Hi Tom, > > Continuing the discussions we had on securing the boot flow and OS as much > > as > > possible, we came up with the following idea. > > > > We are currently sorting out what's needed to add UEFI Secure Boot in > > U-Boot. > > This will cover the next payload (shim/grub2/shim depending on board needs). > > > > In order to provide better overall security for the OS we'll need to at > > least > > verify DTB (if provided externally), initramfs and kernel modules. > > > > 1. For the kernel modules we can use kernel module signing facilities [1] > > 2. In case someone wants to provide an external DTB, we can use FIT images > > to secure that. The FIT images will contain the DTB(s) we need. Those will > > only be used if the authentication process succeeds. This will allow us to > > verify DTBs without introducing any new functionality to U-Boot. > > 3. We need to verify initramfs as well. This can be accomplished in various > > ways. > > Packing kernel + initramfs or using dm-verity are the two obvious ones but > > we > > are open to suggestions. > > For #3, making use of FIT images should be investigated seriously that > already allows for what you're asking about. Sure, thanks for the heads up. I had a sentence saying '#3 can deploy similar methods to #2" on my initial e-mail, but removed it right before sending. It makes a lot of sense to me to keep similar functionality, as long as we can keep the stored keys (to verify signatures) in small numbers. > > -- > Tom
Thanks /Ilias _______________________________________________ boot-architecture mailing list [email protected] https://lists.linaro.org/mailman/listinfo/boot-architecture
