On 04/11/2018 09:54 PM, Raymond Yeung wrote:

Thanks David for the detailed response.

My main motivation to go down Coreboot/UBOOT route is to attempt to simplify the remaining boot-up to Linux. Instead of using PXE-BOOT, we could use tftp only. Am I correct to say that?

If you want to boot over the network you should look in to petietboot I heard it is much better.

If we're to use whatever that is available today, instead of waiting for Philipp's work to complete, does coreboot/UBOOT provide secure boot support? I'd tend to think so, but want to confirm. UEFI seems to already have this aspect covered.

Like I said I don't believe it is useful but if you want kernel code signing enforcement you can use the grub payload that supports signing for kernel/initramfs.