From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: u-boot@lists.denx.de
Subject: [PATCH v4 00/16] efi_loader: add secure boot support
Date: Thu, 9 Jan 2020 01:08:35 +0100 [thread overview]
Message-ID: <a66bc8f2-9f1e-b62d-14dd-f34c8f2a7e2b@gmx.de> (raw)
In-Reply-To: <20191218004512.24939-1-takahiro.akashi@linaro.org>
On 12/18/19 1:44 AM, AKASHI Takahiro wrote:
> One of major missing features in current UEFI implementation is "secure boot."
> The ultimate goal of my attempt is to implement image authentication based
> on signature and provide UEFI secure boot support which would be fully
> compliant with UEFI specification, section 32[1].
> (The code was originally developed by Patrick Wildt.)
>
> Please note, however, this patch doesn't work on its own; there are
> a couple of functional dependencies[2] and [3], that I have submitted
> before. For complete workable patch set, see my repository[4],
> which also contains experimental timestamp-based revocation suuport.
>
> My "non-volatile" support[5], which is under discussion, is not mandatory
> and so not included here, but this inevitably implies that, for example,
> signature database variables, like db and dbx, won't be persistent unless you
> explicitly run "env save" command and that UEFI variables are not separated
> from U-Boot environment. Anyhow, Linaro is also working on implementing
> real "secure storage" solution based on TF-A and OP-TEE.
>
Device trees can be used for denial of service or to destroy hardware.
How will you address the validation of device trees?
Best regards
Heinrich
next prev parent reply other threads:[~2020-01-09 0:08 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-18 0:44 [PATCH v4 00/16] efi_loader: add secure boot support AKASHI Takahiro
2019-12-18 0:44 ` [PATCH v4 01/16] include: pe.h: add signature-related definitions AKASHI Takahiro
2019-12-18 0:44 ` [PATCH v4 02/16] efi_loader: add CONFIG_EFI_SECURE_BOOT config option AKASHI Takahiro
2019-12-18 0:44 ` [PATCH v4 03/16] efi_loader: add signature verification functions AKASHI Takahiro
2020-01-14 23:43 ` Heinrich Schuchardt
2020-01-15 0:13 ` Heinrich Schuchardt
2020-01-17 2:20 ` AKASHI Takahiro
2020-01-17 5:37 ` Heinrich Schuchardt
2020-01-21 6:00 ` AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 04/16] efi_loader: add signature database parser AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 05/16] efi_loader: variable: support variable authentication AKASHI Takahiro
2020-01-08 22:54 ` Heinrich Schuchardt
2020-01-17 5:35 ` AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 06/16] efi_loader: variable: add secure boot state transition AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 07/16] efi_loader: variable: add VendorKeys variable AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 08/16] efi_loader: image_loader: support image authentication AKASHI Takahiro
2020-01-08 23:55 ` Heinrich Schuchardt
2020-01-17 5:11 ` AKASHI Takahiro
2020-01-17 5:51 ` Heinrich Schuchardt
2020-01-21 6:12 ` AKASHI Takahiro
2020-01-21 7:15 ` Heinrich Schuchardt
2020-01-22 1:13 ` AKASHI Takahiro
2020-01-22 7:42 ` AKASHI Takahiro
2020-01-23 17:41 ` Heinrich Schuchardt
2020-01-27 6:52 ` AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 09/16] efi_loader: set up secure boot AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 10/16] cmd: env: use appropriate guid for authenticated UEFI variable AKASHI Takahiro
2020-01-21 7:13 ` Heinrich Schuchardt
2020-01-22 1:01 ` AKASHI Takahiro
2020-01-22 6:38 ` Heinrich Schuchardt
2020-01-22 7:15 ` AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 11/16] cmd: env: add "-at" option to "env set -e" command AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 12/16] efi_loader, pytest: set up secure boot environment AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 13/16] efi_loader, pytest: add UEFI secure boot tests (authenticated variables) AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 14/16] efi_loader, pytest: add UEFI secure boot tests (image) AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 15/16] sandbox: add extra configurations for UEFI and related tests AKASHI Takahiro
2019-12-28 2:26 ` Simon Glass
2019-12-18 0:45 ` [PATCH v4 16/16] travis: add packages for UEFI secure boot test AKASHI Takahiro
2020-01-08 23:11 ` [PATCH v4 00/16] efi_loader: add secure boot support Heinrich Schuchardt
2020-01-09 0:08 ` Heinrich Schuchardt [this message]
2020-01-09 8:02 ` Ilias Apalodimas
2020-01-09 19:09 ` Heinrich Schuchardt
2020-01-09 20:03 ` Ilias Apalodimas
2020-01-17 5:59 ` AKASHI Takahiro
2020-01-17 6:39 ` Ilias Apalodimas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a66bc8f2-9f1e-b62d-14dd-f34c8f2a7e2b@gmx.de \
--to=xypron.glpk@gmx.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.