[U-Boot] U-Boot Security
Hello everyone,
I want to add some supplementary security to my embedded system. The Flattened Image Tree (FIT) to secure the operating system and the device tree, I have already found. Now, I am wondering if I could also secure U-Boot itself before starting it by the Secondary Program Loader (SPL). Does anyone knows a method to do that?
For a helpful answer I would be really grateful.
Sincerely,
Pascal Linder
Student Telekommunikation Netzwerke und Sicherheit
Klasse T-3b
Am 24.04.2019 um 15:55 schrieb Linder Pascal:
Hello everyone,
I want to add some supplementary security to my embedded system. The Flattened Image Tree (FIT) to secure the operating system and the device tree, I have already found. Now, I am wondering if I could also secure U-Boot itself before starting it by the Secondary Program Loader (SPL). Does anyone knows a method to do that?
Just as U-Boot can load Kernel + DTS as FIT, SPL can load U-Boot as FIT. See CONFIG_SPL_LOAD_FIT. This FIT containing U-Boot + its DTS can then be verified, too.
Regards, Simon
participants (2)
-
Linder Pascal -
Simon Goldschmidt