Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

BUD17-404: UEFI/EDK2 for RDK on HiKey

552 vues

Publié le

"Session ID: BUD17-404
Session Name: UEFI/EDK2 for RDK on HiKey - BUD17-404
Speaker: Kalyan Nagabhirava
Track: LHG


★ Session Summary ★
The set-top industry is still heavily reliant upon proprietary U Boot bootloader schemes that present significant integration challenges to OEM vendors. LHG has undertaken an initiative to implement a UEFI/EDK2 solution for the RDK. This presentation will describe the implementation challenges and advantages by moving to a UEFI runtime environment.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/bud17/bud17-404/
Presentation: https://www.slideshare.net/linaroorg/bud17404-uefiedk2-for-rdk-on-hikey
Video: https://youtu.be/AwVfedYi_S4
---------------------------------------------------

★ Event Details ★
Linaro Connect Budapest 2017 (BUD17)
6-10 March 2017
Corinthia Hotel, Budapest,
Erzsébet krt. 43-49,
1073 Hungary

---------------------------------------------------
Keyword: LHG, UEFI-EDK2, RDK, Hikey
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"

Publié dans : Technologie
  • Soyez le premier à commenter

BUD17-404: UEFI/EDK2 for RDK on HiKey

  1. 1. UEFI/EDK2 for RDK on Hikey Kalyan Kumar N (LHG)
  2. 2. ENGINEERS AND DEVICES WORKING TOGETHER Agenda ● UEFI Bootloader For RDK ● Secure Boot Loader ● Development of RDK Boot Loader
  3. 3. ENGINEERS AND DEVICES WORKING TOGETHER UEFI Bootloader For RDK ● Standardization of the RDK set-top box firmware boot process ○ Increase industry awareness of UEFI/EDK2 solutions for set-top boot implementation ● Need secure boot with hardware root of trust with secure keys ● Implement RDK Bootloader and Disaster Recovery Image (DRI) requirements (use cases) using well defined standard.
  4. 4. ENGINEERS AND DEVICES WORKING TOGETHER UEFI/EDK2 Dev Environment • QEMU https://wiki.linaro.org/LEG/UEFIforQEMU ● HiKey https://github.com/96boards/documentation/wiki/HiKeyUEFI
  5. 5. ENGINEERS AND DEVICES WORKING TOGETHER Secure Boot Loader ● Helps Prevents malicious code before OS Loads ● Validates UEFI applications (boot loaders and drivers) using AuthentiCode signatures embedded in these applications ● Trusted X.509 root certificates are stored in UEFI variables ● Enable / Disable Secure Boot Secure Boot Keys: ● Platform Key (PK) - Trust relationship between platform owner & firmware ● Key Exchange Key (KEK) - Trust relationship between OS & firmware ● Signing database (DB) - whitelist authorised certificates
  6. 6. ENGINEERS AND DEVICES WORKING TOGETHER Secure Boot Loader Basic steps for Implementing Secure Boot: • Set platform key(PK) using setVariable() API • Validated the System boot mode using Setup Mode • Add KEK and DB Keys using setVariable() for validating Signed Images.
  7. 7. ENGINEERS AND DEVICES WORKING TOGETHER RDK Boot Loader ● Create new module (.inf) for RDK Boot Loader in EDK2 code ● Use EFI Runtime service Set/Get Variable() for setting/getting other Module EFI variable. Secure Boot enable programmatically: ● Set EFI_CUSTOM_MODE_NAME to CUSTOM_SECURE_BOOT_MODE ● Use EFI_SIMPLE_FILE_SYSTEM_PROTOCOL for opening PK key and get File handle. ● Populate EFI_SIGNATURE_LIST data for PK key by reading File content
  8. 8. ENGINEERS AND DEVICES WORKING TOGETHER RDK Boot Loader ● Set PK_KEY with populated EFI_SIGNATURE_LIST data (PK cert). ● Attributes for setting Keys = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS ● Same procedure for KEK and DB cert registration.
  9. 9. ENGINEERS AND DEVICES WORKING TOGETHER RDK Boot Loader RDK kernel boot: ● Use”Loaded Image protocol” for loading kernel to physical memory ● Load options for kernel arguments ○ char load[]= "initrd=/initramfs"; ○ CHAR16 LoadOption[30]; ○ UnicodeSPrintAsciiFormat(LoadOption,sizeof(LoadOption),load); ○ ImageInfo->LoadOptions = LoadOption; ● Linux kernel(>= 4.5) treated as UEFI Application and can be launched using Start Image.
  10. 10. ENGINEERS AND DEVICES WORKING TOGETHER Signing Images ● ● ●
  11. 11. ENGINEERS AND DEVICES WORKING TOGETHER Work in progress ● ●
  12. 12. Thank You #BUD17 For further information: www.linaro.org BUD17 keynotes and videos on: connect.linaro.org

×