[email protected] writes:
I don't know much about signed bootloaders, and i will try to re-read the thread to fully understand your statement.
The short version: You can remove keys, so that only your own key is valid for booting. If you're then careful about that key, then later physical access is almost useless.
I personally think that works as described. If the vendors add secret backdoor keys and it's ever revealed, big corporate customers like Siemens and Petrobras will scream at them, a prospect vendors prefer to avoid.
Arnt _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
