I did not yet tried to compile GRUB2 myself and add the output of that as a payload to coreboot. But I thought maybe I don't need GRUB2 at all.
As there are some other options as payloads too, you might give me a tip which I could use instead of GRUB2. These are my personal requirements:
- Add my own public key so that coreboot / payload only boots kernels / initrd signed by me. - Ability to boot from internal eMMC and external microSD. USB Flash Drive would be optional. But even there every kernel / initrd must be signed by my key.
And this is my final goal: - ARM Chromebook with Gentoo Linux - LUKS on whole storage (except /boot of course) - Booting only signed kernel / initrd
So does one of you guys tried other payloads (on ARM) that could meet my requirements? Is Tiano Core possibly a candidate? I don't find information if it supports "SecureBoot".
Kind regards Martin