Secure boot/signed images and GPL code

Joseph Reynolds jrey at linux.ibm.com
Sat Nov 7 08:24:03 AEDT 2020


On 11/6/20 11:19 AM, Vernon Mauery wrote:
> On 03-Nov-2020 02:56 PM, Patrick Williams wrote:
>>
>> In the doc you pointed to, I asked how key transition works, but the
>> doc hasn't been updated to better describe it yet[2].  The initial
>> response makes it seem like the AST2600 OTP doesn't give a whole lot of
>> capabilities here, which is fairly concerning.  I know there are some
>> design proposals that use a secondary device to assist with
>> secureboot[3,4,5] which might better handle key transition.
>
> You are right, the AST2600 OTP leaves something to be desired. If all 
> the key regions are not initially programmed, it is possible to 
> program a new key, deprecate all the old keys, and take control of the 
> system. But programming all the keys prevents transferring the system 
> from one owner to another (where the owner is the one providing 
> firmware).
>
> Storing and provisioning keys is hardest part of any crypto system. If 
> we have ideas on how to make the AST2700 better, Aspeed has engineers 
> on this list and would probably like to hear any great ideas.

The OCP (Open Compute Project) Security Project has ongoing discussions 
on similar topics including secure transfer of ownership, secure boot, 
and secure recovery.

I don't have more details because it's not my technical area.  The wiki 
has links to OCP Security goals, papers, and their meetings.
https://www.opencompute.org/wiki/Security

- Joseph

>
> --Vernon
>



More information about the openbmc mailing list