On 17/02/17 08:23, Kweh, Hock Leong wrote: > And to have UEFI expand > it capsule support and take in signed binary would be a more secured way. > So, influencing UEFI community to have such support would be the right > move throughout the discussion. That is my summary.
CSH stands for "Clanton Secure Header" - Clanton being the internal code-name for Quark X1000 prior to release. There is no chance the UEFI standard (which can be used on ARM and potentially other architectures) will accept a SoC specific route-of-trust prepended header. Sure some kind of binary signed headers might become part of the standard eventually but, definitely _not_ a CSH. The fact is CSH exists in the real-world and a UEFI firmware supports accepting the CSH/UEFI-capsule pair for updating itself. I think a far more practical solution is to accommodate the defacto implementation (the only ? current implementation). To me it defies reason to have Quark X1000 be the only system (that I know of) capable of doing a capsule update - have capsule code in the kernel - but _not_ support the header prepended to that capsule that the Quark firmware/bootrom require. Right now the capsule code is dead code on Quark x1000. Let's do the right thing and make it usable. I fully support having a separate/parallel conversation with the UEFI body but, I'd be amazed if the "Clanton Secure Header" made it into the standard... -- bod
