EFI updates in latest Yocto release

Elizabeth Flanagan of Intel’s Yocto Project has announced the release of Yocto 1.7.3. Yocto is the Intel-backed embedded Linux system based on OpenEmbedded. Intel’s LUV (Linux UEFI Validation) distro, as in LUV-live, is Yocto-based. There are 3 UEFI-related updates that I can see:

 * grub-efi: Add backslash lost from previous commit
 * grub-efi: Use the backport patch from grub
 * init-install-efi.sh: fix gummiboot entry installation

https://lists.yoctoproject.org/listinfo/yocto-announce
http://yoctoproject.org/
https://wiki.yoctoproject.org/wiki/Ww41_-_2015-10-08_-_Full_Pass_1.7.3.rc1
http://mirrors.kernel.org/yocto/yocto/yocto-1.7.3/

Hmm, isn’t Gummiboot dead, replaced by the SystemD boot loader? If so, why is it still actively-maintained in Yocto?
https://firmwaresecurity.com/2015/07/09/gummiboot-rip/

And what about tummiboot, an Intel TXT-based fork of Gummiboot, shouldn’t Intel make that active? I haven’t checked, I hope tboot is available under Yocto, for BIOS today, and UEFI someday soon.
https://github.com/todorez/tummiboot
(I’d swear I did a blog post on tummiboot, but WordPress’s search abilities suck, and I suck at tagging, can’t find the post at the moment.)

TPM updates for Linux Shim and GRUB

Matthew Garrett has updated the Linux UEFI Shim and GRUB to support, based on some Trusted Grub patchset. He’s written a blog post with useful details on this update.

More information:

https://github.com/mjg59/shim/tree/tpm

https://github.com/mjg59/grub

http://mjg59.dreamwidth.org/37656.html

Recent FreeBSD firmware improvements

Like Linux, FreeBSD now also supports UEFI. PC-BSD and TrueOS are FreeBSD-based, as is NanoBSD, the embedded subset of FreeBSD.

Besides UEFI pre-OS tool support, FreeBSD also has Forth-based OpenFirmware /boot/loader, with numerous diagnostic commands (autoboot, bcachestat, boot, echo, heap, help, include, load, load_geli, ls, lsdev, more, pnpscan, read, reboot, set, show, unload, unset, ?).

Earlier this week, PC-BSD 10.1.2 has been released. Amongst the changes I notice two firmware-related improvements for this release:

* Support for encrypted iSCSI backups via Life-Preserver, including support for bare-metal restores via installer media

* Improvements to Online Updater, along with GRUB nested menus for Boot-Environments

Firmware changes aside, they’ve been adding some interesting security features: /-level encryption for ZFS, PersonaCrypt Utility, with Stealth Mode, Tor mode for firewall, etc.

More information:

10.1.2 release:
http://lists.pcbsd.org/pipermail/announce/2015-May/000076.html
http://blog.pcbsd.org/2015/05/pc-bsd-10-1-2-released/
https://www.freebsdnews.com/

FreeBSD and UEFI:
https://www.freebsd.org/doc/en/books/handbook/boot.html
https://www.freebsd.org/cgi/man.cgi?query=uefi&apropos=0&sektion=8&manpath=FreeBSD+11-current&format=html
https://wiki.freebsd.org/SecureBoot
https://wiki.freebsd.org/UEFI
http://bsdmag.org/beyond-bios-the-extended-firmware-interface -efi/

/boot/loader:
https://www.freebsd.org/cgi/man.cgi?query=loader%288%29
http://ficl.sourceforge.net/ficl.html