Versions Compared

Old Version 1

changes.mady.by.user Ilias Apalodimas

Saved on

compared with

New Version Current

changes.mady.by.user Ilias Apalodimas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Commitments to the LEDGE SC

Mikko Rapeli

  • Upstream TRS secure boot and TPM based encryption
    Resultsto OpenEmbedded

    • arm64 gets a reference secure build for arm64 platforms

    • patches to meta-arm merges our fTPM /tf-a patchespoky merges our and TF-A

    • uki.bbclass and tests for poky

    • meta-security merges our dm-verity, systemd and initramfs patchesfor meta-security

    • improve systemd TPM module loading supportObjective: support

    • Patches merged upstream

  • Minimal support for TRS

    • Key result: TRS builds latest poky, meta-arm etc upstream main/master branches, regressions
                 

    • Regressions get fixed and submitted back to upstream projects, if possible HW and SW feature
                  support is reduced

...

  • TS maintenance

    • TS 0.5 release

    • TS builds latest poky, meta-arm etc main/master branches

...

    • Regressions get get fixed and

...

Is this what you also had in mind?

...

    • submitted back to upstream project

Jens Wiklander

  • OP-TEE maintenance

    • OP-TEE patch reviews and merges

    • OP-TEE releases

  • OP-TEE supplicant moved in kernel

    • Enhance Linux userspace and make it easier for distros to use Secure UEFI variables and TPMs

    • Merge patches in kernel upstream

  • U-Boot Memory Tagging extensions PoC

    • Provide out of tree patches that enable MTE support

    • Decide if it’s worth merging those upstream

  • Dynamic memory support for OP-TEE

    • OP-TEE improved memory usage

    • Patches merged in OP-TEE

  • XEN & FF-A async notifications

    • FF-A improved support for XEN

    • Patches merged to XEN and/or OP-TEE

Caleb Connolly

  • ACS conformance for RB2

    • Capsule update support for RB2 merged in U-Boot

    • ACS passing successfully on RB2

    • Fedora support for RB2 – Fedora public .iso installs on RB2 boards

  • U-Boot enhancements

    • Dynamic UUIDs for capsule updates

    • USB support for RB5

    • Patches merged upstream

Raymond Mao

  • Add mbedTLS support in U-Boot

    • Patches merged upstream

  • mbedTLS improvements

    • Add MSCode and multiple certs support in MBedtls PKCS7 library needed for UEFI Secure Boot

    • Secure Boot selftests passing in U-Boot

    • Patches merged upstream

Javier Tia

  • mbedTLS & LWIP integration

    • PoC of UEFI HTTPs boot linking to a repo

  • LWIP mbedTLS 3.X support

    • LWIP only works with ancient 2.X mbedTLS versions. Bump it to 3.x

    • Patches merged upstream