[RFC 3/4] FIT: add FIT image support
Jan Lübbe
jlu at pengutronix.de
Fri Mar 13 08:41:40 PDT 2015
On Fr, 2015-03-13 at 15:28 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > It's not the job of barebox to define security policies, it must fit
> > well into the larger security design, which may require compromises.
>
> I disagree, disable by default non secure feature is require to pass
> secure boot certification
Is there a specific certification you are targeting?
How do you intend to handle console access in verified boot mode?
Allowing access to md/mw would break any security.
I was thinking about switching off access to the HW AES keys as soon as
a prompt appears. At least on MX28/MX6 that's possible and important.
Regards,
Jan
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list