[U-Boot] U-boot can verify an HW signature?

Saverio Mori saverio.mori at gmail.com
Fri Jan 19 18:45:01 UTC 2018


Hi Breno Lima,
For the moment we have not secure boot, we use "plain" u-boot running on
a module board equipped with an "open" i.MX6UL processor, and we are
newbies in the field of secure boot. We wish that our firmware works
only on approved hardware, and not on common one. From what we have
read, secured boot allow that only approved FW works on prepared HW; our
problem is just the reciprocal, i.e. allow running of our FW only on
approved boards. In other words, a secured FW can works on a unsecured
board (while a secured board requires a secured FW), we wish to block
this situation.
All The Best,

Saverio M.

Il 19/01/2018 18:54, Breno Matheus Lima ha scritto:
> Hi Saverio,
>
> 2018-01-19 11:12 GMT-02:00 Saverio Mori <saverio.mori at gmail.com>:
>> Hi to the community. I have found a lot of material on secure booting and how to sign u-boot an uimage in order to that only trusted sw is load. This is good for my but i have also the opposite problem, that is i have to be sure that my sw is load on an hardware signed in some way. It is possible, and how, implement this feature in u-boot, at least running on iMX6 boards? Thanks!!!
> Can you please share more details about this verification you want to
> achieve? Are you currently running a signed U-Boot in a closed device
> (eFuse SEC_CONFIG = 1)?
>
> Thanks,
> Breno Lima



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20180119/612e46ca/attachment.sig>


More information about the U-Boot mailing list