ebbr icon indicating copy to clipboard operation
ebbr copied to clipboard

Published 20 hours ago verified publisher icon ARM-software

Require authenticated capsules

Open vstehle opened this issue 11 months ago • 1 comments

Require to accept only authenticated in-band firmware updates and mention the corresponding attribute for FMP.

This is supported in U-Boot since a while now. Also, we require it in SystemReady IR since v2.0.

vstehle avatar Feb 29 '24 15:02 vstehle

Moving to draft after call of 11 Mar.

vstehle avatar Mar 12 '24 13:03 vstehle

Adapt a bit to stay compatible with dependable boot:

  • Require authenticated fmp firmware updates
  • Explicitly allow non-firmware updates in any format

vstehle avatar Jun 14 '24 09:06 vstehle

Thanks @xypron for your review. As discussed during the call of Jul 1, I have removed the change to .typos.txt from this pull request. With that, merging as approved.

vstehle avatar Jul 01 '24 14:07 vstehle