On 27 August 2014 17:58, Ard Biesheuvel <[email protected]> wrote: > On 27 August 2014 18:03, Laszlo Ersek <[email protected]> wrote: >> I'll mention in passing that >> "MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf" is >> good for a non-authenticated variable store only, ie. no secure boot >> support. For secure boot support, CryptoPkg / OpensslLib would be >> necessary too, and another variable driver from under SecurityPkg, etc >> etc etc, but for this series, the patch definitely suffices. >> > > Yes, I am aware of that. I implemented Secure Boot for the Foundation > model and VExpress-A15 here: > https://git.linaro.org/people/ard.biesheuvel/uefi-next.git/shortlog/refs/heads/linaro-topic-authenticated-boot > > I intend to port those changes onto this platform, which will make my > remaining work regarding secure boot a lot easier.
That reminds me, what are our plans for potentially supporting EL2 and/or EL3 booting once QEMU eventually supports them in TCG emulation? Would we have one UEFI image that can cope with being started in any of EL1/2/3, or would we need separate images? (EL2/EL3 support is still a little way off, and in any case KVM will always be EL1 only, so the EL1 config is the most important.) > (The ARM semihosting interface does not support listing directories > only opening files directly, which doesn't work with mokmanager/shim) You probably know this already, but note that enabling semihosting lets the guest do a pile of exciting things to the host so it's not really suitable for production configs anyway... thanks -- PMM ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ edk2-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/edk2-devel
