Overview
Explore a comprehensive guide to implementing Secure Boot from start to finish in this 49-minute conference talk. Delve into the intricacies of building a complete chain-of-trust for a platform, based on real-world experience with an i.MX6 custom board. Learn about each link in the chain-of-trust, from boot ROM to filesystem, including bootloader and kernel. Discover practical techniques for signing binaries, securing kernel booting automation within the bootloader, and implementing dm-verity and switchroot for filesystem security. Gain insights from experienced embedded Linux engineers Quentin Schulz and Mylène Josserand as they cover topics such as encryption vs. signature, root of trust, creating keys, device tree configuration, image verification, root filesystem setup, and Yocto integration. Enhance your understanding of secure boot implementation and best practices in embedded systems.
Syllabus
Introduction
Encryption vs Signature
Consequences
Root of Trust
Bootloader
Creating keys
Device tree
Container
Image
Configuration
Verification
Root filesystem
Verity Setup
Ash Tree Setup
Ash Tree on Device
Ash Offset
Devicemapper
Boot Environment Script
Summary
Yocto
Conclusion
Questions
Taught by
Linux Foundation