Changes between Version 2 and Version 3 of secure_boot


Ignore:
Timestamp:
04/07/2021 03:07:11 PM (17 months ago)
Author:
Tim Harvey
Comment:

add reference to F-Secure U-Boot security presentation

Legend:

Unmodified
Added
Removed
Modified
  • secure_boot

    v2 v3  
    2020
    2121
    22 == Secure the U-Boot Environment
    23 For a secure U-Boot environment you want to disable the ability to stop autoboot and get to a U-Boot console. Additionally you do not want to use env variables that can be used by an attacker to affect the boot sequence.
     22== Secure U-Boot
     23For a secure U-Boot you want to disable the ability to stop autoboot and get to a U-Boot console. Additionally you do not want to use env variables that can be used by an attacker to affect the boot sequence.
    2424
    2525To do this you need to understand where U-Boot env comes from:
     
    7272 * use U-Boot 'mkenvimage' on your development host to create a binary FLASH env that sets necessary defaults for any writeable vars you declare
    7373
     74For additional details on securing U-Boot see the following excellent presentation by F-Secure:
     75* https://labs.f-secure.com/assets/BlogFiles/2020-05-u-booting-securely-wp-final.pdf
    7476
    7577== Securing the Kernel, FDT, ramdisk via FIT images