Bjørn Mork <[email protected]> wrote: > Michael Richardson <[email protected]> writes:
>> Having orange and red pieces "secured" *does* mean that u-boot updates
would
>> have to come from openwrt.
> Does it? Is it possible to modify the BL2 to verify signatures of the
> BL31 and BL32 stages only?
I don't know.
> If not, is it feasible to deploy an automated fip.bin signer, taking an
> any unverified U-Boot binary as input and building a signed fip.bin for
> the OpenWrt One using verified BL31 and BL32 blobs?
I wouldn't want to do this in too automated a fashion.
signature.asc
Description: PGP signature
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
