AArch64 kernel image decompression
Olof Johansson
olof at lixom.net
Tue Jan 14 23:37:27 EST 2014
Hi,
On Tue, Jan 14, 2014 at 10:53 AM, Wolfgang Denk <wd at denx.de> wrote:
> Dear Olof,
>
> In message <CAOesGMj0HPWD=Mavt1ut+Oze4KQZHjhHmcKTcdKELaF=Or8XsA at mail.gmail.com> you wrote:
>>
>> > The FIT image approach as suggested by Marek also allows for secure
>> > boot methods (like cryptographically signed images); this is used in
>> > production for several systems, including the Google Chromebook.
>>
>> This can very easily be misunderstood so I would like to clarify:
>> Chromebooks do not use the fitImage version of signatures and
>> verification, it is done independently from a separate library that
>> wraps either a zImage (x86) or a fitImage (ARM).
>
> This is not what I'm talking about. What I mean is the support for
> Verified Boot (see [1]) and FIT Signature Verification (see [2]) which
> is done with plain FIT images, without additional wrapping.
>
> [1] http://git.denx.de/?p=u-boot.git;a=blob;f=doc/uImage.FIT/verified-boot.txt
> [2] http://git.denx.de/?p=u-boot.git;a=blob;f=doc/uImage.FIT/signature.txt
The incorrect part of your statement was the claim that it was used
for secure boot on ARM Chromebooks. It is not -- the u-boot
implementation is completely different from what is used there.
-Olof
More information about the linux-arm-kernel
mailing list