Hi, I'm considering using EFI boot in some upcoming ARM based embedded system deployment. As it seems it's the future on ARM now. What I miss a bit is to get the whole update mechanism picture, as EFI Boot Guard is only one piece in the chain. So I would appreciate to hear some real world experiences.
What we usually did in the past was the usual full A/B scheme, starting from the BL2/SPL. So two hardware boot partitions (eMMC) for firmware, two user boot partitions with FIT images and two root filesystems. Nice property of this is, there is only one place which says what slot you boot from. And that's the EXT_CSD register in eMMC which tells the ROM code which slot we are booting to. So after the update we simply flip this bit and everything gets loaded from the other slots. In EFI world I would probably used capsule update for firmware, which can be still backed-up by hardware partitions in eMMC for redundancy. But how to update the bootloader (EFI Boot Guard). Just by copying the binary to ESP and calling rename()? Or rely on some EFI variables and firmware to load the correct bootloader? That would mean we have active boot slot information stored at three places. MMC register for firmware, EFI variable for bootloader slot and bootloader configuration files for UKI. This would not be a real issue if boot protocol between all these stages would be stable for whole product life-cycle. But in case there will be some changes needed, we can get in trouble if system crashes during update. We could potentially get some "slot mixing" next boot as we are not able to update all active slots atomically. Don't get me wrong. I fully understand standardization of boot protocol is a good thing. It just brings some challenges. So any experiences how to handle this, mainly how to update the bootloader would be welcome. Pavel -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/37cf2ab4-86b0-42ea-a93a-5bb7d3d72dcan%40googlegroups.com.
