Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1064059: U-Boot: secure boot support
1 view
Skip to first unread message
Heinrich Schuchardt
Feb 16, 2024, 10:10:06 AM2/16/24
to
Package: u-boot-qemu
Version: 2024.01+dfsg-1
Severity: normal
debian/patches/qemu/efi-secure-boot.patch is not a good approach to
enabling secure boot with U-Boot. Variables entered via the command line
containing the security database will be stored on file but will not be
loaded into U-Boot on the next boot.
If you want a version of U-Boot that supports secure boot properly, use
CONFIG_EFI_VARIABLES_PRESEED=y and provide a file with the security
database which will be built into U-Boot. tools/efivar.py can be used to
build that file.
Separate U-Boot binaries for secure and non-secure would have to be
provided.
Existing EDK II packages provide secure boot. Hence I suggest to simply
drop patch debian/patches/qemu/efi-secure-boot.patch.
Best regards
Heinrich
Version: 2024.01+dfsg-1
Severity: normal
debian/patches/qemu/efi-secure-boot.patch is not a good approach to
enabling secure boot with U-Boot. Variables entered via the command line
containing the security database will be stored on file but will not be
loaded into U-Boot on the next boot.
If you want a version of U-Boot that supports secure boot properly, use
CONFIG_EFI_VARIABLES_PRESEED=y and provide a file with the security
database which will be built into U-Boot. tools/efivar.py can be used to
build that file.
Separate U-Boot binaries for secure and non-secure would have to be
provided.
Existing EDK II packages provide secure boot. Hence I suggest to simply
drop patch debian/patches/qemu/efi-secure-boot.patch.
Best regards
Heinrich
0 new messages