mail archive of the barebox mailing list
 help / color / mirror / Atom feed
From: "Dold, Wolfram" <Wolfram.Dold@allegion.com>
To: Sascha Hauer <s.hauer@pengutronix.de>
Cc: "barebox@lists.infradead.org" <barebox@lists.infradead.org>
Subject: Re: Secure trusted boot mechanism
Date: Mon, 16 Jan 2017 09:22:57 +0000	[thread overview]
Message-ID: <3ad4db8b-5686-5b9e-084d-b85b2bacbd57@allegion.com> (raw)
In-Reply-To: <20170116083349.hvw6iapklok73ll7@pengutronix.de>

Hi Sascha,
thanks for your fast reply.

On 16.01.2017 09:33, Sascha Hauer wrote:
> Hi Wolfram,
> 
> On Mon, Jan 16, 2017 at 08:26:44AM +0000, Dold, Wolfram wrote:
>> Hi all,
>> I wanted to ask if barebox supports any kind of secure boot mechanism like FIT-Image or
>> any other type of verified secure trusted boot?
> 
> Yes, barebox does support FIT images.
> It also supports HAB on i.MX machines, although this is only for
> starting trusted bootloaders from the ROM, not for starting trusted
> kernels.
We have an TI AM335x Machine. As I understood the only way in such an environment to boot a trusted kernel is FIT?
What we wnat to do is to prevent the device from being hijacked.
Do you know another way than FIT to do that?
Is there any documentation available regarding barebox and FIT?

Wolfram
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

  reply	other threads:[~2017-01-16  9:23 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-16  8:26 Dold, Wolfram
2017-01-16  8:33 ` Sascha Hauer
2017-01-16  9:22   ` Dold, Wolfram [this message]
2017-01-16  9:40     ` Sascha Hauer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3ad4db8b-5686-5b9e-084d-b85b2bacbd57@allegion.com \
    --to=wolfram.dold@allegion.com \
    --cc=barebox@lists.infradead.org \
    --cc=s.hauer@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox