#655 Enabling vboot with depthcharge payload with self rolled keys

Open
opened 3 months ago by giulio · 1 comments
giulio commented 3 months ago
Vboot allow to verify the integrity of the system before booting. It is a strong security feature which can protect against a lot of attacks. The Chromium project provides a lot of informations about vboot: * https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot * https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot-crypto * https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot-data-structures * https://docs.google.com/a/chromium.org/presentation/d/1HHf_0nKrceQr_NQYGMpVlYTIYF8ky-eNxP7W5Lxw94Y/present#slide=id.g341ad2000_020 * https://docs.google.com/presentation/d/14haBMrbpc2zlgdWmiaTlp_iDG_A8t5PTTXFMz5kqHSM/present?slide=id.g11a5e5b4cf_0_140 * https://www.chromium.org/developers/design-documents/tpm-usage * https://www.youtube.com/watch?v=6ZKeDGI75vw I started looking at this issue myself but currently I can't get neither the old and the new build system to produce a valid c201 image.
Swift Geek commented 3 months ago
Collaborator

So can grub, which we support on x86 https://libreboot.org/docs/gnulinux/grub_hardening.html (and should appear on arm thanks to uboot)

So can grub, which we support on x86 https://libreboot.org/docs/gnulinux/grub_hardening.html (and should appear on arm thanks to uboot)
Sign in to join this conversation.
Loading...
Cancel
Save
There is no content yet.