Your timezone:
Wednesday, 14 May 11:00 - 11:25
(Europe/Lisbon)
Session Room 1 | Esmeralda I & II
EFI sits at the heart of the Arm SystemReady-IR compliance program and it's the primary reason OS booting has consistent behavior across a large deployment of heterogeneous platforms. On top of that we can benefit from EFI and make our testing easier and simpler.
So let's have a look at how we transformed our CI running the latest Yocto generic arm64 image on a number of different platforms and firmware implementations.
Your timezone:
Wednesday, 14 May 12:00 - 12:25
(Europe/Lisbon)
Session Room 1 | Esmeralda I & II
Introduces Linaro Trusted Substrate (TS) Arm SystemReady/UEFI firmware and Trusted Reference Stack (TRS) kernel, initramfs and rootfs prototype for secure boot with TPM for secure storage. Discusses upstreaming status, problems and solutions.
Linaro has implemented an Arm SystemReady IR (embedded) and UEFI compatible firmware for multiple devices in the Trusted Substrate (TS) project. This firmware has been used with Trusted Reference Stack (TRS) kernel, initramfs and rootfs which extends UEFI secure boot to userspace. These create a secure boot chain of trust where HW verifies UEFI firmware, UEFI firmware verifies kernel and initramfs as Unified Kernel Image (UKI) binary, uki binary embeds dm-verity hash to detect and verify the rootfs, TPM device is used to measure UEFI firmware and all boot related SW components, TPM device is used with systemd to create an encrypted writable filesystem tied to the secure and measured system on first boot. This talk describes the TS and TRS architectures and status of upstreaming the solutions to oe-core/poky, meta-arm, meta-security/meta-tpm, meta-secure-core etc.