All,
I saw the meeting notes on the wiki:
> Ilias: PKCS7, ACS, authenticated UEFI variables. U-Boot will not
> support all types of certificate, probably will break SIE ACS.
> Need a test using an unsupported certificate in dbx, try to boot,
> should be rejected by bootloader
>
> Heinrich: edk2 will support all types. At least make sure we support
> the secure certificate types (e.g. not sha1)
> Action: Ilias to run SIE ACS on Synquacer, Vincent to follow up with
> Stuart
Currently the certificates used in the SIE ACS are all X.509, RSA2048,
SHA256.
That is also what is reflected in the SCT public spec for the new
secure boot tests:
https://github.com/stuyod01/edk2-test/blob/secure-boot/uefi-sct/Doc/UEFI-SCT-Case-Spec/SCT_Secure_Boot.md
What certificate types will u-boot not support?
Thanks,
Stuart
On 12/6/22 7:07 AM, Vincent Stehlé wrote:
Thank you for attending the call yesterday,
The notes are now on the wiki[1] (feel free to amend if you find any mistake or
if anything is missing).
Best regards,
Vincent Stehlé
System Architect - Arm
[1]: https://github.com/ARM-software/ebbr/wiki/EBBR-Notes-2022.12.05
_______________________________________________
boot-architecture mailing list -- boot-architecture@lists.linaro.org
To unsubscribe send an email to boot-architecture-le...@lists.linaro.org
_______________________________________________
boot-architecture mailing list -- boot-architecture@lists.linaro.org
To unsubscribe send an email to boot-architecture-le...@lists.linaro.org
