The RISC-V platform specification requires UEFI. Secure boot is defined in the UEFI specification.
With U-Boot, Shim, GRUB, and a signed kernel I am able demonstrate secure boot on RISC-V. I am upstreaming the necessary patches. Roots of trust for RISC-V are in active development but not yet available on commercial boards: Cf. https://riscv.org/wp-content/uploads/2019/03/15.05-RISC-V-Security-Multizone-v-TrustZone-3-12-19.pdf Canonical has started discussing with SiFive how a root of trust can be supplied. A boot ROM checking the first bootstage (U-Boot SPL) using a certificate from the OTP memory would be a good start. This only requires a software change on the vendor side. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941950 Title: linux-riscv: missing kernel signature To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-riscv/+bug/1941950/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
