Secure boot/signed images and GPL code
Vernon Mauery
vernon.mauery at linux.intel.com
Sat Nov 7 04:19:07 AEDT 2020
On 03-Nov-2020 02:56 PM, Patrick Williams wrote:
>
>In the doc you pointed to, I asked how key transition works, but the
>doc hasn't been updated to better describe it yet[2]. The initial
>response makes it seem like the AST2600 OTP doesn't give a whole lot of
>capabilities here, which is fairly concerning. I know there are some
>design proposals that use a secondary device to assist with
>secureboot[3,4,5] which might better handle key transition.
You are right, the AST2600 OTP leaves something to be desired. If all
the key regions are not initially programmed, it is possible to program
a new key, deprecate all the old keys, and take control of the system.
But programming all the keys prevents transferring the system from one
owner to another (where the owner is the one providing firmware).
Storing and provisioning keys is hardest part of any crypto system. If
we have ideas on how to make the AST2700 better, Aspeed has engineers on
this list and would probably like to hear any great ideas.
--Vernon
More information about the openbmc
mailing list