Le samedi 16 décembre 2017 à 11:44 +0100, Denis 'GNUtoo' Carikli a écrit : > This explains the interaction between a signed bootloader and TrustZone.
Slightly modified, Acked-by: Paul Kocialkowski <cont...@paulk.fr> and merged! > Signed-off-by: Denis 'GNUtoo' Carikli <gnu...@no-log.org> > --- > freedom-privacy-security-issues.php | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/freedom-privacy-security-issues.php > b/freedom-privacy-security-issues.php > index cf380d2..ee57822 100644 > --- a/freedom-privacy-security-issues.php > +++ b/freedom-privacy-security-issues.php > @@ -87,6 +87,7 @@ > However, it also occurs that the bootloaders > are cryptographically signed with a private key. > In that case, the bootrom will check the > signature against a public key that cannot be replaced and only run the > bootloader if the signature matches. > That sort of tivoization prevents replacing > pre-installed bootloaders, even when their sources are released as free > software. > + This is even more problematic when the > bootloader is in charge of loading code into TrustZone as that code gives > full control of the processor to software that is proprietary and/or cannot > be modified. > There are some good platforms that don't > perform such signature checks and can run free bootloaders (e.g. > Allwinner Ax, TI OMAP General-Purpose). > </p> -- Developer of free digital technology and hardware support. Website: https://www.paulk.fr/ Coding blog: https://code.paulk.fr/ Git repositories: https://git.paulk.fr/ https://git.code.paulk.fr/
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Replicant mailing list Replicant@osuosl.org https://lists.osuosl.org/mailman/listinfo/replicant