Jakub Łęcki

Utilizing secure boot should be simple. Our current tooling is badly integrated, abstractions leaking and the code bases are not reusable. Functionality is spread between several projects and not one covers all your needs. This amounts to a confusing landscape. sbctl and go-uefi is a tool, and a low-level UEFI library, that attempts to push the secure boot landscape forward.

In this talk I'll do a short introduction of secure boot and the tooling people normally use. We will look at the different use cases each of them provide and missing functionality. Then I'll do a short demonstration of sbctl and go-uefi.

The goal is to try provoke some ideas how we can make secure boot more accessible for users. Currently the tooling assumes some familiarity with secure boot implementation details (signature lists, PK/KEK/db keys and so on) and that shouldn't be needed to have a fairly basic secure boot setup.

Other people: Morten Linderud

With the advancement of open source firmware projects, we need a reliable quality assurance process to automate the firmware level testing. In this talk I'd like to show how we build up a ecosystem for open-source firmware testing and show by example how we integrated one project into that ecosystem. This talk aims to give a status update what has been show on the OSFC2020, and also encourage people to get involved and participate in open-source firmware testing. All code shown is open-source and available by the time of FOSDEM'21.

Other people: Christian Walter