[RFC 3/4] FIT: add FIT image support

Jan Lübbe jlu at pengutronix.de
Fri Mar 13 08:41:40 PDT 2015


On Fr, 2015-03-13 at 15:28 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > It's not the job of barebox to define security policies, it must fit
> > well into the larger security design, which may require compromises.
> 
> I disagree, disable by default non secure feature is require to pass
> secure boot certification

Is there a specific certification you are targeting?

How do you intend to handle console access in verified boot mode?
Allowing access to md/mw would break any security.

I was thinking about switching off access to the HW AES keys as soon as
a prompt appears. At least on MX28/MX6 that's possible and important.

Regards,
Jan
-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |




More information about the barebox mailing list