mail archive of the barebox mailing list
 help / color / mirror / Atom feed
* Layerscape secure boot
@ 2021-01-29 17:59 Barbier, Renaud
  2021-02-01  9:46 ` Sascha Hauer
  0 siblings, 1 reply; 2+ messages in thread
From: Barbier, Renaud @ 2021-01-29 17:59 UTC (permalink / raw)
  To: barebox

Is secure boot supported or planned to be supported on Layerscape (LS1046A)?
This will be our first board supporting secure boot.

If not supported yet we intend to support it (pending having the documentation/SDK...) and would like to do in a way that could be accepted upstream.

Are other boards like the IMX6/8 in barebox supporting secure boot a reference to do secure boot for other boards? 
I guess it quite hardware specific.



Cheers,
Renaud

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: Layerscape secure boot
  2021-01-29 17:59 Layerscape secure boot Barbier, Renaud
@ 2021-02-01  9:46 ` Sascha Hauer
  0 siblings, 0 replies; 2+ messages in thread
From: Sascha Hauer @ 2021-02-01  9:46 UTC (permalink / raw)
  To: Barbier, Renaud; +Cc: barebox

Hi Renaud,

On Fri, Jan 29, 2021 at 05:59:02PM +0000, Barbier, Renaud wrote:
> Is secure boot supported or planned to be supported on Layerscape
> (LS1046A)?  This will be our first board supporting secure boot.

We have no plans adding that.

> 
> If not supported yet we intend to support it (pending having the
> documentation/SDK...) and would like to do in a way that could be
> accepted upstream.

Nice :)

> 
> Are other boards like the IMX6/8 in barebox supporting secure boot a
> reference to do secure boot for other boards?  I guess it quite
> hardware specific.

It seems that NXP reused parts of the secure boot concept from i.MX. The
overall concept on i.MX is known as "High Assurance Boot" (HAB), I
haven't found that on Layerscape. However, just like the i.MX the
Layerscape also has "Command Sequence Files" (CSF), the Code signing
Tool (CST) also works on Layerscape, and on Layerscape there are also
"Super Root Key hashes". I suspect the overall process is quite similar
to i.MX, so the HAB code could probably be used as a stone quarry.

Sascha

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-02-01  9:48 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-29 17:59 Layerscape secure boot Barbier, Renaud
2021-02-01  9:46 ` Sascha Hauer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox