Hello
Our linux boxes with Uboot and frescale mpc5200B are set at production with software and that is no problem. But then when the need to update software afterwards in the field is today only so simple that if uboot finds a usb stick with a file uImage then it will start that and do all the updates. What I am after a litle more tamperproff way of knowing that the software that is updated to these hardware software are not totally modified / hacked.
If one could have e.g uboot to verify uImage that it signed with right private key (The software in production would have compiled in the public part), I relize it can be hard to prevent all things with our current hardware but if one could at last rise the level so that at least some jtag debugger is need to modify the content and not only a only basic tools found in any windows/linux computer. We are also starting to design next generation of hardware and here more can be done in the hardware to rise the bar even more.
Or have you any other suggestion on how this could be improved?
Thanks in advance