A discussion on proposed adoption of UEFI secure boot and capsule update mechanisms in conjunction with u-boot FIT and ATF root-of trust on a high security Linux system.
- What benefits does adding UEFI secure boot to the mix bring ?
- What benefits does adding UEFI capsule update bring ?
- EFI stub booting ?
- Is grub required ?
- Does the UEFI secure boot method bring additional security over straight u-boot FIT image signing
- Does capsule update provide the right path to isolate user-space Linux from low-level device specific update logic ?
Software engineer (Linaro)
Embedded developer, Linux, u-boot, zephyr, ATF, OP-TEE.