47 lines
1.1 KiB
ReStructuredText
47 lines
1.1 KiB
ReStructuredText
.. index:: UBOOT
|
|
|
|
Firmware: U-Boot
|
|
****************
|
|
|
|
.. hint::
|
|
CoreOS should work with any UEFI compliant firmware. Using U-Boot is not
|
|
mandatory.
|
|
|
|
`U-Boot <https://u-boot.readthedocs.io/en/latest/>`_ is built by default with
|
|
UEFI enabled and secure boot enabled. UEFI secure boot related keys are
|
|
installed at build time and can't be changed from the U-Boot command line.
|
|
|
|
Workflow
|
|
--------
|
|
|
|
U-Boot will boot the default UEFI application from the EFI System Partition.
|
|
|
|
The path to the default UEFI application is architecture dependent:
|
|
|
|
.. list-table::
|
|
:widths: 25 25
|
|
:header-rows: 1
|
|
|
|
* - Platform Architecture
|
|
- Path
|
|
* - ARM32
|
|
- /EFI/BOOT/bootarm.efi
|
|
* - ARM64
|
|
- /EFI/BOOT/bootaa64.efi
|
|
* - x86_64
|
|
- /EFI/BOOT/bootax64.efi
|
|
|
|
Known Issues
|
|
------------
|
|
|
|
.. danger::
|
|
|
|
The U-Boot configuration used by CoreOS currently was not reviewed for
|
|
security issue and is not safe (access to u-boot command line is allowed).
|
|
|
|
.. danger::
|
|
|
|
CoreOS U-Boot configuration enable UEFI Secure Boot but the U-Boot binary
|
|
itself is not validated. Thus we don't provide a full end-to-end secure boot
|
|
solution yet.
|