Securing u-boot: allow only authentic images
Simon Glass
sjg at google.com
Thu Jul 27 02:49:45 CEST 2023
Hi,
On Tue, 25 Jul 2023 at 09:40, Martin van den Berg
<martinvdberg at gmail.com> wrote:
>
> Hi there,
>
> I'm new to u-boot and in need for a little assistance, I hope someone can
> point me in the right direction.
>
> I need to secure the bootloader of a device to some extend. The device is
> currently using u-boot as bootloader and I would like to stick with that.
>
> The device runs an OpenWRT. The SoC is a HLK7628N.
>
> At this moment, it is possible to use the u-boot bootloader to replace the
> image of the device with any other image. I would like to have u-boot to
> allow only authentic (signed?) images. What is the best way to accomplish
> this?
> Any pointers, examples and so on will be much appreciated.
https://u-boot.readthedocs.io/en/latest/usage/fit/signature.html
You can also find various talks on this topic, some linked from
https://u-boot.readthedocs.io/en/latest/learn/index.html
If you find any others that are interesting, please do add them to elinux.org
Regards,
Simon
More information about the U-Boot
mailing list