108 lines
3.5 KiB
ReStructuredText
108 lines
3.5 KiB
ReStructuredText
************************
|
|
Using U-Boot as Firmware
|
|
************************
|
|
|
|
U-boot can be configured to support the EBBR specification. This can be
|
|
enabled by enabling both `CONFIG_EFI_LOADER` and
|
|
`CONFIG_EFI_EBBR_2_0_CONFORMANCE`.
|
|
|
|
As UEFI Secure Boot is optional in EBBR, that has to be activated seperatly with
|
|
`CONFIG_EFI_SECURE_BOOT`
|
|
|
|
.. graphviz:: bootflow-uboot.dot
|
|
|
|
UEFI Secure Boot
|
|
================
|
|
|
|
CoreOS build system bundle all the needed public key for secure boot inside the
|
|
u-boot binary at buildtime. UEFI variables needed by secure boot are not allowed
|
|
to be changed at runtime.
|
|
|
|
Device tree handling
|
|
====================
|
|
|
|
As per the EBBR specification, the firmware is responsible to provide the
|
|
device tree to the kernel.
|
|
|
|
This means that loading the main device tree and all the device tree overlay are
|
|
is the responsibility of the firmware.
|
|
|
|
.. graphviz:: uboot-dts-handling.dot
|
|
|
|
Features to implement per machine
|
|
=================================
|
|
|
|
The u-boot provided by CoreOS should implement the following features for each
|
|
supported machine:
|
|
|
|
board_fit_config_name_match
|
|
----------------------------
|
|
|
|
This allows u-boot to select the device tree to use dynamically using board
|
|
detection. See `README.multi-dtb-fit`
|
|
|
|
|
|
extension_board_scan
|
|
--------------------
|
|
|
|
The extension_board_scan function has to be implemented. This function should
|
|
return the list of add-ons board detected, with the filename of the
|
|
correspondig device-tree overlay.
|
|
|
|
DT Fixup
|
|
--------
|
|
|
|
U-Boot can create, modify and remove node from the device tree dynamically
|
|
before starting the kernel. This can be used to pass dynamic information stored
|
|
inside a "board descriptor" eeprom or CPLD to the Kernel.
|
|
|
|
Custom Features that are generic
|
|
================================
|
|
|
|
The u-boot provided by CoreOS should implement the following custom features:
|
|
|
|
File authentication
|
|
-------------------
|
|
|
|
In order to be able to authenticate device tree, device-tree overlay file or
|
|
other file needed by the firmware, we need a command to authenticate a file that
|
|
was previously loaded is the `load` command.
|
|
|
|
.. note::
|
|
|
|
My proposal is to use the UEFI Capsule format, to reuse theses function from
|
|
u-boot:
|
|
|
|
- **efi_capsule_authenticate**: Authenticate the UEFI capsule using a x509
|
|
certificate built into u-boot
|
|
- **efi_remove_auth_hdr**: Can be used to point a pointer to the start of the
|
|
content of an authenticated capsule.
|
|
|
|
An UEFI Capsule is a generic container that can be signed using a x.509
|
|
private key. The public key is stored inside u-boot (it's not the same as
|
|
the keys used for UEFI secure-boot). See
|
|
https://u-boot.readthedocs.io/en/v2022.10/develop/uefi/uefi.html?highlight=capsule#enabling-capsule-authentication
|
|
|
|
|
|
extension_overlay_cmd
|
|
---------------------
|
|
|
|
A custom command should be made for `extension_overlay_cmd`. The extension
|
|
subsystem use the command defined as extension_overlay_cmd to load
|
|
the overlay `${extension_overlay_name}` into `extension_overlay_addr`
|
|
|
|
This should reuse the file authentication mechanismus.
|
|
|
|
.. note::
|
|
|
|
A concept on where and how to securly store device tree and overlay needed
|
|
by the kernel has to be written.
|
|
|
|
My proposal is to use the UEFI Capsule format, to reuse theses function from
|
|
u-boot:
|
|
|
|
- **efi_capsule_authenticate**: Authenticate the UEFI capsule using a x509
|
|
certificate built into u-boot
|
|
- **efi_remove_auth_hdr**: Can be used to point a pointer to the start of the
|
|
content of an authenticated capsule.
|