BMC Image Signing Proposal
Adriana Kobylak
anoo at linux.ibm.com
Fri May 25 03:12:17 AEST 2018
On 2018-05-22 13:28, Vernon Mauery wrote:
>
> One other thought I had was that we could make the manifest a JSON
> file which makes for very simple parsing (since the parser is already
> written). Then we could go with something like this:
>
That's a good option, at least for the write to flash piece. We could
even extend the manifest to include the names of the service files to
delete/clean up the flash. Most of the rest of the code manages the
D-Bus objects so that'd be common with all flash layouts.
Another option, or combination with a json manifest, would be to have
different repos or different subdirectories for specific
implementations.
Lei, thinking we could convert Romulus to ubi, and use the PNOR chip
to store the alternate BMC version. I think that'd be more straight fwd
and the advantage would be that the interfaces are tested and verified.
And on the side we can continue this discussion on how to make the
code more modular to support other layouts and we can start making
the changes but at least we can get Romulus using signature validation
in the mean time.
More information about the openbmc
mailing list