Replies: 2 comments
-
TIL: I didn't know this was a feature!
It sounds like it's a hard blocker for Capsule updates -- so I assume Intel has some plan on telling the hardware "don't do that" when we call |
Beta Was this translation helpful? Give feedback.
-
Well hold on - I don't agree.
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
While working on the capsule updates in coreboot + edk2 project 1, 2, 3 we
have been discussing if/how the memory encryption feature 4 can affect this
process. On Meteor Lake 5 (and possibly moving forward as well) it can be
configured to use a different key for each warmboot. This of course sounds like
a nice feature to have in general.
However, if we rely on storing some data in memory through warmboot (such as
capsule data), this may be problematic, as it won't properly decrypt.
As far as we understood, fwupd uses similar mechanism, by preserving some
capsule data in memory. We may be missing something, so we would
be glad to be corrected.
The question for the general discussion would be:
key reset on each warmboot),
Perhaps such devices are already supported in the fwupd, and this is not a
problem at all.
@mkopec @krystian-hebel Please correct me if I misinterpreted something here.
Beta Was this translation helpful? Give feedback.
All reactions