From: Matt Fleming <matt@codeblueprint.co.uk>
To: Jan Kiszka <jan.kiszka@siemens.com>
Cc: "Kweh, Hock Leong" <hock.leong.kweh@intel.com>,
"Bryan O'Donoghue" <pure.logic@nexus-software.ie>,
Andy Shevchenko <andy.shevchenko@gmail.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Borislav Petkov <bp@alien8.de>,
"Ong, Boon Leong" <boon.leong.ong@intel.com>,
"Mok, Tze Siong" <tze.siong.mok@intel.com>
Subject: Re: [PATCH 0/2] efi: Enhance capsule loader to support signed Quark images
Date: Tue, 28 Feb 2017 12:12:55 +0000 [thread overview]
Message-ID: <20170228121255.GD28416@codeblueprint.co.uk> (raw)
In-Reply-To: <5da59d02-d299-f5c7-48fa-a67bdd017252@siemens.com>
On Fri, 17 Feb, at 10:24:41AM, Jan Kiszka wrote:
>
> I just can re-express my frustration that this essential step hasn't
> been started years ago by whoever designed the extension. Then I bet
> there would have been constructive feedback on the interface BEFORE its
> ugliness spread to broader use.
>
> Or is there a technical need, in general or on Quark, to have the
> signature header right before the standard capsule *for the handover* to
> the firmware? I mean, I would naively put it into another capsule and
> prepend that to the core so that the existing UEFI API can palate it
> transparently and cleanly.
I'm fairly sure this was my first thought when we discussed this
originally, some years ago now.
The whole CSH concept is, frankly, stupid. It makes a mockery of
everything the capsule interface was designed to be.
I have long been holding out in hope that someone would patch the
firmware to work around this CSH requirement, something along the
lines of the double wrapping Jan mentions above. It's not like the
Quark is the only platform that wants to verify capsules.
But to my knowledge, that hasn't happened.
Nevertheless my answer is still the same - someone needs to go and
update the Quark firmware source to work with the generic capsule
mechanism.
next prev parent reply other threads:[~2017-02-28 12:14 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-15 18:14 [PATCH 0/2] efi: Enhance capsule loader to support signed Quark images Jan Kiszka
2017-02-15 18:14 ` [PATCH 1/2] efi/capsule: Prepare for loading images with security header Jan Kiszka
2017-02-15 18:14 ` [PATCH 2/2] efi/capsule: Add support for Quark " Jan Kiszka
2017-02-17 1:30 ` Bryan O'Donoghue
2017-03-24 16:44 ` Jan Kiszka
2017-02-15 18:17 ` [PATCH 0/2] efi: Enhance capsule loader to support signed Quark images Ard Biesheuvel
2017-02-15 18:47 ` Jan Kiszka
2017-02-15 18:41 ` Andy Shevchenko
2017-02-15 18:46 ` Andy Shevchenko
2017-02-15 18:50 ` Jan Kiszka
2017-02-15 18:59 ` Jan Kiszka
2017-02-16 3:00 ` Kweh, Hock Leong
2017-02-16 7:29 ` Jan Kiszka
2017-02-18 21:48 ` Ard Biesheuvel
2017-02-19 13:33 ` Jan Kiszka
2017-02-20 1:33 ` Bryan O'Donoghue
2017-02-20 1:52 ` Jan Kiszka
2017-03-24 15:18 ` Jan Kiszka
2017-02-17 0:53 ` Bryan O'Donoghue
2017-02-17 8:23 ` Kweh, Hock Leong
2017-02-17 9:24 ` Jan Kiszka
2017-02-28 12:12 ` Matt Fleming [this message]
2017-02-28 12:20 ` Jan Kiszka
2017-02-28 12:29 ` Matt Fleming
2017-02-28 13:25 ` Ard Biesheuvel
2017-02-28 13:35 ` Andy Shevchenko
2017-02-28 13:36 ` Andy Shevchenko
2017-02-28 15:07 ` Bryan O'Donoghue
2017-02-28 15:09 ` Bryan O'Donoghue
2017-02-28 15:27 ` Andy Shevchenko
2017-02-28 16:52 ` Bryan O'Donoghue
2017-02-28 17:18 ` Andy Shevchenko
2017-02-28 17:42 ` Bryan O'Donoghue
2017-03-01 14:02 ` Bryan O'Donoghue
2017-03-01 14:55 ` Andy Shevchenko
2017-02-17 9:51 ` Bryan O'Donoghue
2017-02-17 10:14 ` Jan Kiszka
2017-02-17 11:42 ` Bryan O'Donoghue
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170228121255.GD28416@codeblueprint.co.uk \
--to=matt@codeblueprint.co.uk \
--cc=andy.shevchenko@gmail.com \
--cc=ard.biesheuvel@linaro.org \
--cc=boon.leong.ong@intel.com \
--cc=bp@alien8.de \
--cc=hock.leong.kweh@intel.com \
--cc=jan.kiszka@siemens.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pure.logic@nexus-software.ie \
--cc=tze.siong.mok@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).