Require authenticated FMP firmware updates

ARM-software / ebbr

Embedded Base Boot Requirements Specification

Creative Commons Attribution Share Alike 4.0 International

112 stars 36 forks source link

Require authenticated FMP firmware updates #119

Closed vstehle closed 2 months ago

vstehle commented 6 months ago

Require to accept only authenticated in-band firmware updates and mention the corresponding attribute for FMP.

This is supported in U-Boot since a while now. Also, we require it in SystemReady IR since v2.0.

vstehle commented 6 months ago

Moving to draft after call of 11 Mar.

vstehle commented 3 months ago

Adapt a bit to stay compatible with dependable boot:

Require authenticated fmp firmware updates
Explicitly allow non-firmware updates in any format

vstehle commented 2 months ago

Thanks @xypron for your review. As discussed during the call of Jul 1, I have removed the change to .typos.txt from this pull request. With that, merging as approved.