All,
We have our DT evo call today one hour earlier than normal.
2 PM UTC / 3PM UK / 10 AM US East (NY)
(in 48 min as I write this.)
Today we will talk about DTB life cycle in firmware at run time.
We might get an update from Simon of DTB signatures.
Thanks,
Bill
--
Bill Mills
Principal Technical Consultant, Linaro
+1-240-643-0836
TZ: US Eastern
Work Schedule: Tues/Wed/Thur
Yep I see your info. Thanks for the bug report :)
-- Bill
On 10/5/21 12:02 PM, Simon Glass wrote:
> OK that worked, I think.
>
> - Simon
>
> On Mon, 4 Oct 2021 at 19:19, Bill Mills <bill.mills(a)linaro.org> wrote:
>>
>> Sorry wrong link.
>> Please try this one:
>> https://doodle.com/meeting/participate/id/mepQEZNa
>>
>> On 10/4/21 6:19 PM, Bill Mills wrote:
>>> All,
>>>
>>> If you normally attend the Devicetree evolution call,
>>> Please fill out this poll:
>>> https://doodle.com/meeting/organize/id/mepQEZNa
>>>
>>> Thanks,
>>> Bill
>>>
>>> --
>>> Bill Mills
>>> Principal Technical Consultant, Linaro
>>> +1-240-643-0836
>>> TZ: US Eastern
>>> Work Schedule: Tues/Wed/Thur
>>
>> --
>> Bill Mills
>> Principal Technical Consultant, Linaro
>> +1-240-643-0836
>> TZ: US Eastern
>> Work Schedule: Tues/Wed/Thur
--
Bill Mills
Principal Technical Consultant, Linaro
+1-240-643-0836
TZ: US Eastern
Work Schedule: Tues/Wed/Thur
All,
If you normally attend the Devicetree evolution call,
Please fill out this poll:
https://doodle.com/meeting/organize/id/mepQEZNa
Thanks,
Bill
--
Bill Mills
Principal Technical Consultant, Linaro
+1-240-643-0836
TZ: US Eastern
Work Schedule: Tues/Wed/Thur
All,
I have recordings and automated transcripts of all the meetings in 2021.
So far I have not made these public.
*** Is there any objection to making them public? ***
I don't imagine many people will go back and look but it is sometimes
nice to know that you could.
Please let me know if you have any concern. I will take no action until
next week.
Thanks,
Bill
--
Bill Mills
Principal Technical Consultant, Linaro
+1-240-643-0836
TZ: US Eastern
Work Schedule: Tues/Wed/Thur
All,
Today we discussed Simon's slides [1] about DTB signatures.
Simmons points (as I understand them)
* U-boot has used signatures in FIT format for years
* The technique used for FIT is actually generic to any DTB
* Such a signed DTB could still be passed to kernel
* even an old one like 4.4
* Suggest we adopt this for signing individual DTBs
Discussion:
* General interest in idea, no strong objections
* multiple people want to see the worked example to know for sure
* Which nodes do we want to sign?
* Should we sign in a way that allows the kernel to recheck
the signature?
* would require we exclude from hashing anything that will get fixed
up by u-boot at run time, such as mac addrs and chosen
* If u-boot applies any non-trivial DTBO's, the kernel won't be able
to check the result, is it worth the effort for the simple case?
* If we really want the kernel to verify, we should pass on a set of
dtbs: a base and set of overlays, one overlay would be the fixup
data. kernel could check each dtb and then verify that fixup data
only touches the stuff that it should
* Joakim worked with a student to do things very similar to what Simon
is talking about. see [2]
Other comments:
* verifying 10 rsa signatures on 10 hashes is more expensive than
verifying 1 rsa signature of 10 strong hashes. (RSA signatures on the
actual data itself would be VERY expensive.)
* We should be careful about boot time in all these discussions.
* If all the DTB data is internal to u-boot, just use FIT and have
one signature for all the various hashes.
* Is it OK to use the "exploded" rsa public key data in all cases?
* Is the exploded for faster or just less code?
* Can we supply the plan/std pub key AND the exploded version?
* implementations that care about speed and code size can use the
exploded ver, while things that need to standard key structure
can use that. We would need a offline tool to verify both.
* UEFI secure boot will have public keys installed.
Can we explode the key on install for internal storage?
Actions:
* Simon to work up an example of signing just one dtb
We also introduced the topics of DT lifecycle at firmware level:
A) Source level lifecycle, keeping things in sync
A1) Golden source repo
A2: Golden source for platforms that opt-in
A3) auto checker but manual fixup
A4) remove DT from sub projects and rely on B2 model
Pretty sure this is a NOPE!
A5) do nothing and trust platforms maintainers to do the right
thing (despite evidence that many are not currently).
B) runtime life-cycle
B1) each component has its own DTB
B2) DTB is only present in "first" firmware and is
passed along from there
B3) mixture of B1 & B2 at different firmware stages
Actions:
* Bill to make slides so we can discuss properly on Oct 18.
[1]
https://drive.google.com/file/d/1PA5aQ2rISOrdNbqElfIWXaSrCG28Rqx4/view?usp=…
[2]
https://github.com/marianomarciello/Device_Tree_Verification/tree/e0b2fc989…
Thanks,
Bill
--
Bill Mills
Principal Technical Consultant, Linaro
+1-240-643-0836
TZ: US Eastern
Work Schedule: Tues/Wed/Thur
Hello,
We have our DT evo call in just a bit.
