search

riscv-non-isa / riscv-brs

The Boot and Runtime Services (BRS) specification provides the software requirements for system vendors and Operating System Vendors (OSVs) to interoperate with one another by providing expectations for the Operating System (OS) to utilize in acts of device discovery, system management, and other rich operations provided in this specification.
https://jira.riscv.org/browse/RVG-48
Creative Commons Attribution 4.0 International
38 stars 13 forks source link

Cross-check security requirements with other industry initiatives (Arm BBRS) #21

Open andreiw opened 1 year ago

andreiw commented 1 year ago

Do we consider these part of the BRS-I or should this be a separate document like BBRS?

adurbin-rivos commented 1 year ago

What security aspects are you thinking should be covered?

andreiw commented 1 year ago

To paraphrase the Arm BBRS (https://developer.arm.com/documentation/den0107/latest/)

Platform requirements for BRS-based systems that enable standard, suitably built operating systems to seamlessly use standard security interfaces. These interfaces include the following security related functionality: • UEFI authenticated variables • UEFI secure boot • UEFI secure firmware update using Update Capsules • TPMs and measured boot

The Arm BBRS also covers platform reset attacks, and implementation guidelines (which they refer to as a checklist)

Maybe don't have to overthink this and it can be first defined under a server platform spec and then factored out. Or it could be an optional addendum to BRS.

Thoughts?

andreiw commented 5 months ago

Need to revisit this, esp wrt https://github.com/riscv-non-isa/riscv-brs/issues/136 and https://github.com/riscv-non-isa/riscv-brs/issues/135