On 12/22/2015 05:57 AM, Alexander Graf wrote:
This is my Christmas present for my openSUSE friends :).
U-Boot is a great project for embedded devices. However, convincing everyone involved that only for "a few oddball ARM devices" we need to support different configuration formats from grub2 when all other
platforms
(PPC, System Z, x86) are standardized on a single format is a nightmare.
This is a very exciting patch!
The potential to one day run CHIPSEC on U-Boot systems is VERY EXCITING! https://github.com/chipsec/chipsec CHIPSEC is a UEFI-centric. Though I've heard someone got it to work on coreboot-based Intel-based Android system, not sure how.
After UEFI Shell works, I hope a goal is to get UEFI port of CPython 2.7x working, and Intel CHIPSEC running. CHIPSEC is a hardware/firmware vulnerability detection tool, GPL open source. As I've heard them say, the Intel CHIPSEC team is open to patches from all architectures for all firmware targets, not just Intel x86/x64.
Linaro has started to investigate port of CHIPSEC from x86/x64 to AArch64, as part of port of LUV (Linux UEFI Validation) project. Once CPython and CHIPSEC run on U-Boot, this enables a whole new level of hardware/firmware security detection! Once ported to AArch64, the ARM security teams needs to add some AArch64-centric security test modules to CHIPSEC, as it'll do little good on ARM, except for a few portable UEFI variable and SPI tests, otherwise. https://wiki.linaro.org/LEG/Engineering/luvOS Hopefully ARM can fund Linaro to also port LUV/CHIPSEC to AArch32, all of their products need hardware/firmware vulnerability detection software, not just the latest 64-bit ones.
For U-Boot on MIPS, there is an unofficial UEFI MIPS port, but nobody has touched it in a while, and CHIPSEC hasn't yet been ported there. https://github.com/kontais/EFI-MIPS
I didn't think U-Boot ran on OpenPOWER, if it does, I missed that, sorry. If so, there are two ports of UEFI to OpenPOWER by different developers at IBM, but (AFAIK) no official OpenPOWER interest in UEFI, and no CHIPSEC port to OpenPOWER yet. And no OpenPOWER-centric security modules. http://firmwaresecurity.com/2015/10/12/tianocore-for-openpower/ http://firmwaresecurity.com/2015/10/12/second-port-of-tianocore-to-openpower...
For other architectures that U-Boot runs on, I'm afraid porting UEFI will be necessary before CHIPSEC can be attempted. :-( Is there any marketshare data that shows which architectures coverage by U-Boot?
Dumb question: it appears Intel is not involved in U-Boot's x86/x64 port, or maybe I've just missed their involvement. I see Intel very involved with coreboot and UEFI, but not U-Boot, even though U-Boot is targetting Intel platforms. Can someone explain that to me? :-)
Thanks, Lee Fisher RSS: http://firmwaresecurity.com/feed