Hi,
On Tue, 25 Jul 2023 at 09:40, Martin van den Berg martinvdberg@gmail.com wrote:
Hi there,
I'm new to u-boot and in need for a little assistance, I hope someone can point me in the right direction.
I need to secure the bootloader of a device to some extend. The device is currently using u-boot as bootloader and I would like to stick with that.
The device runs an OpenWRT. The SoC is a HLK7628N.
At this moment, it is possible to use the u-boot bootloader to replace the image of the device with any other image. I would like to have u-boot to allow only authentic (signed?) images. What is the best way to accomplish this? Any pointers, examples and so on will be much appreciated.
https://u-boot.readthedocs.io/en/latest/usage/fit/signature.html
You can also find various talks on this topic, some linked from https://u-boot.readthedocs.io/en/latest/learn/index.html
If you find any others that are interesting, please do add them to elinux.org
Regards, Simon