EBBR Notes 2021.12.06

Attendees

• Grant Likely (Arm)
• Darren Davis (SUSE)
• Ricardo Salveti (Foundries.io)
• Ilias Apalodimas (Linaro)
• Jose Marinho (Arm)
• Marcin Juszkiewicz (RedHat)
• Bill Mills (Linaro)
• Joakim Bech (Linaro)
• Loic Pallardy (ST)
• Mark Brown (Arm)
• Rob Herring (Arm)
• Andreas Färber (SUSE)

Agenda

• Requirements on A/B update (Ilias)
• Can the OS be responsible for firmware update? (Ilias) - e.g., via fwupd or similar to stage UpdateCapsule()
• Requirement to disable or remove command line when secure (Ilias)

Notes

Requirements on A/B Update

• Problems: TCG spec doesn't cover anything about measuring the DTB

  • Looking at proposing language to add to the TCG
  • Ilias doesn't have any contacts in the TCG. Is working with Stuart to find a contact

• Linaro has published the first version of the A/B update spec

  • https://git.codelinaro.org/linaro/dependable-boot/mbfw/-/releases
  • guidelines on how to update a device
  • process depends on support in masked rom. If masked rom can select boot device, then choice is made there. Otherwise choice made at BL2

[] ACTION: Ilias and Jose to prepare presentation about A/B update spec for next EBBR meeting (First meeting in January)

• Current implementation uses TFA (instead of SPL), but an SPL or other implementation is easily done

• Question: Can we start enforcing A/B update spec adoption?

  • Discussion about whether the spec is something that can be enforced at this stage
  • The spec is useful and important to be documented
  • The spec has few external interfaces
  • Feedback may still be received that modifies the external interfaces that do exist
    • Example: trial state and OS acceptance interface
    • Currently don't have an OS distro user of the interface that will adopt it as a requirement
  • Ricardo: Currently all platforms are SPL based, and we're focusing on adopting the basic update flow

• Summary: A/B Update spec should run parallel to EBBR. It guides development of U-Boot features, but doesn't need to be called out in EBBR until such time as OSes are requiring the external interfaces

Can OS be responsible for firmware update?

• A/B update spec says OS decides whether to accept firmware update (using the optional interface)
• This is about how the OS triggers the firmware update to happen via UpdateCapsule()
  • Two typical options
    • Capsule on Disk -- OS stores capsule into system partition
    • EFI utility -- OS stores EFI update utility and capsule on disk and changes BOOT variable (or Grub config) to execute
  • OS needs to be involved because Firmware may not have ability to perform OTA itself

Question: Is there interest in an direct OS access runtime fw update spec?

• Initial response suggest yes... need to collect more info
• Meantime, boot time fw update plan has not changed

Requirement to disable or remove command line when secure

• Bumping topic to next meeting

IR 2.1 or 3.0 release schedule

Action: Grant to send list of proposed EBBR additions to mailing list