Re: Enabling secure boot on the USB armory

오지수 ah_zaza at ...143...
Wed Sep 28 11:08:52 CEST 2016

Thank you for your reply.
I use release 15.02 only because I used it last year.
There is no special reason.
-----Original Message-----
From: "Stefan Kalkowski"<stefan.kalkowski at ...1...> 
To: <genode-main at>; 
Sent: 2016-09-28 (수) 15:59:51
Subject: Re: Enabling secure boot on the USB armory

On 09/28/2016 07:10 AM, 오지수 wrote:
> Hello
> I'm currently trying to boot Genode 15.02 on the USB Armory.
> [1] provides tutorial of secure boot on USB Armory.
> But, [1] only handle linux zImage.
> Is this possible to generate signed U-boot for Genode image?

From my naive understanding, you can follow the same approach like
described in the tutorial, although you have to exchange the uImage of
the Linux kernel with the one produced by the Genode run-tool.
But this would leave out verification of the Linux root-filesystem as it
is used in our current USB armory example. In contrast to our example,
the original USB armory Linux images used by the tutorial embed a
file-system within the Linux' image. Thereby the file-system gets
signed, and verified too when booting.

But I have to admit, I only skimmed through the tutorial, and never did
secure booting of Genode on the USB armory myself. Thereby, it is
probably a good idea to ask the people from Inversepath before fusing
your device. They really went through the process of secure booting the
USB armory, and they patched U-boot accordingly. There is a
corresponding discussion group here:!forum/usbarmory

When you successfully boot a Genode image securely, I would be glad if
you find the time to provide a rough how-to to all of us.

Btw. is there a reason for you to use this old release of Genode,
instead of the current release 16.08?


> [1]
> ------------------------------------------------------------------------------
> _______________________________________________
> genode-main mailing list
> genode-main at

Stefan Kalkowski
Genode Labs ·

genode-main mailing list
genode-main at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list