This includes all device types supported by balenaCloud
Chris Crocker-White set the status to Planned
Time line? Months, Year, Years?
Phil Wilson: Hey Kyle!
Whilst I can’t give you specifics (I mean I could, but they would be guesses and almost certainly wrong) I can tell you that this is a current focus for our OS team. They are finalising secure boot and FDE for the x86 device types (https://roadmap.balena.io/posts/3/enable-secure-boot-and-full-disk-encryption-for-x86-device-types) which includes backend components necessary for signing release artifacts, which will also be needed here.
Currently secure boot for the Pi4 (and Pi4CM) is being worked on as we type.
Ross Porter: Phil noted above that we were finalizing secure boot and FDE for x86. FYI, that has now launched, specifically for the Generic x86_64 (GPT) device type, see https://blog.balena.io/balenaOS-secure-boot-and-disk-encryption-for-x86-64/. And BTW, you don’t necessarily need a large or expensive x86 device to use this. We have tested this on x86 devices that retail for as little as $130.
Hi,
Is there any time line for the Up-Board image?
The version for this board is quite old by now.
Hi! Any update on supporting secure boot for pi4?
Alex Gonzalez: Hi Brian,
Indeed, this is an active project and there is an open PR with the progress at https://github.com/balena-os/balena-raspberrypi/pull/1080.
The implementation is still not complete as it is still using u-boot which does not yet authenticate the kernel - the next stage is to address this. We will be replacing u-boot with a Linux based balena bootloader, which is another project that has been happening in parallel. We are about to merge these two independent developments.
Hi Alex, do you have any rough timescales for when this may be merged?
Alex Gonzalez: Hi Oskar, I have split the CM4 roadmap item into Enable secure boot and disk encryption for CM4 · Balena Feature Requests. I provided a rough estimate, not a commitment, over there.
Any plans to enable secure boot support for x86 Intel NUC in addition to Generic X86?
Alex Gonzalez: Hi Linus, the Generic x86_64 (GPT)
device type is the recommended one to use with UEFI x86_64 devices, including modern Intel NUCs. Given that Intel has discontinued the NUC, the Intel NUC
image could be discontinued by Balena as it is the policy when vendors stop support.
So the answer is no, the Intel NUC image will not get secure boot support, but Intel NUCs will continue to be supported via the Generic x86_64 (GPT)
device type, including secure boot.
Hi Alex, any updates on secure boot for raspberry pi 4 B? Thanks!
Alex Gonzalez: Hi Brian, no updates unfortunately. The project raised some product concerns that have to be cleared before the technical work can resume. Your account manager should be able to provide details.