spike: investigate UKI and TB support on aarch64 devices #3094
Comments
mudler
added
enhancement
mudler
changed the title
|
Jason from ARM recommended we check these options:
|
|
Does this comment and card link with the fTpm card? It's nice that on that card we found out the same about the ASRock tpm and RPI tpm and even the same system76 workstation loool |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently UKI Kairos installations are supporting only x86_64 architectures. It would be beneficial to extend support to ARM boards (E.g. Nvidia AGX Orin).
Describe the solution you'd like
ARM does have the so called TrustedZone: it provides fTPM support "emulation" which provides Trusted Boot support, however, so far implementations are very different from what is proposed with systemd and UKIs, see e.g. https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/design/trusted-board-boot.rst .
However, UKI are generic, and looks like very recently projects like yocto and archboot are gearing support to this:
Describe alternatives you've considered
Use a TEE-ARM environment to handle disk encryption.
Additional context
The text was updated successfully, but these errors were encountered: