[bug#72457] What I mentioned above is verified boot.

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#72457] What I mentioned above is verified boot.

From:	amano.kenji
Subject:	[bug#72457] What I mentioned above is verified boot.
Date:	Sat, 19 Oct 2024 01:38:57 +0000

https://slimbootloader.github.io/security/verified-boot.html says

> A hash function is used to create a digest during build and saved as part of 
> the image which is then used to compare against the digest computed during 
> boot to make sure they are the same. The digest calculated during build and 
> saved as part of the image is trusted as its part of the trust chain.

> This method is used to verify components for which the digest can be computed 
> during SBL build time.

> Signature verification

> This method of verification is used for independently updateable components 
> like configuration data, IP firmware blobs, OS images, etc.

I wish this rewrite of bootloader subsystem allows the possibility of verified 
boot which doesn't have to be implemented now. Just make it possible to run 
services whenever there are changes to /boot.

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#72457] What I mentioned above is verified boot., amano.kenji <=

Prev by Date: [bug#73871] [PATCH] gnu: podman-compose: Update to 1.2.0.
Next by Date: bug#73747: [PATCH 0/2] gnu: Add python-pyglet.
Previous by thread: [bug#73871] [PATCH] gnu: podman-compose: Update to 1.2.0.
Next by thread: [bug#71968] [PATCH v6 1/5] gnu: Add yyjson.
Index(es):
- Date
- Thread