Trusted boot loader

I’ve noticed that you are including a crypto chip. Is it simply for entropy, or will it provide TPM capability necessary for a trusted boot loader. I would very much be interested in updates that are signed and handled by a trusted boot loader. Will this capability be available, or at least on the roadmap?

2 Likes

Verified u-boot should be able to do this without the crypto chip. Using the crypto chip for this is as secure as plain verified u-boot. They are both easy to circumvent by flashing a new bootloader.

Even if the CPU enforces a signed first-stage bootloader this can be broken by signing another bootloader.

Updates to the OS itself will probably be signed using signatures the same way OpenWRT itself signes their packages.

Keeping the cryptochip clean and unused except for entropy would allow me to use it for something else.

Note to myself: this chip is as secure as a modern printer cartridge chip.

Securing the bootloader updates may be possible by disconnecting the write-protect-pin from the SPI-(NOR)-Flash but this still is unprotected against evil maids.

1 Like