[U-Boot] verifying & signing

Simon Glass sjg at chromium.org
Mon Nov 3 00:38:18 CET 2014


Hi,

On 2 November 2014 07:06, srinivasan <srinivasan.rns at gmail.com> wrote:
>
>
>
>
> Hi Simon,
>
> http://lists.denx.de/pipermail/u-boot/2014-June/180845.html
>
> As the above link explains the Signing of kernel & verifying with uboot,
>
> Could you please let me know do you have any methods of signing & verifying
> the linux kernel with root file system ie., am using
> ti-sdk-am335x-evm-07.00.00.00 BSP's where linux kernel is from this BSP only
> & would be planning to use rootfs as my Angstrom filesystem or any others

If you use dm-verity you can verify your root disk using a hash which
is stored in the verified part of U-Boot. This is the method used by
Chrome OS. This requires a read-only rootfs though. Is that
acceptable?

See this page for some info on how Android does this:

https://source.android.com/devices/tech/security/dm-verity.html

>
> Could you please let me know how do we sign & verify the kernel with rootfs
> with detailed steps as am using beaglebone black as my development board
> with ti-sdk-am335x-evm-07.00.00.00 BSP's

I don't have details steps of this part sorry. An overview is here:

http://events.linuxfoundation.org/sites/events/files/slides/chromeos_and_diy_vboot_0.pdf


>
> Awaiting for your replies
> Many Thanks in advance
>
>
>

Regards,
Simon


More information about the U-Boot mailing list