OpenWrt One / project update
Daniel Golle
daniel at makrotopia.org
Fri Apr 12 15:16:15 PDT 2024
On Fri, Apr 12, 2024 at 05:37:22PM -0400, Michael Richardson wrote:
>
> John Crispin <john at phrozen.org> wrote:
> >> using OP-TEE and fTPM.
>
> > pretty high on my list once we find the time
>
> > https://trustedfirmware-a.readthedocs.io/en/latest/components/spd/index.html
> > https://trustedfirmware-a.readthedocs.io/en/latest/components/spd/optee-dispatcher.html
>
> Where you thinking about OP-TEE as the BL32, or were you thinking that we
> could attempt this:
> OP-TEE OS after boot via an SMC call by enabling the option for
> OPTEE_ALLOW_SMC_LOAD
Imho only OP-TEE as BL32 really makes sense. Running U-Boot as secure
OS is insane and nobody should be doing that, especially not on a SoC
which can be brought up with TF-A BL2.
>
> my reading of this is that it only works if you securely boot a linux kernel.
> If we had a securely boot (the u-boot checks the signature) linux kernel,
> then nobody could change their kernel.
>
> --
> Michael Richardson <mcr+IETF at sandelman.ca> . o O ( IPv6 IøT consulting )
> Sandelman Software Works Inc, Ottawa and Worldwide
>
>
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list