AArch64 kernel image decompression
Olof Johansson
olof at lixom.net
Tue Jan 14 12:19:18 EST 2014
On Tue, Jan 14, 2014 at 5:47 AM, Wolfgang Denk <wd at denx.de> wrote:
> Dear Bhupesh,
>
> In message <819346bb83b04348a266643afd5bd6f6 at BN1PR03MB220.namprd03.prod.outlook.com> you wrote:
>>
>> I agree with Marek. Usually for non-cryptographic-secure (key based cryptography) boot
>> method the CRC protection is usually the best possible protection against Image
>> corruption. CRC check is usually used in a number of field-deployed solutions to ensure
>> linux image sanity.
>
> The FIT image approach as suggested by Marek also allows for secure
> boot methods (like cryptographically signed images); this is used in
> production for several systems, including the Google Chromebook.
This can very easily be misunderstood so I would like to clarify:
Chromebooks do not use the fitImage version of signatures and
verification, it is done independently from a separate library that
wraps either a zImage (x86) or a fitImage (ARM).
-Olof
More information about the linux-arm-kernel
mailing list