On Tue, 1 Mar 2022, at 08:42, Alex G. wrote:
> On 2/27/22 19:29, Andrew Jeffery wrote:
>>
>>
>> On Tue, 15 Feb 2022, at 13:55, Andrew Jeffery wrote:
>>> On Tue, 15 Feb 2022, at 13:42, Dhananjay Phadke wrote:
On 2/14/2022 3:13 PM, Patrick Williams wrote:
> On Mon, Feb 14, 2022 at 11:14
On 2/27/22 19:29, Andrew Jeffery wrote:
On Tue, 15 Feb 2022, at 13:55, Andrew Jeffery wrote:
On Tue, 15 Feb 2022, at 13:42, Dhananjay Phadke wrote:
On 2/14/2022 3:13 PM, Patrick Williams wrote:
On Mon, Feb 14, 2022 at 11:14:53AM -0800, Dhananjay Phadke wrote:
There's a key-requirement polic
On Tue, 15 Feb 2022, at 13:55, Andrew Jeffery wrote:
> On Tue, 15 Feb 2022, at 13:42, Dhananjay Phadke wrote:
>> On 2/14/2022 3:13 PM, Patrick Williams wrote:
>>> On Mon, Feb 14, 2022 at 11:14:53AM -0800, Dhananjay Phadke wrote:
There's a key-requirement policy already implemented [1].
On Mon, Feb 14, 2022 at 11:14:53AM -0800, Dhananjay Phadke wrote:
> On 2/13/2022 5:13 PM, Andrew Jeffery wrote:
>
> We can decouple HW RoT and runtime control on enforcing secure boot
> (requiring one or keys) on FIT image. Conflating two raises lot of
> questions.
I won't claim to be a security
On Tue, 15 Feb 2022, at 13:42, Dhananjay Phadke wrote:
> On 2/14/2022 3:13 PM, Patrick Williams wrote:
>> On Mon, Feb 14, 2022 at 11:14:53AM -0800, Dhananjay Phadke wrote:
>>> There's a key-requirement policy already implemented [1].
>>>
>>> [1]
>>> https://lore.kernel.org/u-boot/cover.159764301
On 2/14/2022 3:13 PM, Patrick Williams wrote:
On Mon, Feb 14, 2022 at 11:14:53AM -0800, Dhananjay Phadke wrote:
On 2/13/2022 5:13 PM, Andrew Jeffery wrote:
We can decouple HW RoT and runtime control on enforcing secure boot
(requiring one or keys) on FIT image. Conflating two raises lot of
ques
On Tue, 15 Feb 2022, at 09:43, Patrick Williams wrote:
> On Mon, Feb 14, 2022 at 11:14:53AM -0800, Dhananjay Phadke wrote:
>> On 2/13/2022 5:13 PM, Andrew Jeffery wrote:
>>
>> We can decouple HW RoT and runtime control on enforcing secure boot
>> (requiring one or keys) on FIT image. Conflating
On Tue, 15 Feb 2022, at 05:44, Dhananjay Phadke wrote:
> On 2/13/2022 5:13 PM, Andrew Jeffery wrote:
>> Right, I think this question is an indication that I could write a more
>> informative commit message, so if we converge on something acceptable
>> I'll update it. Let me provide some more con
On 2/13/2022 5:13 PM, Andrew Jeffery wrote:
Right, I think this question is an indication that I could write a more
informative commit message, so if we converge on something acceptable
I'll update it. Let me provide some more context:
As mentioned above this is motivated by use with BMCs, speci
Hi Alex, thanks for taking a look at the patch.
On Sun, 13 Feb 2022, at 05:25, Alex G. wrote:
> On 1/30/22 21:41, Andrew Jeffery wrote:
>> Some platform designs include support for disabling secure-boot via a
>> jumper on the board. Sometimes this control can be separate from the
>> mechanism enab
On 1/30/22 21:41, Andrew Jeffery wrote:
Some platform designs include support for disabling secure-boot via a
jumper on the board. Sometimes this control can be separate from the
mechanism enabling the root-of-trust for the platform. Add support for
this latter scenario by allowing boards to impl
On Mon, 7 Feb 2022, at 11:37, ChiaWei Wang wrote:
> Hi Andrew,
>
> I am curious about the usage scenario.
> Is the runtime control required for production release?
Yes.
> As this control acts like a backdoor to bypass the chain-of-trust.
Right, just as strap pin controlling the SB ROM in the
Hi Andrew,
I am curious about the usage scenario.
Is the runtime control required for production release?
As this control acts like a backdoor to bypass the chain-of-trust.
If it is for debugging/development purposes, should we encourage the use of
unsigned images under RD environments?
Beyond th
Some platform designs include support for disabling secure-boot via a
jumper on the board. Sometimes this control can be separate from the
mechanism enabling the root-of-trust for the platform. Add support for
this latter scenario by allowing boards to implement
board_fit_image_require_verfied(), w
14 matches
Mail list logo