Today I would like to talk about DT lifecycle and flow "with in" firmware.
Up till this point we have focused on firmware to "OS layer" hand off.
That topic is not done but I think we need to start exploring the flow
within firmware as people seem to have very different views.
We need to figure out what models are valid (2 seems plenty) and how we
can talk about them.
I don't have slides today but we can start the discussion.
Thanks,
Bill
--
Bill Mills
Principal Technical Consultant, Linaro
+1-240-643-0836
TZ: US Eastern
Work Schedule: Tues/Wed/Thur
Hi,
Following the EFI capsule revert, here* is a contribution to
understand the context in which we designed the patch set. (everyone
is a commenter, please be mindful).
The presentation explores booting, with more details for the Arm
context, pre and post U-Boot. On Arm, pre-U-Boot is shaped after
Firmware Framework-A and other interfaces. There is a similar approach
in RISC-V with OpenSBI.
There is nothing to agree on: many elements of the presentation are
specifications for the Arm ecosystem. The purpose is to reach common
understanding of those for rest of the journey.
Careful reading is required because as we all know very well the
topic, we may skip over stuff and miss key elements that may have
changed since you last checked. So I'll attract your attention on:
Slide 9: there can be multiple device trees in a Trusted Firmware FIP
(nothing to agree on...)
Slide 11: roles and responsibilities of firmware go far beyond booting
and OTA. CoreBoot and SPL will have to take those into account in the
future.
Slide 17: there is a new boot flow based on "give-me-my-initrd" UEFI protocol
Slide 24: when the firmware is stored on Secure Storage which is a
common case for products, U-Boot/Linux have absolutely no means to
perform the update (see notes for details).
Slide 28: there are plenty of keys needed, the U-Boot and U-Boot
updater can be different; as well as all firmware components.
I acknowledge that the presentation is hard to read without enough
speaker notes or myself talking to it. Let's say that I prefer to keep
the ball rolling before we can actually program a call: could you send
me in private message your preferred day of the week and best time
(with TZ) for such a thing?
Cordially,
--
François-Frédéric Ozog
*) https://docs.google.com/presentation/d/1AHTf9xMNqPXbiDLkBpoKt45UTjV8s34Jdtm…
Hi Paul
Too posting because I think we also need to address this at a higher level.
i think we discussed this topic quite a while back. I may be wrong but it
may be Bill Mills who proposed to have an eeprom on the extensions that the
carrier board can use to detect and fetch proper overlay. Another way would
be that the contract between the extension board and the carrier board
includes an i2c accessible storage to fetch an overlay that would identify
the board and give all details. Bottom line, a software only solution seems
not entirely satisfying.
In that suboptimal case, U-Boot shall be able to assemble a DT for itself
and another for OS (may be same in some cases) through scripting. And in
this case, come your questions below
.
Le sam. 18 sept. 2021 à 01:21, Ying-Chun Liu (PaulLiu) <paulliu(a)debian.org>
a écrit :
> Hi all,
>
>
> I have some questions about how to implement extension board usage.
> My case is on imx8mm-cl-iot-gate. It can add three different types of
> extension boards.
> One of the extension boards is SPI extension which have 3 empty slots.
> And you can add
> some small boards onto it. One of them is a "TPM2" module.
>
>
> My first question is if I want to use tpm2 in U-boot for measured boot.
> How to implement this right? Currently I just modify the dts used by
> U-boot to let it drive
> the extension board. And let it drive the TPM. But it is not good for
> upstreaming because
> when other types of extension boards installed then it is not working.
> Where to implement this? What is the best practice of this?
> The second question is about extension manager.
> I have read the extension.rst. I think I'll implement this anyway
> because then
> I can have a command to query what type of extension boards I have.
> And if the extension board is the 3 slots one. I can then detect which
> slot is the TPM.
> I'll implement this anyway because the "extension" command is convenient
> for users.
> But it seems to me that it only solves the problem for Linux kernel.
> It can apply a DTB Overlay to Linux DTB to let Linux knows we have that
> extension board.
> But it is too late for U-boot itself, right?
>
>
> The third question is I'm also dong SystemReady IR certificate. That means
> the dtb for Linux is directly provided by U-boot. We use U-boot dtb
> directly to Linux
> kernel. In this case, how to modify that dts dynamically to feed to the
> Linux kernel by
> the extension manager?
> What is the best practice if I want to use U-boot dts for Linux in
> implementation?
>
>
> Thanks a lot.
>
>
> Yours,
> Paul
>
>
> --
François-Frédéric Ozog | *Director Business Development*
T: +33.67221.6485
francois.ozog(a)linaro.org | Skype: ffozog
All,
Today is the first day of the Linux Plumbers Conference.
I suspect we will not have quorum.
However since I did not cancel before now, I will be on the bridge.
Thanks,
Bill
--
Bill Mills
Principal Technical Consultant, Linaro
+1-240-643-0836
TZ: US Eastern
Work Schedule: Tues/Wed/Thur
Hi,
this mail just to inform you that there is a plan to support native
building of PE/COFF for aarch64 and in particular to support SBAT for
shim.efi.
It is seen possible to deliver this by the end of October (this is just an
early estimate).
Cordially
FF
--
François-Frédéric Ozog | *Director Business Development*
T: +33.67221.6485
francois.ozog(a)linaro.org | Skype: ffozog
