Hi Simon,
Good Morning!
Many Thanks a lot for all your support so far,
1. With respect to the verified boot , I want to put the images onto NAND FLASH, Could you please let me know what is the procedure of flashing the verified boot images onto NAND instead of micro-SD
2.Does dm-verity works only on read-only rootfs?.. or it works on read-write rootfs?.. because as of now we are looking out only for a bare minimal rootfs , could you please suggest me if any rootfs with minimal support where dm-verity can be applied & verified apart from android
I want to implement the automatic software update & recovery feature (ie., firmware update of uboot, kernel & rootfs) in ti-sdk-am335x-evm-07.00.00.00 BSP's , if in case if it bricks to unbrick by itself, Could you please help me with suitable pointers & source code links for implementing this feature
Awaiting for your replies Many Thanks in advance again,
Srinivasan S
________________________________________ From: sjg@google.com sjg@google.com on behalf of Simon Glass sjg@chromium.org Sent: Monday, November 3, 2014 5:08 AM To: srinivasan Cc: U-Boot Mailing List; Srinivasan S Subject: Re: verifying & signing
Hi,
On 2 November 2014 07:06, srinivasan srinivasan.rns@gmail.com wrote:
Hi Simon,
http://lists.denx.de/pipermail/u-boot/2014-June/180845.html
As the above link explains the Signing of kernel & verifying with uboot,
Could you please let me know do you have any methods of signing & verifying the linux kernel with root file system ie., am using ti-sdk-am335x-evm-07.00.00.00 BSP's where linux kernel is from this BSP only & would be planning to use rootfs as my Angstrom filesystem or any others
If you use dm-verity you can verify your root disk using a hash which is stored in the verified part of U-Boot. This is the method used by Chrome OS. This requires a read-only rootfs though. Is that acceptable?
See this page for some info on how Android does this:
https://source.android.com/devices/tech/security/dm-verity.html
Could you please let me know how do we sign & verify the kernel with rootfs with detailed steps as am using beaglebone black as my development board with ti-sdk-am335x-evm-07.00.00.00 BSP's
I don't have details steps of this part sorry. An overview is here:
http://events.linuxfoundation.org/sites/events/files/slides/chromeos_and_diy...
Awaiting for your replies Many Thanks in advance
Regards, Simon