Hello,

The last reference I could find about it, is an email from dec.17 2012, but I'd like to re-ignite the discussion. Also, I'm new here - forgive me if I'm asking stupid questions.

I'd like to implement a form of authenticated boot into u-boot. That is, I need it myself for a device that I'm making, and I'll gladly use anything if it is already available, but I don't think it is. For my solution, I'm assuming the existence (somewhere) to U-boot of the following three files/buffers:

- A boot-image (a RAM disk)

- A public key (type RSA in some format, perhaps more simple than x509 pem to keep additional source code small)

- A signature

and a function, based on those three files (I suppose that - although difficult - the signature can be part of the boot-image, while the public key may have to be in a boot-flash partition), that tells U-boot whether booting the image is Ok or not (and not booting when it's not Ok).

I propose to do this, not using hardware encryption (which might not always be available and, in my case, I'm not even allowed to use) or openssl (which is a monster), but (parts of - which is, unlike openssl, quite easy) polarssl for the crypto.

That is, of course, unless this feature already exists, which I would very much like to hear. Thanks for your time,

KJ