Secure Boot revision: Use RPMB as the key storage

siemens / meta-iot2050

SIMATIC IOT2050 Isar/Debian Board Support Package

MIT License

131 stars 77 forks source link

Secure Boot revision: Use RPMB as the key storage #426

Closed BaochengSu closed 1 year ago

BaochengSu commented 1 year ago

This brings RPMB based key storage for secure boot, backed by StMM running in OPTee OS

jan-kiszka commented 1 year ago

Inviting more to the party: @stormc @gylstorffq

BaochengSu commented 1 year ago

@jan-kiszka @AsuraZeng @stormc @gylstorffq, any new comments?

stormc commented 1 year ago

LGTM in general. Is there an ETA on when the Kernel patches will be available from upstream Kernels? Then, we have to remove them here again...

jan-kiszka commented 1 year ago

Upstream is more relevant right now from QA and from issue reporting (that r/o mounting problem...) perspective. There is unfortunately still a rather long road towards getting all our patches via a recent kernel. Even current LTS 6.1 is still missing icssg-eth.