Open r-vdp opened 1 year ago
You will find little on coreboot + Secure Boot; it's edk2 that needs to provide that. Right now, it can't do it. There are patches around to add it, but how they do it basically makes it pointless.
We've been working on using a different type of edk2 for a while, and once that's done, it'll offer Secure Boot, TPM control, variable store and a tonne of other things.
Ok, glad to know that this is in the works! Do you have any idea whether we can expect this anytime soon, or will it be a while still? Not to put pressure, but just to know the state of affairs.
Can we follow the progress on this somewhere?
It should be possible to put a beta version out early next month. The way it's being done, no real way to track progress but I'll update here.
Just checking if there are any updates on the progress on this? Thanks!
Yes, almost all of it is done - CFR builds are in testing. The last component is just having a way to make the variables only accessible from edk2, and that'll give us "Secure" Secure Boot and BIOS Lock. Hard to say timings, as it is resisting :)
@Sean-StarLabs any updates on this?
UPL - no, moving SMM which in turns gives us secureboot will happen first. No ETA, but things are moving
Is there a way to do secure boot with coreboot on the starbook mk VI? I searched a bit online, but the documentation on the topic seems to be quite sparse.
bootctl
currently indicates that secure boot is unsupported. Is that because it's fundamentally unsupported by coreboot, or because it's not included in the current coreboot build/config?I would basically like to:
Thanks!