2022-12-01 –, Langdale
Today, many embedded projects run on x86 platforms, and often end users are
concerned about security. The term Root of Trust matters a lot here. One of its
components in the case of x86 is UEFI Secure Boot. It is a standard defined in
UEFI that allows for trusted key verification of images loaded by UEFI BIOS.
Using the publicly available layers, I would like to present what UEFI Secure
Boot is and how to integrate it into Yocto Project.
I will start the presentation by explaining a few issues like Root of Trust or
Secure Boot. I will tell you how you need to inspect the platform so that it
takes full advantage of the UEFI Secure Boot functionality. Then I will present
the meta-secure-core [1] layer which, among other things, allows UEFI Secure
Boot integration in Yocto builds. I will also briefly describe the other
advantages of the functionalities included there. The main purpose of the
presentation will be to present PoC consisting in the integration of UEFI SB in
the public meta-dts-ce [2] and to present the results on the x86 platform.
Embedded systems engineer at 3mdeb. Yocto Project enthusiast.