[coreboot] vboot
David Hendricks
david.hendricks at gmail.com
Fri Jun 29 20:20:54 CEST 2018
On Fri, Jun 29, 2018 at 8:34 AM, Akendo <akendo at akendo.eu> wrote:
>
> Hey everyone,
>
> I'm reading through the source code and found vboot. It should standing
> for verified boot. However I can't find any documentation(except the
> source code). Can anyone provide me with some explanation how to get it
> going or to make a little more sense of it?
>
> As far as I understand it needs to verify the signature against a
> Key/CA. This key should be located within the TPM. But how should the
> key/CA look like? Will be a classic x509 be enough?
Hi Akendo,
Here is some more background on vboot:
https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot
https://www.chromium.org/chromium-os/chromiumos-design-docs/firmware-boot-and-recovery
In this schema usually the public key is stored in a write-protected
region of the firmware ROM. You can store it anywhere you want so long
as you can guarantee that it can't be tampered with in an undesirable
way.
More information about the coreboot
mailing list