skip to content

EBBR Notes 2023.02.13

Jump to bottom Edit New page
Vincent Stehlé edited this page Feb 14, 2023 · 1 revision

Attendees

  • Heinrich Shuchardt (Canonical)
  • Ahmad Fatoum (Pengutronix)
  • Ilias Apalodimas (Linaro)
  • Vincent Stehlé (Arm)

Agenda

  • SetVariable() at runtime for boards that store EFI variables on an RPMB (Ilias)
  • Review pull request #101 ("Refresh reference for RISC-V hypervisor extension")
    • Fix to issue #100 ("Wrong link to hypervisor extension for RISC-V")

Notes

  • SetVariable() at runtime
    • Replace calls to EFI at runtime by calls to op-tee. Violates EFI (but works).
    • For op-tee, part of discoverable bus. Kernel can discover an swap runtime calls.
    • Context: variables in RPMB, device not owned by firmware.
    • Other idea: standardize format of file, where variables are stored (on ESP with filesystem).
    • Need a way for authenticated variables then.
    • Kojima sent patches, not many comments.
    • U-Boot file format could be a good starting point.
    • Problem of locking to avoid multiple processes writing to the file, potential large delay.
    • Problem with user accessing the file directly.
    • Problems with FAT could be mitigated by using ext4 for the ESP.
    • EFI spec does not require FAT.
    • If we push that to the userspace tools, how do we synchronize everyone?
    • Accessing the file: U-Boot, kernel, tools...
    • Size limit for storage in op-tee? Ilias tried 1/2 MB. StMM and U-Boot limits need to match.
    • Configuration table solution did not fly because one system could not change the firmware.
    • Goal: one kernel supporting all solutions.
    • Can bake PK/KEK/db/dbx into U-Boot (non standard)
    • U-Boot saves the authenticated variables, but will not load them.
    • Add to spec: description on how to do SetVariable() at runtime, RPMB, etc.
    • Supplicant in userspace. U-Boot, edk2 could have their supplicant, removing the need to standardize the format. Solves locking, too.
    • If device is fully in secure world, just implement SetVariable() at runtime.
    • Existing workaround solution using a csv, generated at runtime, read at next reboot and call SetVariable() at boot time accordingly. Need for standardizing? It seems no.
    • Could pstore help? Was part of solutions taxonomy presentation by Ilias a while ago.
    • Heinrich to send a draft proposal

Links

Add a custom footer
Add a custom sidebar
Clone this wiki locally