[Openembedded-architecture] Trusted/secure/etc layers

Otavio Salvador otavio.salvador at ossystems.com.br
Wed May 2 23:31:02 UTC 2018


On Wed, May 2, 2018 at 7:44 PM Tom Rini <trini at konsulko.com> wrote:

> On Wed, May 02, 2018 at 06:26:31AM +0200, Patrick Ohly wrote:
> > Trevor Woerner <twoerner at gmail.com> writes:
> > > Philip Tricca (for Intel) has been leading a lot of TSS work as well,
he also
> > > maintains meta-measured https://github.com/flihp/meta-measured for OE
recipes.
> >
> > Note that he is very open to the idea of moving those recipes elsewhere
> > and deprecating meta-measured. The recipes themselves aren't getting
> > updated as often as they used to be, too.

> Trying to break this down into small tasks, there's a number of cases
> for making use of GRUB_BUILDIN in the context of security (Intel TXT, UEFI
> secure boot, I bet the AMD equivalent of TXT).  So we have the generic
> hook we need (good!).

> As an architecture question do we want to add more DISTRO_FEATURES
> (intel-txt, efi-secure-boot, amd-something) and have the main grub-efi
> recipe look at those hooks and further update GRUB_BUILDIN?  Or just as
> part of documentation (and perhaps more content to
> local.conf.sample.extended) take care of it there?  I think I lean
> towards more official DISTRO_FEATURES as that will also help us merge a
> number of scc/cfg fragments from this area as well.

A DISTRO_FEATURES or a MACHINE_FEATURES? It seems more related to the
machine.
-- 
Otavio Salvador                             O.S. Systems
http://www.ossystems.com.br        http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854            Mobile: +1 (347) 903-9750



More information about the Openembedded-architecture mailing list