BMC Image Signing Proposal
Stewart Smith
stewart at linux.vnet.ibm.com
Wed May 16 06:00:45 AEST 2018
Lei YU <mine260309 at gmail.com> writes:
> I'd like to bring this topic again.
>
> As I know image signing feature is completed for both BMC and PNOR:
> https://github.com/openbmc/phosphor-bmc-code-mgmt
> https://github.com/openbmc/openpower-pnor-code-mgmt
>
> However, the above repos are only for systems with UBI-FS feature.
> Most of machines are still using the "legacy" obmc flash layout, and thus
> they do not have image singing feature.
>
> So I would like to ask for ideas about how to support image signing feature
> for machines with "legacy" flash layout?
> 1. Should we use UBI-FS for machines that requires image signing feature?
> 2. Or should we implement image signing feature on "legacy" flash layout as
> well?
Either option is valid. I think we should get it gonig for non-UBI-FS
systems though, and we should do that through the host
--
Stewart Smith
OPAL Architect, IBM.
More information about the openbmc
mailing list