Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

BUD17-404: UEFI/EDK2 for RDK on HiKey

"Session ID: BUD17-404
Session Name: UEFI/EDK2 for RDK on HiKey - BUD17-404
Speaker: Kalyan Nagabhirava
Track: LHG


★ Session Summary ★
The set-top industry is still heavily reliant upon proprietary U Boot bootloader schemes that present significant integration challenges to OEM vendors. LHG has undertaken an initiative to implement a UEFI/EDK2 solution for the RDK. This presentation will describe the implementation challenges and advantages by moving to a UEFI runtime environment.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/bud17/bud17-404/
Presentation: https://www.slideshare.net/linaroorg/bud17404-uefiedk2-for-rdk-on-hikey
Video: https://youtu.be/AwVfedYi_S4
---------------------------------------------------

★ Event Details ★
Linaro Connect Budapest 2017 (BUD17)
6-10 March 2017
Corinthia Hotel, Budapest,
Erzsébet krt. 43-49,
1073 Hungary

---------------------------------------------------
Keyword: LHG, UEFI-EDK2, RDK, Hikey
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"

  • Als Erste(r) kommentieren

BUD17-404: UEFI/EDK2 for RDK on HiKey

  1. 1. UEFI/EDK2 for RDK on Hikey Kalyan Kumar N (LHG)
  2. 2. ENGINEERS AND DEVICES WORKING TOGETHER Agenda ● UEFI Bootloader For RDK ● Secure Boot Loader ● Development of RDK Boot Loader
  3. 3. ENGINEERS AND DEVICES WORKING TOGETHER UEFI Bootloader For RDK ● Standardization of the RDK set-top box firmware boot process ○ Increase industry awareness of UEFI/EDK2 solutions for set-top boot implementation ● Need secure boot with hardware root of trust with secure keys ● Implement RDK Bootloader and Disaster Recovery Image (DRI) requirements (use cases) using well defined standard.
  4. 4. ENGINEERS AND DEVICES WORKING TOGETHER UEFI/EDK2 Dev Environment • QEMU https://wiki.linaro.org/LEG/UEFIforQEMU ● HiKey https://github.com/96boards/documentation/wiki/HiKeyUEFI
  5. 5. ENGINEERS AND DEVICES WORKING TOGETHER Secure Boot Loader ● Helps Prevents malicious code before OS Loads ● Validates UEFI applications (boot loaders and drivers) using AuthentiCode signatures embedded in these applications ● Trusted X.509 root certificates are stored in UEFI variables ● Enable / Disable Secure Boot Secure Boot Keys: ● Platform Key (PK) - Trust relationship between platform owner & firmware ● Key Exchange Key (KEK) - Trust relationship between OS & firmware ● Signing database (DB) - whitelist authorised certificates
  6. 6. ENGINEERS AND DEVICES WORKING TOGETHER Secure Boot Loader Basic steps for Implementing Secure Boot: • Set platform key(PK) using setVariable() API • Validated the System boot mode using Setup Mode • Add KEK and DB Keys using setVariable() for validating Signed Images.
  7. 7. ENGINEERS AND DEVICES WORKING TOGETHER RDK Boot Loader ● Create new module (.inf) for RDK Boot Loader in EDK2 code ● Use EFI Runtime service Set/Get Variable() for setting/getting other Module EFI variable. Secure Boot enable programmatically: ● Set EFI_CUSTOM_MODE_NAME to CUSTOM_SECURE_BOOT_MODE ● Use EFI_SIMPLE_FILE_SYSTEM_PROTOCOL for opening PK key and get File handle. ● Populate EFI_SIGNATURE_LIST data for PK key by reading File content
  8. 8. ENGINEERS AND DEVICES WORKING TOGETHER RDK Boot Loader ● Set PK_KEY with populated EFI_SIGNATURE_LIST data (PK cert). ● Attributes for setting Keys = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS ● Same procedure for KEK and DB cert registration.
  9. 9. ENGINEERS AND DEVICES WORKING TOGETHER RDK Boot Loader RDK kernel boot: ● Use”Loaded Image protocol” for loading kernel to physical memory ● Load options for kernel arguments ○ char load[]= "initrd=/initramfs"; ○ CHAR16 LoadOption[30]; ○ UnicodeSPrintAsciiFormat(LoadOption,sizeof(LoadOption),load); ○ ImageInfo->LoadOptions = LoadOption; ● Linux kernel(>= 4.5) treated as UEFI Application and can be launched using Start Image.
  10. 10. ENGINEERS AND DEVICES WORKING TOGETHER Signing Images ● ● ●
  11. 11. ENGINEERS AND DEVICES WORKING TOGETHER Work in progress ● ●
  12. 12. Thank You #BUD17 For further information: www.linaro.org BUD17 keynotes and videos on: connect.linaro.org

    Als Erste(r) kommentieren

    Loggen Sie sich ein, um Kommentare anzuzeigen.

  • allanbian

    Mar. 20, 2017

"Session ID: BUD17-404 Session Name: UEFI/EDK2 for RDK on HiKey - BUD17-404 Speaker: Kalyan Nagabhirava Track: LHG ★ Session Summary ★ The set-top industry is still heavily reliant upon proprietary U Boot bootloader schemes that present significant integration challenges to OEM vendors. LHG has undertaken an initiative to implement a UEFI/EDK2 solution for the RDK. This presentation will describe the implementation challenges and advantages by moving to a UEFI runtime environment. --------------------------------------------------- ★ Resources ★ Event Page: http://connect.linaro.org/resource/bud17/bud17-404/ Presentation: https://www.slideshare.net/linaroorg/bud17404-uefiedk2-for-rdk-on-hikey Video: https://youtu.be/AwVfedYi_S4 --------------------------------------------------- ★ Event Details ★ Linaro Connect Budapest 2017 (BUD17) 6-10 March 2017 Corinthia Hotel, Budapest, Erzsébet krt. 43-49, 1073 Hungary --------------------------------------------------- Keyword: LHG, UEFI-EDK2, RDK, Hikey http://www.linaro.org http://connect.linaro.org --------------------------------------------------- Follow us on Social Media https://www.facebook.com/LinaroOrg https://twitter.com/linaroorg https://www.youtube.com/user/linaroorg?sub_confirmation=1 https://www.linkedin.com/company/1026961"

Aufrufe

Aufrufe insgesamt

628

Auf Slideshare

0

Aus Einbettungen

0

Anzahl der Einbettungen

264

Befehle

Downloads

10

Geteilt

0

Kommentare

0

Likes

1

×