Kernel encryption through Secureboot

Autonomous Machines Jetson & Embedded Systems Jetson TX2
, ,
12

hello jacob46,

by default uboot doesn’t verify the images, it loads kernel image through file system even though it’s fused device.
since there’s UBoot feature called Verified Boot. you might have to execute tool to create a signed image, by add signatures to FIT (Flat Image Tree).
please refer to below for reference,
[U-Boot] Need help with verified u-boot on Tegra TX2
Verified boot on the Raspberry Pi – CrySyS Blog

so, the steps should be…

  1. download U-boot source code
  2. create a signed image.
  3. compile uboot with FIT image support.
  4. install the image for boot-up
  5. interrupt uboot auto boot sequence, use setenv for setting the initrd_high and fdt_high to specify the location where initrd and device tree loads into RAM,
  6. check the TX2 boot-up logs, which should have verification for hash values.
1 Like