YVR18-421: Enabling a secure data center with Arm64 architecture

Secure boot helps to plug security vulnerabilities for servers in the data center. The primary requirement to implement secure boot using UEFI is the support for secure storage on the server platform. Existing support for secure storage in implementations of UEFI such as EDK2 are x86 specific relying on the x86 SMM operating mode to provide a hardware enforced sandbox execution environment. AArch64 based platforms rely on S-EL0/1 to provide such a sandbox execution environment to implement secure storage but the upstream EDK2 support for secure storage requires design changes to extend it for AArch64 platforms. This proposal presents those design changes with detailed information of the proposed changes.

comments powered by Disqus

Other Posts

Sign up. Receive Updates. Stay informed.

Sign up to our mailing list to receive updates on the latest Linaro Connect news!