Re: SubRegionAuthLib RFC
Curtis,toggle quoted messageShow quoted text
Not sure I fully follow your proposal. Can you provide more on the use case? Is the "blob" a FV or is the signed_sub_region a raw section in a ffs file? or something else like binary at flash offset?
The PI spec has a filesystem that describes many options and the DxeCore has support for security validation / authentication state flags associated with FVs and FFS files.
I have also seen many designs that leverage section extraction and doing authentication thru that guided sections.
Can you provide more background as to why it is important to get this into edk2 as a "standard" and why it requires defining new structures and new library abstractions?
Finally a point on the policy. In many products (especially commercial products) you don't see "UEFI secure boot (PK/KEK/DB/DBX)" leveraged for trust prior to EndOfDxe. Since UEFI secure boot is often user controlled this opens up your "platform" to compromise that can be impossible to recover from.
On 6/16/2020 10:50 AM, Mackay, Curtis A wrote: