Hi Andreas, On Sat, Mar 17, 2012 at 2:25 AM, Andreas Bäck <andreas.back...@gmail.com> wrote: > Hello > > Our linux boxes with Uboot and frescale mpc5200B are set at production with > software and that is no problem. > But then when the need to update software afterwards in the field is today > only so simple that if uboot finds a usb stick with a file uImage then it > will start that and do all the updates. > What I am after a litle more tamperproff way of knowing that the software > that is updated to these hardware software are not totally modified / > hacked. > > If one could have e.g uboot to verify uImage that it signed with right > private key (The software in production would have compiled in the public > part), > I relize it can be hard to prevent all things with our current hardware but > if one could at last rise the level so that at least some jtag debugger is > need to modify the content and not only a only basic tools > found in any windows/linux computer. We are also starting to design next > generation of hardware and here more can be done in the hardware to rise > the bar even more. > > Or have you any other suggestion on how this could be improved?
I copied you on a series I sent a few days ago which implements verified boot using RSA, using FIT as suggested by Wolfgang. That might be closer to what you want. Regards, Simon > > Thanks in advance > > _______________________________________________ > U-Boot mailing list > U-Boot@lists.denx.de > http://lists.denx.de/mailman/listinfo/u-boot > _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot