[U-Boot] [PATCH v3 3/5] docs: Document verified-boot for sunxi a64
Maxime Ripard
maxime.ripard at free-electrons.com
Wed Dec 13 15:38:02 UTC 2017
Hi,
On Wed, Dec 13, 2017 at 11:33:04AM +0530, Jagan Teki wrote:
> Add verified-boot documentation for sunxi a64 platform.
>
> Signed-off-by: Jagan Teki <jagan at amarulasolutions.com>
> ---
> Changes for v3:
> - Create separate document file
> Changes for v2:
> - New patch
>
> doc/README.sunxi | 193 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 193 insertions(+)
> create mode 100644 doc/README.sunxi
>
> diff --git a/doc/README.sunxi b/doc/README.sunxi
> new file mode 100644
> index 0000000..ef4f735
> --- /dev/null
> +++ b/doc/README.sunxi
> @@ -0,0 +1,193 @@
> +#
> +# Copyright (C) 2017 Amarula Solutions
> +#
> +# SPDX-License-Identifier: GPL-2.0+
> +#
> +
> +U-Boot on SunXi
> +==============
> +
> +Tutorial describe all details relevant for U-Boot on Allwinner SunXi platform.
> +
> + 1. Verified Boot
> +
> +1. Verified Boot
> +================
> +
> +U-Boot supports an image verification method called "Verified Boot".
> +This is a brief tutorial to utilize this feature for the Sunxi A64 platform.
> +You will find details documents in the doc/uImage.FIT directory.
> +
> +Here, we take Orangepi Win board for example, but it should work for any
> +other boards including 32 bit SoCs.
> +
> +1. Generate RSA key to sign
> +
> + $ mkdir keys
> + $ openssl genpkey -algorithm RSA -out keys/dev.key \
> + -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537
> + $ openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt
> +
> +Two files "dev.key" and "dev.crt" will be created. The base name is arbitrary,
> +but need to match to the "key-name-hint" property described below.
I really think that the very first thing you must talk about in that
documentation is that it will not protect the SPL itself and that this
is not a secure setup.
Maxime
--
Maxime Ripard, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20171213/229e16f8/attachment.sig>
More information about the U-Boot
mailing list