On Wed, Dec 13, 2017 at 09:41:35PM +0530, Jagan Teki wrote:
On Wed, Dec 13, 2017 at 9:08 PM, Maxime Ripard maxime.ripard@free-electrons.com wrote:
Hi,
On Wed, Dec 13, 2017 at 11:33:04AM +0530, Jagan Teki wrote:
Add verified-boot documentation for sunxi a64 platform.
Signed-off-by: Jagan Teki jagan@amarulasolutions.com
Changes for v3:
- Create separate document file
Changes for v2:
- New patch
doc/README.sunxi | 193 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 193 insertions(+) create mode 100644 doc/README.sunxi
diff --git a/doc/README.sunxi b/doc/README.sunxi new file mode 100644 index 0000000..ef4f735 --- /dev/null +++ b/doc/README.sunxi @@ -0,0 +1,193 @@ +# +# Copyright (C) 2017 Amarula Solutions +# +# SPDX-License-Identifier: GPL-2.0+ +#
+U-Boot on SunXi +==============
+Tutorial describe all details relevant for U-Boot on Allwinner SunXi platform.
1. Verified Boot+1. Verified Boot +================
+U-Boot supports an image verification method called "Verified Boot". +This is a brief tutorial to utilize this feature for the Sunxi A64 platform. +You will find details documents in the doc/uImage.FIT directory.
+Here, we take Orangepi Win board for example, but it should work for any +other boards including 32 bit SoCs.
+1. Generate RSA key to sign
- $ mkdir keys
- $ openssl genpkey -algorithm RSA -out keys/dev.key \
- -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537
- $ openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt
+Two files "dev.key" and "dev.crt" will be created. The base name is arbitrary, +but need to match to the "key-name-hint" property described below.
I really think that the very first thing you must talk about in that documentation is that it will not protect the SPL itself and that this is not a secure setup.
Based on my experience with U-boot, verified-boot here doesn't relate to protect SPL or U-Boot. it's generally for kernel and followed stages. I don't think we can think here too-much. some reference doc/README.uniphier
Except that when you read verified boot, it also comes with the assumption that you're actually protected against something.
In this particular case, you're protected against exactly nothing. Anyone could come up, replace the bootloader to remove the signature check, and you're doomed. It's trivial to do, and you're not mentionning it anywhere.
Maxime