Hi,
On 09/28/2016 07:10 AM, 오지수 wrote:
Hello
I'm currently trying to boot Genode 15.02 on the USB Armory.
[1] provides tutorial of secure boot on USB Armory.
But, [1] only handle linux zImage.
Is this possible to generate signed U-boot for Genode image?
From my naive understanding, you can follow the same approach like
described in the tutorial, although you have to exchange the uImage of the Linux kernel with the one produced by the Genode run-tool. But this would leave out verification of the Linux root-filesystem as it is used in our current USB armory example. In contrast to our example, the original USB armory Linux images used by the tutorial embed a file-system within the Linux' image. Thereby the file-system gets signed, and verified too when booting.
But I have to admit, I only skimmed through the tutorial, and never did secure booting of Genode on the USB armory myself. Thereby, it is probably a good idea to ask the people from Inversepath before fusing your device. They really went through the process of secure booting the USB armory, and they patched U-boot accordingly. There is a corresponding discussion group here:
https://groups.google.com/forum/#!forum/usbarmory
When you successfully boot a Genode image securely, I would be glad if you find the time to provide a rough how-to to all of us.
Btw. is there a reason for you to use this old release of Genode, instead of the current release 16.08?
Regards Stefan
[1] https://github.com/inversepath/usbarmory/wiki/Secure-boot
genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main