Open r-vdp opened 1 year ago
Sean-StarLabs
commented
1 year ago You will find little on coreboot + Secure Boot; it's edk2 that needs to provide that. Right now, it can't do it. There are patches around to add it, but how they do it basically makes it pointless.
We've been working on using a different type of edk2 for a while, and once that's done, it'll offer Secure Boot, TPM control, variable store and a tonne of other things.
r-vdp
commented
1 year ago Ok, glad to know that this is in the works! Do you have any idea whether we can expect this anytime soon, or will it be a while still? Not to put pressure, but just to know the state of affairs.
Can we follow the progress on this somewhere?
Sean-StarLabs
commented
1 year ago It should be possible to put a beta version out early next month. The way it's being done, no real way to track progress but I'll update here.
r-vdp
commented
1 year ago Just checking if there are any updates on the progress on this? Thanks!
Sean-StarLabs
commented
1 year ago Yes, almost all of it is done - CFR builds are in testing. The last component is just having a way to make the variables only accessible from edk2, and that'll give us "Secure" Secure Boot and BIOS Lock. Hard to say timings, as it is resisting :)
r-vdp
commented
7 months ago @Sean-StarLabs any updates on this?
Sean-StarLabs
commented
7 months ago UPL - no, moving SMM which in turns gives us secureboot will happen first. No ETA, but things are moving
Is there a way to do secure boot with coreboot on the starbook mk VI? I searched a bit online, but the documentation on the topic seems to be quite sparse.
bootctlcurrently indicates that secure boot is unsupported. Is that because it's fundamentally unsupported by coreboot, or because it's not included in the current coreboot build/config?I would basically like to:
Thanks!