[fsflover]

Can I compile coreboot with Secure Boot from source and reflash my UEFI/BIOS with it? If yes, then you have a point. I would appreciate the corresponding link to the source and supported devices.

[JCattheATM]

Yes, you can, as long as you have supported hardware.

Here is there list of supported hardware: https://doc.coreboot.org/mainboard/index.html

Also, heads seems to use coreboot also.

[fsflover]

Thanks, I already know where the coreboot source is (and I'm already using it with Heads). Concerning Secure Boot, I only found this (emphasis mine):

> soc/amd/common/block/psp: Add platform secure boot support

>

> Add Platform Secure Boot (PSB) enablement via the PSP if it is not already enabled. Upon receiving psb command, PSP will program PSB fuses as long as BIOS signing key token is valid. Refer to the AMD PSB user guide doc# 56654, Revision# 1.00. Unfortunately this document is only available with NDA customers

[JCattheATM]

I guess I misunderstood your request. This[1] and this[2] should be what you are looking for.

[1] https://doc.coreboot.org/security/vboot/index.html

[2] https://github.com/tianocore/edk2

[fsflover]

I found no installable code for Secure Boot itself in your links.

[JCattheATM]

That wasn't what you asked for, and I've given you more than enough links for you to find your way to installing it if you wanted to play with it.

If you want something that will hold your hand a little more, then one of the downstream projects might be a better fit.

I'm satisfied I've backed up my points though.

[fsflover]

>> I found no installable code for Secure Boot itself in your links.

> That wasn't what you asked for

Here's a quote from my earlier comment:

>> Can I compile coreboot with Secure Boot from source and reflash my UEFI/BIOS with it?

I don't see how I could formulate it better. You seem to evade the actual answer. I'll continue to think this is impossible.