Enabling secure boot on the USB armory

[Stefan Kalkowski]

Hi,

On 09/28/2016 07:10 AM, 오지수 wrote:
> Hello
>  
>  
> I'm currently trying to boot Genode 15.02 on the USB Armory.
>  
> [1] provides tutorial of secure boot on USB Armory.
>  
> But, [1] only handle linux zImage.
>  
> Is this possible to generate signed U-boot for Genode image?
>  

>From my naive understanding, you can follow the same approach like
described in the tutorial, although you have to exchange the uImage of
the Linux kernel with the one produced by the Genode run-tool.
But this would leave out verification of the Linux root-filesystem as it
is used in our current USB armory example. In contrast to our example,
the original USB armory Linux images used by the tutorial embed a
file-system within the Linux' image. Thereby the file-system gets
signed, and verified too when booting.

But I have to admit, I only skimmed through the tutorial, and never did
secure booting of Genode on the USB armory myself. Thereby, it is
probably a good idea to ask the people from Inversepath before fusing
your device. They really went through the process of secure booting the
USB armory, and they patched U-boot accordingly. There is a
corresponding discussion group here:

  https://groups.google.com/forum/#!forum/usbarmory

When you successfully boot a Genode image securely, I would be glad if
you find the time to provide a rough how-to to all of us.

Btw. is there a reason for you to use this old release of Genode,
instead of the current release 16.08?

Regards
Stefan

>  
>  
> [1] https://github.com/inversepath/usbarmory/wiki/Secure-boot
> 
> 
> 
> ------------------------------------------------------------------------------
> 
> 
> 
> _______________________________________________
> genode-main mailing list
> genode-main at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/genode-main
> 

-- 
Stefan Kalkowski
Genode Labs

https://github.com/skalk · http://genode.org/