55 lines
1.7 KiB
ReStructuredText
55 lines
1.7 KiB
ReStructuredText
****************
|
|
Firmware: U-Boot
|
|
****************
|
|
|
|
U-boot can be configured to support the EBBR specification. This can be
|
|
enabled by enabling both `CONFIG_EFI_LOADER` and
|
|
`CONFIG_EFI_EBBR_2_0_CONFORMANCE`.
|
|
|
|
As UEFI Secure Boot is optional in EBBR, that has to be activated seperatly with
|
|
`CONFIG_EFI_SECURE_BOOT`
|
|
|
|
.. graphviz:: bootflow-uboot.dot
|
|
|
|
UEFI Secure Boot
|
|
================
|
|
|
|
CoreOS build system bundle all the needed public key for secure boot inside the
|
|
u-boot binary at buildtime. UEFI variables needed by secure boot are not allowed
|
|
to be changed at runtime.
|
|
|
|
Device tree handling
|
|
====================
|
|
|
|
As per the EBBR specification, the firmware is responsible to provide a basic
|
|
device tree to the kernel.
|
|
|
|
This means that we have to build u-boot with an embedded device tree. On a
|
|
machine configuration, this mean settings the `UBOOT_BUILDENV_DEVICE_TREE`
|
|
variables.
|
|
|
|
The kernel can then override the built-in device-tree to use another.
|
|
|
|
.. important::
|
|
|
|
The `compatible` field of the device-tree embedded inside `u-boot` has to
|
|
match with the one used inside the kernel. This allow us to automatically
|
|
load the right `device-tree` inside the unified kernel image (UKI).
|
|
|
|
|
|
Features to implement per machine
|
|
=================================
|
|
|
|
The u-boot provided by CoreOS should implement the following features for each
|
|
supported machine:
|
|
|
|
DT Fixup
|
|
--------
|
|
|
|
An EFI application like a UKI can overwrite the built-in device tree with a
|
|
custom one. The DT Fixup Protocol allow an application to ask the firmware to
|
|
some runtime fix to the new device tree, like enabling or removing node.
|
|
|
|
This can be used to pass dynamic information stored inside a "board descriptor"
|
|
eeprom or CPLD to the Kernel.
|