From: Blibbet <blibbet@gmail.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 0/9] EFI payload / application support
Date: Fri, 25 Dec 2015 11:34:13 -0800 [thread overview]
Message-ID: <567D9A35.80601@gmail.com> (raw)
In-Reply-To: <1450792676-109541-1-git-send-email-agraf@suse.de>
On 12/22/2015 05:57 AM, Alexander Graf wrote:
> This is my Christmas present for my openSUSE friends :).
>
> U-Boot is a great project for embedded devices. However, convincing
> everyone involved that only for "a few oddball ARM devices" we need to
> support different configuration formats from grub2 when all other
platforms
> (PPC, System Z, x86) are standardized on a single format is a nightmare.
This is a very exciting patch!
The potential to one day run CHIPSEC on U-Boot systems is VERY EXCITING!
https://github.com/chipsec/chipsec
CHIPSEC is a UEFI-centric. Though I've heard someone got it to work on
coreboot-based Intel-based Android system, not sure how.
After UEFI Shell works, I hope a goal is to get UEFI port of CPython
2.7x working, and Intel CHIPSEC running. CHIPSEC is a hardware/firmware
vulnerability detection tool, GPL open source. As I've heard them say,
the Intel CHIPSEC team is open to patches from all architectures for all
firmware targets, not just Intel x86/x64.
Linaro has started to investigate port of CHIPSEC from x86/x64 to
AArch64, as part of port of LUV (Linux UEFI Validation) project. Once
CPython and CHIPSEC run on U-Boot, this enables a whole new level of
hardware/firmware security detection! Once ported to AArch64, the ARM
security teams needs to add some AArch64-centric security test modules
to CHIPSEC, as it'll do little good on ARM, except for a few portable
UEFI variable and SPI tests, otherwise.
https://wiki.linaro.org/LEG/Engineering/luvOS
Hopefully ARM can fund Linaro to also port LUV/CHIPSEC to AArch32, all
of their products need hardware/firmware vulnerability detection
software, not just the latest 64-bit ones.
For U-Boot on MIPS, there is an unofficial UEFI MIPS port, but nobody
has touched it in a while, and CHIPSEC hasn't yet been ported there.
https://github.com/kontais/EFI-MIPS
I didn't think U-Boot ran on OpenPOWER, if it does, I missed that,
sorry. If so, there are two ports of UEFI to OpenPOWER by different
developers at IBM, but (AFAIK) no official OpenPOWER interest in UEFI,
and no CHIPSEC port to OpenPOWER yet. And no OpenPOWER-centric security
modules.
http://firmwaresecurity.com/2015/10/12/tianocore-for-openpower/
http://firmwaresecurity.com/2015/10/12/second-port-of-tianocore-to-openpower/
For other architectures that U-Boot runs on, I'm afraid porting UEFI
will be necessary before CHIPSEC can be attempted. :-( Is there any
marketshare data that shows which architectures coverage by U-Boot?
