Dasharo / dasharo-issues

The Dasharo issue tracker
https://dasharo.com/
25 stars 0 forks source link

How custom logo would be supported in light of Dasharo Enterprise IBG? #650

Open pietrushnic opened 10 months ago

pietrushnic commented 10 months ago

How could one use a custom logo feature in the presence of Intel Boot Guard? We should consider two scenarios: Dasharo Keys and Customer Keys.

@rafkoch This is just a piece of the upcoming roadmap. I am adding you to coordinate this item further since it would be important for customers.

mkopec commented 10 months ago

The logo is currently placed in an unverified CBFS region, so applying Boot Guard on its own will not change anything for replacing bootlogos

Firminator commented 9 months ago

Thanks for adding custom boot logos using DCU (Dasharo Configuration Utility). This was a feature I requested in the early Dasharo Pub meetings last year where you guys asked for suggestions what we want to see in Dasharo if there were a paid version to support sustainablity of the project.

Regarding DCU... could you add some technical info what the converter is supporting. I'm looking at the source code @ https://github.com/Dasharo/dcu/blob/main/src/logo_command.sh and see a bunch of error messages already included which makes me wonder how I can minimize the chance of the image conversion failing or in other words how I can increase the chance that the source image I will provide will be succeessfully converted and included into the coreboot image.

For example the file size both of the original and converted image seem to be a limiting factor. Also the accepted source image file format seems to be PNG, JPEG, SVG or PC bitmap which is awesome but unknown to the user unless we can read about it somewhere.

pietrushnic commented 9 months ago

@Firminator, thanks for the feedback. This issue is a bit off-topic, so I created another dedicated to what you describe.

Based on @mkopec's answer, I consider this a non-issue since the logo is out of IBG coverage. Although one would think that this could pose some potential threat like LogoFAIL, which was possible because one can place arbitrary logo files, I'm leaving it to @macpijan decision.