#3589 NORM Trial-3: Verify that firmware update works with secure boot

Zarro Boogs per Child bugtracker at laptop.org
Wed Sep 19 19:10:36 EDT 2007


#3589: Verify that firmware update works with secure boot
----------------------------------+-----------------------------------------
  Reporter:  cscott               |       Owner:  wmb at firmworks.com
      Type:  defect               |      Status:  new              
  Priority:  normal               |   Milestone:  Trial-3          
 Component:  ofw - open firmware  |     Version:                   
Resolution:                       |    Keywords:                   
  Verified:  0                    |  
----------------------------------+-----------------------------------------

Comment(by cscott):

 New scheme seems to be to have OFW store a 'checked' bit in the CMOS ram.
 If the bit is clear, OFW will load bootfw.zip, parse the version number,
 set the bit, and attempt to install if newer than current.  It skips this
 check if the bit is set.  The OS upgrade process will clear the bit when
 it installs a new bootfw.zip.

 If the "alternate boot image" in boot-alt has a newer firmware, this
 doesn't guarantee that the check will be done.  We can either not worry
 about this case (on the grounds that boot-alt is used for *older* system
 images) or else always do the check when booting from boot-alt.
 Alternatively, we could always install the firmware in boot-alt on the
 grounds that maybe we're reverting to an earlier version because the
 firmware or EC was broken in the new one.  I don't have a strong feeling
 about this; "don't worry" seems the easiest reasonable option.

-- 
Ticket URL: <https://dev.laptop.org/ticket/3589#comment:1>
One Laptop Per Child <https://dev.laptop.org>
OLPC bug tracking system



More information about the Bugs mailing list