[PATCH 1/3] [V5] Add support for GPG signature enforcement on booted
Samuel Mendoza-Jonas
sam at mendozajonas.com
Fri Aug 26 14:10:17 AEST 2016
On Wed, 2016-08-24 at 10:54 -0500, Timothy Pearson wrote:
> On 08/23/2016 07:40 PM, Samuel Mendoza-Jonas wrote:
> >
> > Hi! Excuse me not following up, got caught up putting out some other
> > fires :)
>
> No problem, it happens.
>
> >
> > I'm pretty happy to merge this I think. I've tested with buildroot with
> > only a moderate amount of hair-pulling, and everything acts as expected.
> > One, maybe two nitpicks, but I can handle those myself when I merge,
> > being:
> > - I'll change --with-signed-boot to default=no
>
> OK.
>
> >
> > - I might add a comment to a file or commit message to stress that it's
> > probably best to hold off using the word 'secure' too much unless this
> > is used in conjunction with a proper trusted-boot implementation so that
> > you can trust the integrity of the initramfs. If you like I can send
> > that to you to bikeshed as well :)
>
> Yeah, this is probably a true statement. Essentially the entire
> contents of NOR flash, including petitboot, become the CRTM. While this
> is definitely more secure than the existing boot methods (and in line
> with some commercial x86 offerings) I wouldn't call it complete until
> the TPM is being used and the CRTM is as small as possible, preferably
> in the first 4K of Flash (write protected) or, even better, in the
> on-die nonvolatile memory for OpenPOWER systems. Not sure if that's
> even possible at this time, but it would definitely be interesting.
>
> Thanks!
>
With some build-related fixes and the comment mentioned above, series
merged as ccb478ac. Thanks!
More information about the Petitboot
mailing list