Kernel/application signing and verification


Mohammed Billoo
 

Hi,

I'm not sure if this is the appropriate mailing list to ask this
question. I am working on customizing a BSP for an Nvidia Jetson Nano
based board (using the meta-tegra layer as the basis for most of the
development). One of the requirements for the project is to get
secure-boot working, which Nvidia supports only up to u-boot (i.e. the
custom Nvidia bootloader ensures that u-boot is signed using the
public portion of the key that is burned onto the fuses).

Yet, we need to go a bit further and use u-boot to confirm that the
kernel is also signed with the same key. Likewise with all executables
on the rootfs. Does yocto provide functionality akin to this that I
can leverage?

Thanks
--
Mohammed Billoo

Join yocto@lists.yoctoproject.org to automatically receive all group messages.