On Fri, Jun 29, 2018 at 8:34 AM, Akendo <ake...@akendo.eu> wrote: > > Hey everyone, > > I'm reading through the source code and found vboot. It should standing > for verified boot. However I can't find any documentation(except the > source code). Can anyone provide me with some explanation how to get it > going or to make a little more sense of it? > > As far as I understand it needs to verify the signature against a > Key/CA. This key should be located within the TPM. But how should the > key/CA look like? Will be a classic x509 be enough?
Hi Akendo, Here is some more background on vboot: https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot https://www.chromium.org/chromium-os/chromiumos-design-docs/firmware-boot-and-recovery In this schema usually the public key is stored in a write-protected region of the firmware ROM. You can store it anywhere you want so long as you can guarantee that it can't be tampered with in an undesirable way. -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot