Re: [PATCH 0/2] efi: Enhance capsule loader to support signed Quark images
From: Bryan O'Donoghue
Date: Fri Feb 17 2017 - 04:52:06 EST
On 17/02/17 08:23, Kweh, Hock Leong wrote:
> And to have UEFI expand
> it capsule support and take in signed binary would be a more secured way.
> So, influencing UEFI community to have such support would be the right
> move throughout the discussion. That is my summary.
CSH stands for "Clanton Secure Header" - Clanton being the internal
code-name for Quark X1000 prior to release.
There is no chance the UEFI standard (which can be used on ARM and
potentially other architectures) will accept a SoC specific
route-of-trust prepended header.
Sure some kind of binary signed headers might become part of the
standard eventually but, definitely _not_ a CSH.
The fact is CSH exists in the real-world and a UEFI firmware supports
accepting the CSH/UEFI-capsule pair for updating itself.
I think a far more practical solution is to accommodate the defacto
implementation (the only ? current implementation). To me it defies
reason to have Quark X1000 be the only system (that I know of) capable
of doing a capsule update - have capsule code in the kernel - but _not_
support the header prepended to that capsule that the Quark
Right now the capsule code is dead code on Quark x1000. Let's do the
right thing and make it usable. I fully support having a
separate/parallel conversation with the UEFI body but, I'd be amazed if
the "Clanton Secure Header" made it into the standard...