hendursaga has quit [Remote host closed the connection]
hendursaga has joined #riscv
_daoistmonk has joined #riscv
daoistmonk has quit [Ping timeout: 244 seconds]
vagrantc has quit [Quit: leaving]
compscipunk has quit [Quit: WeeChat 3.2]
jacklsw has quit [Read error: Connection reset by peer]
BOKALDO has joined #riscv
j0hnny has quit [Ping timeout: 252 seconds]
tgamblin has quit [Remote host closed the connection]
tgamblin has joined #riscv
j0hnny has joined #riscv
_daoistmonk has quit [Remote host closed the connection]
_daoistmonk has joined #riscv
winterflaw has joined #riscv
jamtorus has joined #riscv
jellydonut has quit [Ping timeout: 252 seconds]
_daoistmonk has quit [Remote host closed the connection]
_daoistmonk has joined #riscv
hendursa1 has joined #riscv
hendursaga has quit [Ping timeout: 276 seconds]
valentin has joined #riscv
ln5 has joined #riscv
pehaef has joined #riscv
pehaef has quit [Ping timeout: 252 seconds]
peepsalot has quit [Ping timeout: 244 seconds]
riff-IRC has joined #riscv
jwillikers has joined #riscv
jwillikers has quit [Remote host closed the connection]
Noisytoot has quit [Excess Flood]
Noisytoot has joined #riscv
jwillikers has joined #riscv
psydroid has quit [Quit: Bridge terminating on SIGTERM]
pierce has quit [Quit: Bridge terminating on SIGTERM]
CarlosEDP has quit [Quit: Bridge terminating on SIGTERM]
kaji has quit [Quit: Bridge terminating on SIGTERM]
pho has quit [Quit: Bridge terminating on SIGTERM]
EmanuelLoos[m] has quit [Quit: Bridge terminating on SIGTERM]
AhmedCharles[m] has quit [Quit: Bridge terminating on SIGTERM]
khem has quit [Quit: Bridge terminating on SIGTERM]
BOKALDO has quit [Quit: Leaving]
psydroid has joined #riscv
khem has joined #riscv
kaji has joined #riscv
pierce has joined #riscv
CarlosEDP has joined #riscv
EmanuelLoos[m] has joined #riscv
AhmedCharles[m] has joined #riscv
pho has joined #riscv
jamtorus is now known as jellydonut
frost has quit [Quit: Connection closed]
BOKALDO has joined #riscv
jacklsw has joined #riscv
rjek has quit [Remote host closed the connection]
rjek has joined #riscv
freakazoid343 has joined #riscv
freakazoid12345 has quit [Ping timeout: 250 seconds]
peepsalot has joined #riscv
freakazoid333 has joined #riscv
freakazoid343 has quit [Ping timeout: 256 seconds]
aburgess has quit [Ping timeout: 240 seconds]
kbingham_ is now known as kbingham
jwillikers has quit [Remote host closed the connection]
jwillikers has joined #riscv
vagrantc has joined #riscv
compscipunk has joined #riscv
jwillikers has quit [Quit: jwillikers]
jwillikers has joined #riscv
<xypron>
If we want to implement secure boot, OpenSBI's fw_jump.bin would have to be able to check a signature of the next boot stage. The OpenSBI binary should start with a header which allows to place the offset to a signature to be evaluated by the boot ROM. Has there yet been any activity in this direction?
<jrtc27>
I doubt fw_jump makes sense in a secure boot world
<jrtc27>
you'd either want to do fw_payload or extend fw_dynamic with more info
<jrtc27>
fw_jump is inherently "I blindly trust whatever came before me"
jacklsw has quit [Quit: Back to the real life]
Andre_H has joined #riscv
mahmutov has joined #riscv
<xypron>
jrtc27: we could add checking a signature to fw_jump. Compare this to TF-A. In TF-A BL33 is checked by the prior binary.
<xypron>
jrtc27: It is not about trusting the predecessor but the successor.
<xypron>
jrtc27: OpenSBI should be able to check whom it jumps to.
<smaeul>
Why does signing OpenSBI need some header inside the binary? OpenSBI is relocatable, so prepending the signature should be fine. Or if you are using a container format (e.g. FIT) that should already handle signatures.
<smaeul>
requiring the entry point == the load address is only necessary if you don't know the binary format... but for secure boot you are already expecting a specific format
crabbedhaloablut has quit [Remote host closed the connection]