BMC Image Signing Proposal
Lei YU
mine260309 at gmail.com
Fri May 18 13:33:25 AEST 2018
On Thu, May 17, 2018 at 12:02 AM, Vernon Mauery
<vernon.mauery at linux.intel.com> wrote:
> On 15-May-2018 06:18 PM, Yugi Mani wrote:
>>
>> Good point. We at MSFT are using legacy (non-UBI) layout. We have a
>> manifest for boot verification and we append the hash to image for update
>> verification.
>> I can share details about the design/implementation, if you have any
>> specific questions.
>
>
> At Intel, we are using a legacy layout as well, either ping-ponging between
> partitions or using a active/temp/recovery partition scheme depending on the
> secure boot mechanism for that platform.
>
Thanks for info!
So I think it is better for OpenBMC project to have a common (or example)
image signing tools/code, not for a specific machine or product, but for the
general machines in this project using legacy flash layout.
Let's discuss and get a design proposal?
> --Vernon
>
>
More information about the openbmc
mailing list