search

Nitrokey / heads

A minimal Linux that runs as a coreboot or LinuxBoot ROM payload to provide a secure, flexible boot environment for laptops and servers.
http://osresearch.net/
GNU General Public License v2.0
15 stars 1 forks source link

Distribute heads updates via https://fwupd.org/ #26

Closed jakobjakobson13 closed 11 months ago

jakobjakobson13 commented 11 months ago

Dear developers,

if it's technically possible, could you please distribute heads updates via https://fwupd.org ?

Thanks and bye Jakob

daringer commented 11 months ago

On a first glance I believe this is not possible - more or less by design. Measured boot is "measuring" the firmware (HEADS) image and verifies this very firmware image during each boot process. If some outside entity (i.e., the OS via fwup) would update the firmware image, then for HEADS during the next boot it would look like the firmware has changed. Although in theory it might be possible to update the needed information from within the OS, too. I am not aware of any tooling which does so...

So under the line: sorry, this won't work.

tlaurion commented 11 months ago

The idea behind fwup and coreboot in case of heads is to drop firmware payload under /boot and have Heads pickup and verify firmware before proposing to flash an upgrade through inner flashrom

https://github.com/osresearch/heads/pull/834