Hello again. I'm looking into documentation about secure boot on Rpi and found some worrying statements.
From https://github.com/raspberrypi/usbboot/ ... -recovery5 :
In https://github.com/raspberrypi/rpi-eepr ... rom-digest
From https://github.com/raspberrypi/usbboot/ ... -recovery5 :
Does that mean that on RPI5 it's always possible to just program the dev rom image and break the chain of trust ?Revoking the dev key - NOT SUPPORTED YET
revoke_devkey - If 1, revoke the ROM bootloader development key which requires secure-boot mode and prevents downgrades to bootloader versions that don't support secure boot.
In https://github.com/raspberrypi/rpi-eepr ... rom-digest
This I hope is just a case of an old, not updated string in the script.RSA signing
If a private key in PEM format is supplied then the RSA signature of the
sha256 digest is included in the .sig file. Currently, the bootloader only
supports sha256 digests signed with a 2048bit RSA key.
The bootloader only verifies RSA signatures in signed boot mode
(not available yet) and only for the EEPROM config file and the signed image.
Statistics: Posted by pseregiet — Mon Jul 29, 2024 12:35 pm