On 03/02/2021 15:17, Ilias Apalodimas wrote:
On Wed, Feb 03, 2021 at 03:53:09PM +0100, Fran�ois Ozog wrote:

Sure, but we're not talking about U-Boot, we're talking about EBBR the
standard and U-Boot has a number of means of implementing HTTPS Boot,
but by hobbling the standard with deployment technologies of the last
century I think is a mistake.

I have my opinions on whether implementing HTTP boot in U-Boot
directly or leaning on iPXE as the implementation but that is
irrelevant to what I think is right for EBBR as the standard. I think
we should be specifying HTTPS boot as a part of the spec, and having a
separate discussion of how that is supported in U-Boot.

I agree here. EBBR should specify interfaces/specs without requiring
iPXE, or any specific standard. HTTPS boot is clearly the right
direction, but I'm wrestling with when/how it should be added.

After our chat today, I'll propose that HTTPS boot be required by EBBR
if network boot is supported. U-Boot on it's own won't meet that
requirement, so for the time being U-Boot platforms won't be able to
claim EBBR compliant network boot.

Ilias and I discussed an approach where the HTTPs stack is in an EFI app
such as a standalone one or systemd-boot (this is a candidate because it
already has nice boot blessing capabilities that work in conjunction with
Linux systemd). iPXE has an implementation of the stack based on EFI
network protocol (raw packets), so the work shouldn't be that big.


I think what Grant proposes still stands (and for the record I agree with
Peter).

Having iPXE (while veryfying it before launching) is an alternative we can
implement relatively fast.
This raises a question here though. U-Boot won't be EBBR compliant, since it
would need an external application for the HTTP boot.  What about boards that
offer the firmware as a 'bundle' though? If they got a firmware + EFI app that
will be able to do HTTP boot they would be able to get a SystemReady-IR
certification?

Shouldn't be a problem. The platform is still EBBR compliant as long as it doesn't claim to support network boot because network booting is optional.

Also, if HTTPS boot is implemented using an external EFI binary that is packaged with U-Boot, then it still meets the network boot requirement. EBBR doesn't care how the feature is implemented.

g.


Thanks
/Ilias
g.
_______________________________________________
boot-architecture mailing list
[email protected]
https://lists.linaro.org/mailman/listinfo/boot-architecture



--
Fran�ois-Fr�d�ric Ozog | *Director Linaro Edge & Fog Computing Group*
T: +33.67221.6485
[email protected] | Skype: ffozog
_______________________________________________
boot-architecture mailing list
[email protected]
https://lists.linaro.org/mailman/listinfo/boot-architecture
_______________________________________________
boot-architecture mailing list
[email protected]
https://lists.linaro.org/mailman/listinfo/boot-architecture

Reply via email to