Skip to content
Snippets Groups Projects
Commit 745a05e3 authored by Jose Marinho's avatar Jose Marinho
Browse files

temp text on capsule authorization and auth 

This follows from NIST 800-193.
May require some iteration so that we're aligned on the different
coceptes.
parent b223e91f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
source/chapter2-uefi.rst
+ 38
0
View file @ 745a05e3
...@@ -98,3 +98,41 @@ The OS must accept each image, that has an acceptance pending, by using a capsul ...@@ -98,3 +98,41 @@ The OS must accept each image, that has an acceptance pending, by using a capsul
- image_uuid - image_uuid
Update permission verification
------------------------------
The FW management guidelines in [NIST_800_193]_ spacify that the system should check:
#. FW image authenticity.
#. FW update procedure authorization.
The FW image authenticity should be implemented by authenticating the different FW images.
The FW update authorization should be implemented by verifying that the capsule or its components were assembled
by the platform owner.
Capsule authorization
^^^^^^^^^^^^^^^^^^^^^
The OS can expose the UpdateCapsule interface to any non-priveliged system user.
The FW updates initiator or the FW update package creator should
be an authorized user [NIST_800_193]_.
The capsule or the FW images contained in the capsule should be signed by a platform owner key.
The UEFI implementation should authenticate the capsule or
the different fw images included in the capsule using the platform owner key.
The capsule or FW image components are signed by the platform owner in a platform specific way.
The platform owner public key is kept in an platform specific NV region.
FW image authentication
^^^^^^^^^^^^^^^^^^^^^^^
Each FW image should be signed by the FW vendor. The mechanism for FW image vendor public
key to be provisioned is outside the scope of this document.
The FW vendor signature should be placed before the FW image as is described in the UEFI FMP definition
(§ 23.1 [UEFI]_).
The FW images should be authenticated before being written to the FW store or before being
allowed to execute on the platform.
source/references.rst
+ 4
0
View file @ 745a05e3
...@@ -23,3 +23,7 @@ References ...@@ -23,3 +23,7 @@ References
.. [PSBG] `Platform Security Boot Guide .. [PSBG] `Platform Security Boot Guide
<https://developer.arm.com/documentation/den0072/0101>`_, <https://developer.arm.com/documentation/den0072/0101>`_,
July 2020, `Arm Limited <http://arm.com>`_ July 2020, `Arm Limited <http://arm.com>`_
.. [NIST_800_193] `Platform Firmware Resiliency Guidelines
<https://csrc.nist.gov/publications/detail/sp/800-193/final>`_,
May 2018, NIST
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment