OpenWrt One / project update

[Bjørn Mork]

Michael Richardson <mcr at sandelman.ca> writes:

> Having orange and red pieces "secured" *does* mean that u-boot updates would
> have to come from openwrt.

Does it?  Is it possible to modify the BL2 to verify signatures of the
BL31 and BL32 stages only?

If not, is it feasible to deploy an automated fip.bin signer, taking an
any unverified U-Boot binary as input and building a signed fip.bin for
the OpenWrt One using verified BL31 and BL32 blobs?


Bjørn