Explore UEFI Secure Boot implementation in U-Boot during this 38-minute conference talk by Grant Likely from Arm. Gain insights into the convergence of PC and embedded systems firmware design, focusing on the adoption of UEFI standards in U-Boot. Learn about the challenges of standardizing U-Boot interfaces and the benefits of implementing UEFI for ABI and boot behavior. Discover the current state of UEFI and Secure Boot in U-Boot, including usage guidelines and future development plans. Delve into topics such as UEFI standards for firmware, simplification of embedded Linux system development, pre-boot application APIs, runtime services, and the extension of UEFI Secure Boot for code verification. Understand the concept of secure variables, implementation challenges in U-Boot, and the proposed Archó secure variable architecture using Trusted Firmware and OP-TEE.
Overview
Syllabus
Intro
UEFI is a set of standards for firmware
UEFI simplifies development and deployment of embedded Linux systems
UEFI defines an executable format and API for pre-boot applications
UEFI also defines an API for runtime services
U-Boot UEFI is in active development and maturing fast
UEFI Secure Boot is an extension that verifies application code is signed before execution
UEFI Secure Boot adds concept of secure variables
UEFI Variable semantics don't match U-Boot's
Vast majority of Secure Boat can be implemented in U-Boot proper
Unless you care about rollback protection
Proposed A Archó secure variable architecture using Trusted Firmware and OP-TEE
Questions?
Taught by
Linux Foundation