Dumb question: it appears Intel is not involved in U-Boot's x86/x64
port, or maybe I've just missed their involvement. I see Intel very
involved with coreboot and UEFI, but not U-Boot, even though U-Boot is
targetting Intel platforms. Can someone explain that to me? :-)
Thanks,
Lee Fisher
RSS: http://firmwaresecurity.com/feed
next prev parent reply other threads:[~2015-12-25 19:34 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-22 13:57 [U-Boot] [PATCH 0/9] EFI payload / application support Alexander Graf
2015-12-22 13:57 ` [U-Boot] [PATCH 1/9] disk/part.c: Expose a list of available block drivers Alexander Graf
2016-01-14 19:18 ` Tom Rini
2016-01-14 23:11 ` Simon Glass
2016-01-14 23:33 ` Alexander Graf
2016-01-15 0:46 ` Simon Glass
2016-01-15 1:04 ` Alexander Graf
2015-12-22 13:57 ` [U-Boot] [PATCH 2/9] include/efi_api.h: Add more detailed API definitions Alexander Graf
2015-12-22 13:57 ` [U-Boot] [PATCH 3/9] efi_loader: Add PE image loader Alexander Graf
2015-12-26 16:26 ` Leif Lindholm
2016-01-14 23:45 ` Alexander Graf
2016-01-15 12:29 ` Leif Lindholm
2015-12-22 13:57 ` [U-Boot] [PATCH 4/9] efi_loader: Add boot time services Alexander Graf
2015-12-22 14:15 ` Andreas Färber
2015-12-22 14:31 ` Alexander Graf
2015-12-26 18:09 ` Leif Lindholm
2016-01-15 0:13 ` Alexander Graf
2016-01-15 13:02 ` Leif Lindholm
2016-01-15 14:14 ` Alexander Graf
2016-01-15 14:21 ` Leif Lindholm
2016-01-15 17:04 ` Alexander Graf
2016-01-15 3:40 ` Alexander Graf
2015-12-22 13:57 ` [U-Boot] [PATCH 5/9] efi_loader: Add console interface Alexander Graf
2015-12-22 13:57 ` [U-Boot] [PATCH 6/9] efi_loader: Add runtime services Alexander Graf
2015-12-26 18:33 ` Leif Lindholm
2016-01-15 0:26 ` Alexander Graf
2016-01-15 13:52 ` Leif Lindholm
2016-01-15 14:15 ` Alexander Graf
2016-01-15 14:22 ` Leif Lindholm
2015-12-22 13:57 ` [U-Boot] [PATCH 7/9] efi_loader: Add disk interfaces Alexander Graf
2016-01-15 1:37 ` Simon Glass
2016-01-15 2:40 ` Alexander Graf
2015-12-22 13:57 ` [U-Boot] [PATCH 8/9] efi_loader: Add "bootefi" command Alexander Graf
2015-12-24 11:15 ` Matwey V. Kornilov
2015-12-25 9:02 ` Alexander Graf
2015-12-25 9:25 ` Andreas Färber
2015-12-25 9:40 ` Matwey V. Kornilov
2015-12-25 17:04 ` Tom Rini
2015-12-26 18:55 ` Leif Lindholm
2015-12-27 15:33 ` Alexander Graf
2015-12-26 18:45 ` Leif Lindholm
2015-12-25 16:58 ` Tom Rini
2015-12-22 13:57 ` [U-Boot] [PATCH 9/9] efi_loader: hook up in build environment Alexander Graf
2015-12-22 18:28 ` [U-Boot] [PATCH 0/9] EFI payload / application support Matwey V. Kornilov
2015-12-22 20:32 ` Alexander Graf
2015-12-25 3:29 ` Tom Rini
2015-12-25 8:53 ` Alexander Graf
2015-12-25 16:50 ` Tom Rini
2015-12-25 16:53 ` Matwey V. Kornilov
2015-12-25 17:00 ` Tom Rini
2016-01-15 3:00 ` Alexander Graf
2016-01-15 3:06 ` Tom Rini
2015-12-25 19:34 ` Blibbet [this message]
2015-12-26 15:31 ` Leif Lindholm
2015-12-26 16:27 ` Alexander Graf
2015-12-26 19:34 ` Leif Lindholm
2016-01-04 16:25 ` Alexander Graf
2016-01-04 16:56 ` Tom Rini
2016-01-04 18:03 ` Andreas Färber
2016-01-04 18:41 ` Andreas Färber
2016-01-04 19:54 ` Tom Rini
2016-01-04 22:37 ` Dennis Gilmore
2016-01-04 22:48 ` Alexander Graf
2016-01-15 3:40 ` Peter Robinson
2016-01-04 20:11 ` Matwey V. Kornilov
2016-01-15 3:32 ` Peter Robinson
2015-12-27 18:10 ` Tom Rini
2015-12-27 18:39 ` Leif Lindholm
2015-12-27 19:48 ` Tom Rini
2016-01-05 20:18 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=567D9A35.80601@gmail.com \
--to=blibbet@gmail.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.