[U-Boot] U-book and GPLv3? (fwd)

[Matthew Lear]

Hi Detlev,
> What exactly is secure boot?

Jean-Christophe - if I may interject...
Embedded systems using core soc silicon from a number of manufacturers
have started to use what is known as 'secure boot'. This is typically the
case in applications which utilise conditional access system software to
protect content. The emphasis on using secure boot is largely driven by
the conditional access industry itself.

Secure boot basically means that internally in the soc, fuses are blown
that provide some semblance of a low-level hw signature. This signature is
combined with additional information from a conditional access / security
vendor who may provide tools/utilities for 'signing' bootloader and/or
application software binary code images. Consider the case where the soc
is boot-strapped by low-level 'secure boot' code. Even before the
bootloader's main() is entered, the boot code validates the image using
secure features such as private keys. If validation succeeds the platform
bootstrap continues to main(). If the licensing of U-Boot changed and
U-Boot contained secure boot code and/or features such as these in its
low-level bootstrap code, it is feasible that the secure features would
have to be made public, thus there would be a rather large security flaw.

> Don't you mistake "security" for "authenticity"?

In this context, I believe both terms are interchangeable and effectively
mean the same thing. It is secure because only authenticated code is
allowed to be executed, thus another step to avoid piracy, hacking of
conditional access systems etc.

Hope that helps.

Cheers,
--  Matt