Re: [PATCH 0/2] efi: Enhance capsule loader to support signed Quark images

From: Bryan O'Donoghue
Date: Fri Feb 17 2017 - 04:52:06 EST

On 17/02/17 08:23, Kweh, Hock Leong wrote:
> And to have UEFI expand
> it capsule support and take in signed binary would be a more secured way.
> So, influencing UEFI community to have such support would be the right
> move throughout the discussion. That is my summary.

CSH stands for "Clanton Secure Header" - Clanton being the internal
code-name for Quark X1000 prior to release.

There is no chance the UEFI standard (which can be used on ARM and
potentially other architectures) will accept a SoC specific
route-of-trust prepended header.

Sure some kind of binary signed headers might become part of the
standard eventually but, definitely _not_ a CSH.

The fact is CSH exists in the real-world and a UEFI firmware supports
accepting the CSH/UEFI-capsule pair for updating itself.

I think a far more practical solution is to accommodate the defacto
implementation (the only ? current implementation). To me it defies
reason to have Quark X1000 be the only system (that I know of) capable
of doing a capsule update - have capsule code in the kernel - but _not_
support the header prepended to that capsule that the Quark
firmware/bootrom require.

Right now the capsule code is dead code on Quark x1000. Let's do the
right thing and make it usable. I fully support having a
separate/parallel conversation with the UEFI body but, I'd be amazed if
the "Clanton Secure Header" made it into the standard...