OpenWrt One / project update
Michael Richardson
mcr at sandelman.ca
Sun Apr 14 10:38:13 PDT 2024
Bjørn Mork <bjorn at mork.no> wrote:
> Michael Richardson <mcr at sandelman.ca> writes:
>> Having orange and red pieces "secured" *does* mean that u-boot updates would
>> have to come from openwrt.
> Does it? Is it possible to modify the BL2 to verify signatures of the
> BL31 and BL32 stages only?
I don't know.
> If not, is it feasible to deploy an automated fip.bin signer, taking an
> any unverified U-Boot binary as input and building a signed fip.bin for
> the OpenWrt One using verified BL31 and BL32 blobs?
I wouldn't want to do this in too automated a fashion.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 511 bytes
Desc: not available
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20240414/5b5f3c25/attachment-0001.sig>
More information about the openwrt-devel
mailing list