UEFI-based SWUpdate and Secure Boot integration

siemens / meta-iot2050

SIMATIC IOT2050 Isar/Debian Board Support Package

MIT License

130 stars 79 forks source link

UEFI-based SWUpdate and Secure Boot integration #314

Closed jan-kiszka closed 2 years ago

jan-kiszka commented 2 years ago

Not completely secure yet due to

missing hardening bits in SE Boot
missing security for persistent data
not yet shared tools for programming keys in to customer half of OTP

Still requires addition work on the documentation front, both to update it and to describe in more details how to adopt and customize these patterns for product images.

@gylstorffq @stormc

BaochengSu commented 2 years ago

@jan-kiszka , Sorry but I could not recall the exact missing hardening bits in SE Boot, do you referring to the secure boot enable bit from SEBoot to SPL?

jan-kiszka commented 2 years ago

-> validated firewall settings