diff options
| author |   Shankho Boron Ghosh <shankhoghosh123@gmail.com> | 2020-11-18 19:55:02 +0530 |
|---|---|---|
| committer |   Jan-Simon Moeller <jsmoeller@linuxfoundation.org> | 2020-11-23 13:15:50 +0000 |
| commit | 65bd017e8b8f9a06008266de46303c88a9ac51c8 (patch) | |
| tree | ce07633c0011cef0c1272b2a948856a2693b8ba7 /docs/2_Architecture_Guides/2.2_Security_Blueprint/2_Secure_Boot/1.2.2.1_Image.md | |
| parent | 7d32dd28e9b9fa97dd43bed13fb3050eb7ff8b3d (diff) | |
Revision of Architecture Guides
v1:
Introduction : Skeleton file of Build Process [WIP].
Security Blueprint : Multiple markdowns appended into single markdown.
v2:
Security Blueprint :
4_Kernel.md - Fixed Internal Link.
Annexes.md - Uniform markdown Title.
Bug-AGL: [SPEC-3633]
Signed-off-by: Shankho Boron Ghosh <shankhoghosh123@gmail.com>
Change-Id: I1ab478348a05464612d67f0e8a4570bda309022d
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/documentation/+/25586
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Tested-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
(cherry picked from commit 9cc56459419f1225f5e9851825ad305424b3d6fb)
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/documentation/+/25602
Diffstat (limited to 'docs/2_Architecture_Guides/2.2_Security_Blueprint/2_Secure_Boot/1.2.2.1_Image.md')
| -rw-r--r-- | docs/2_Architecture_Guides/2.2_Security_Blueprint/2_Secure_Boot/1.2.2.1_Image.md | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/docs/2_Architecture_Guides/2.2_Security_Blueprint/2_Secure_Boot/1.2.2.1_Image.md b/docs/2_Architecture_Guides/2.2_Security_Blueprint/2_Secure_Boot/1.2.2.1_Image.md deleted file mode 100644 index ad9b577..0000000 --- a/docs/2_Architecture_Guides/2.2_Security_Blueprint/2_Secure_Boot/1.2.2.1_Image.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Image ---- - -# Image - -## Image selection - -The boot process shall be uninterruptible and shall irrevocably boot the image -as specified in the boot environment. - -In U-Boot set the "_bootdelay_" environment variable and/or define -`CONFIG_BOOTDELAY` to _-2_. - -<!-- section-config --> - -Domain | _Variable_ / `Config` name | `Value` ----------------------- | -------------------------- | ------- -Boot-Image-Selection-1 | `CONFIG_BOOTDELAY` | `-2` -Boot-Image-Selection-2 | _bootdelay_ | `-2` - -<!-- end-section-config --> - --------------------------------------------------------------------------------- - -## Image authenticity - -It shall not be possible to boot from an unverified image. The secure boot -feature in U-Boot shall be enabled. The secure boot feature is available from -U-Boot 2013.07 version. To enable the secure boot feature, enable the following -features: - -``` -CONFIG_FIT: Enables support for Flat Image Tree (FIT) uImage format. -CONFIG_FIT_SIGNATURE: Enables signature verification of FIT images. -CONFIG_RSA: Enables RSA algorithm used for FIT image verification. -CONFIG_OF_CONTROL: Enables Flattened Device Tree (FDT) configuration. -CONFIG_OF_SEPARATE: Enables separate build of u-Boot from the device tree. -CONFIG_DEFAULT_DEVICE_TREE: Specifies the default Device Tree used for the run-time configuration of U-Boot. -``` - -Generate the U-Boot image with public keys to validate and load the image. It -shall use RSA2048 and SHA256 for authentication. - -<!-- section-config --> - -Domain | `Config` name | _State_ -------------------------- | ---------------------------- | -------- -Boot-Image-Authenticity-1 | `CONFIG_FIT` | _Enable_ -Boot-Image-Authenticity-2 | `CONFIG_FIT_SIGNATURE` | _Enable_ -Boot-Image-Authenticity-3 | `CONFIG_RSA` | _Enable_ -Boot-Image-Authenticity-4 | `CONFIG_OF_CONTROL` | _Enable_ -Boot-Image-Authenticity-5 | `CONFIG_OF_SEPARATE` | _Enable_ -Boot-Image-Authenticity-6 | `CONFIG_DEFAULT_DEVICE_TREE` | _Enable_ - -<!-- end-section-config --> |