Hi, On Wed, Dec 13, 2017 at 11:33:04AM +0530, Jagan Teki wrote: > Add verified-boot documentation for sunxi a64 platform. > > Signed-off-by: Jagan Teki <ja...@amarulasolutions.com> > --- > Changes for v3: > - Create separate document file > Changes for v2: > - New patch > > doc/README.sunxi | 193 > +++++++++++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 193 insertions(+) > create mode 100644 doc/README.sunxi > > diff --git a/doc/README.sunxi b/doc/README.sunxi > new file mode 100644 > index 0000000..ef4f735 > --- /dev/null > +++ b/doc/README.sunxi > @@ -0,0 +1,193 @@ > +# > +# Copyright (C) 2017 Amarula Solutions > +# > +# SPDX-License-Identifier: GPL-2.0+ > +# > + > +U-Boot on SunXi > +============== > + > +Tutorial describe all details relevant for U-Boot on Allwinner SunXi > platform. > + > + 1. Verified Boot > + > +1. Verified Boot > +================ > + > +U-Boot supports an image verification method called "Verified Boot". > +This is a brief tutorial to utilize this feature for the Sunxi A64 platform. > +You will find details documents in the doc/uImage.FIT directory. > + > +Here, we take Orangepi Win board for example, but it should work for any > +other boards including 32 bit SoCs. > + > +1. Generate RSA key to sign > + > + $ mkdir keys > + $ openssl genpkey -algorithm RSA -out keys/dev.key \ > + -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 > + $ openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt > + > +Two files "dev.key" and "dev.crt" will be created. The base name is > arbitrary, > +but need to match to the "key-name-hint" property described below.
I really think that the very first thing you must talk about in that documentation is that it will not protect the SPL itself and that this is not a secure setup. Maxime -- Maxime Ripard, Free Electrons Embedded Linux and Kernel engineering http://free-electrons.com
signature.asc
Description: PGP signature
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
