Nick Bofferding
Nick Bofferding
for P9, at minimum, even when you compile secure boot out, the build process is putting in mock headers equal to the normal secure header in every way -except- the...
P8 since it's not being heavily developed, is definitely way more varied in its behavior. There are no mock headers in non-secure compile for example.
It certainly isn't signed now and it's not code, so kinda a toss up. It doesn't hurt to sign it obviously. If you manipulated it in arbitrary fashion, would a...
Yeah we'd have to add it to the build PNOR script .. but there is the limitation in the sense that someone could replace it with some previously signed blob...
I would counter that with code in the op-build master today, setting the three policies above will actually keep the secureboot code compiled in and working with development keys. A...
Well, the BOOTKERNEL has to fit into 16 MB of space to be able to fit into a single LID, which has 16 MB as the architected upper limit for...
> So who has the ball here on shrinking BOOTKERNEL down (since it seems like this is a required update at some point)? @shenki Historically that has been up to...
I doubt this actually was a key transition driver; the procedure to make a key transition driver that installs development keys is: op-build BR2_OPENPOWER_SECUREBOOT_NO_KEY_TRANSITION=n BR2_OPENPOWER_SECUREBOOT_KEY_TRANSITION_TO_PROD=n BR2_OPENPOWER_SECUREBOOT_KEY_TRANSITION_TO_DEV=y openpower-pnor-rebuild (assuming you have...
For what it's worth, the machine is claiming to be in secure mode.
Agree, so something weird is going on. We have had some less than ideal behavior in this istep even as soon as today, but the known fixes are in master...