Hi, I've sent an updated proposal based on your modifications.
I've also added a new patch to explain the consequences of a signed bootloader when some code is loaded into TruztZone. The second patch is not perfect as I've no idea what would happen when the TrustZone partition is erased. For instance would the device still boot, if for instance an upstream Linux kernel is used? Or would it fail before that, in the bootloader? Testing that safely, without risking to break a device would be complicated, and would probably require to: - Find a device supported by Replicant that can boot on something else than the internal memory first, or make it do that by modifying some resistors on the PCB. - Manage to boot on that "something else" and make sure to be able to recovery if all or part of the internal memory is erased. - Try to boot without the TrustZone partition, and see if it works. - Ideally also support for that device in the upstream Linux kenrel, to have a kernel that doesn't depend on TrustZone. Denis. _______________________________________________ Replicant mailing list [email protected] https://lists.osuosl.org/mailman/listinfo/replicant
