On Fri, Jun 29, 2018 at 8:34 AM, Akendo <akendo(a)akendo.eu> wrote:
I'm reading through the source code and found vboot. It should standing
for verified boot. However I can't find any documentation(except the
source code). Can anyone provide me with some explanation how to get it
going or to make a little more sense of it?
As far as I understand it needs to verify the signature against a
Key/CA. This key should be located within the TPM. But how should the
key/CA look like? Will be a classic x509 be enough?
Here is some more background on vboot:
In this schema usually the public key is stored in a write-protected
region of the firmware ROM. You can store it anywhere you want so long
as you can guarantee that it can't be tampered with in an undesirable