Session
FOSDEM 2021 Schedule
Open Source Firmware, BMC and Bootloader

Improving the Secure Boot landscape: sbctl & go-uefi

Utilizing secure boot should be simple. Our current tooling is badly integrated, abstractions leaking and the code bases are not reusable. Functionality is spread between several projects and not one covers all your needs. This amounts to a confusing landscape. sbctl and go-uefi is a tool, and a low-level UEFI library, that attempts to push the secure boot landscape forward.
In this talk I'll do a short introduction of secure boot and the tooling people normally use. We will look at the different use cases each of them provide and missing functionality. Then I'll do a short demonstration of sbctl and go-uefi. The goal is to try provoke some ideas how we can make secure boot more accessible for users. Currently the tooling assumes some familiarity with secure boot implementation details (signature lists, PK/KEK/db keys and so on) and that shouldn't be needed to have a fairly basic secure boot setup.

Additional information

Type devroom

More sessions

2/6/21
Open Source Firmware, BMC and Bootloader
D.firmware
This is the continuation of the "Status of AMD platform in coreboot" presented last year on the Open Source Firmware, BMC and Bootloader devroom. The talk will cover the news around the AMD support in Open Source Firmware ecosystem from the past year. You will hear, among others, about: FSF RYF KGPE-D16 platform revival, AMD Ryzen R1000/V1000 series AGESA integration into open source TianoCore EDK2, TrenchBoot new features and updates and current support of AMD Picasso and Cezanne SoCs in ...
2/6/21
Open Source Firmware, BMC and Bootloader
D.firmware
​​OpenBMC is an Open Source Software project started in an effort to create a secure, scalable, open source firmware code for BMC. Apart from the usual benefits arising from Open Source nature, OpenBMC brings in additional advantages like a.) state-of-the-art build system based on Yocto - an embedded linux distribution - which simplifies the process of building customized Linux, b.) Robust Managebility framework based on (4 pillars - REST, JSON, HTTPS, ODATAv4) RedFish, c.) Superior ...
2/6/21
Open Source Firmware, BMC and Bootloader
D.firmware
During that presentation I will run a quick demo of the OSFCI infrastructure which is developed by HPE to validate and build Open Source Firmware stack on Proliant server. I will introduce an overview at how the code works, and how to get involve, and make scale the platform. This project is available on github. https://github.com/hewlettpackard/osfci
2/6/21
Open Source Firmware, BMC and Bootloader
D.firmware
With the advancement of open source firmware projects, we need a reliable quality assurance process to automate the firmware level testing. In this talk I'd like to show how we build up a ecosystem for open-source firmware testing and show by example how we integrated one project into that ecosystem. This talk aims to give a status update what has been show on the OSFC2020, and also encourage people to get involved and participate in open-source firmware testing. All code shown is open-source ...
2/6/21
Open Source Firmware, BMC and Bootloader
Daniel Schaefer
D.firmware
RISC-V is a relatively new ISA and platform, which has been evolving rapidly. A few Linux distributions already have good support and have compiled most of their packages for it. The boot process has been neglected and only recently did everyone start using the widely used embedded bootloader U-Boot instead of a custom research bootloader. We have ported the EDK2 reference implementation of UEFI to make the boot process more like current desktops and servers. This talk explains how we did that, ...
2/6/21
Open Source Firmware, BMC and Bootloader
D.firmware
There is existing work in the public space on how to correctly construct a DRTM launch but not an equivalent amount on how to maintain the integrity of the DRTM launch over the lifecycle of a system. In particular a specific area of concern is how to correctly construct a secure upgrade for the DRTM launch that minimizes the risk of the process being corrupted. There are a few challenges that must be overcome and in this presentation these will be covered along with a novel approach that will ...
2/7/21
Open Source Firmware, BMC and Bootloader
D.firmware
Much of the Secure and Trusted Boot ecosystem is built around UEFI. However, not all platforms implement UEFI, including IBM's Power machines. In this talk, I will talk about my team's ongoing work on secure boot of virtual machines on Power. This is an important use case, as many Power machines ship with a firmware hypervisor, and all user workloads run as virtual machines or "Logical Partitions" (LPARs). Linux Virtual Machines on Power boot via an OpenFirmware (IEEE1275) implementation which ...