GNU bug report logs - #72457
[PATCH 00/15] Rewrite bootloader subsystem.

Previous Next

Package: guix-patches;

Reported by: Lilah Tascheter <lilah <at> lunabee.space>

Date: Sun, 4 Aug 2024 03:52:01 UTC

Severity: normal

Tags: patch

Fix blocked by 73202: [PATCH] Preparation for bootloader rewrite.

Full log

View this message in rfc822 format

From: "amano.kenji" <amano.kenji <at> proton.me>
To: "72457 <at> debbugs.gnu.org" <72457 <at> debbugs.gnu.org>
Subject: [bug#72457] What I mentioned above is verified boot.
Date: Sat, 19 Oct 2024 01:38:57 +0000

https://slimbootloader.github.io/security/verified-boot.html says

> A hash function is used to create a digest during build and saved as part of the image which is then used to compare against the digest computed during boot to make sure they are the same. The digest calculated during build and saved as part of the image is trusted as its part of the trust chain.

> This method is used to verify components for which the digest can be computed during SBL build time.

> Signature verification

> This method of verification is used for independently updateable components like configuration data, IP firmware blobs, OS images, etc.

I wish this rewrite of bootloader subsystem allows the possibility of verified boot which doesn't have to be implemented now. Just make it possible to run services whenever there are changes to /boot.
This bug report was last modified 237 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.