[U-Boot] x86: SecureBoot: Bay Trail
Bin Meng
bmeng.cn at gmail.com
Fri Feb 17 11:58:58 UTC 2017
Hi Markus,
On Fri, Feb 17, 2017 at 5:26 PM, Markus Valentin <mv at denx.de> wrote:
> Hi,
>
> i'm implementing Secure Boot with U-Boot on a Intel Atom E3800 Series (Bay
> Trail) based Plattform.
>
> I did manage to get the first boot stage (Initial Boot Block) verified by the
> Trusted Execution Engine, next i need to verify the "ramstage" as they call
> it.
How did you implement the first boot stage? Is it U-Boot SPL?
>
> Intel provides a manual on how to enable Secure Boot with coreboot in this
> manual they extract the "ramstage" from the coreboot.rom file via cbfs.
>
Which manual is this?
> How can i get the equivalent for the coreboot-ramstage from U-Boot?
>
My understanding is that since you already managed to have the
hardware (TXE) successfully verify the first boot stage, the next step
is all yours, which means you don't need anything like
coreboot-ramstage. You can implement whatever loading/authenticating
mechanism you put in the first boot stage to boot the 2nd stage.
Regards,
Bin
More information about the U-Boot
mailing list