One thing I would like to point out is secure boot in the form of Android Boot
Images and UKIs. These secure boot technologies combine
kernel+cmdline+initramfs (and optionally a dtb, if the dtb is on the OS) into a
secured binary blob to be delivered to the client device. If the dtb exists on
the OS side, we must now provide a signed Android Boot Images and/or UKIs per
device, this concept doesn't exists in package managers I know, at least in
Fedora, CentOS Stream. If the kernel+cmdline+initramfs doesn't have a dtb, we
can deliver a generic version that is secured for all devices.
_______________________________________________
boot-architecture mailing list -- boot-architecture@lists.linaro.org
To unsubscribe send an email to boot-architecture-le...@lists.linaro.org
