11-17-2016, 03:34 AM
11-17-2016, 04:35 AM
(11-17-2016, 03:34 AM)kirgene Wrote: [ -> ]Hi,
I wonder if there is support for secure/trusted boot on Pine64? And how to use it?
Of course; its gnu+linux -- its own support for secure | trusted boot is as secure as its physical security and as far as the administrator understands how to harden any computer; particularly gnu+linux.
Having said that, nothing is buillet proof. On the other hand, if you don't plug it in and turn it on it will be pretty damned secure; as long as you make sure it has good 'physical' security -- locked up in a safe lock down someplace.
The Pine board running gnu+linux is no more|less secure than any gnu+linux computer if the administrator take reasonable measures to harden it; closing unused ports, placing it behind a good firewall, doing reasonable user admin, implementing good protocols ( whether PAM or other ) having good encryption and strong passwords, and doing regular maintenance... and a host of other things beyond the scope of this post.
Yes, the Pine board can be made to be a very secure little computer indeed.
11-17-2016, 05:04 AM
(11-17-2016, 04:35 AM)MarkHaysHarris777 Wrote: [ -> ](11-17-2016, 03:34 AM)kirgene Wrote: [ -> ]Hi,
I wonder if there is support for secure/trusted boot on Pine64? And how to use it?
Of course; its gnu+linux -- its own support for secure | trusted boot is as secure as its physical security and as far as the administrator understands how to harden any computer; particularly gnu+linux.
Having said that, nothing is buillet proof. On the other hand, if you don't plug it in and turn it on it will be pretty damned secure; as long as you make sure it has good 'physical' security -- locked up in a safe lock down someplace.
The Pine board running gnu+linux is no more|less secure than any gnu+linux computer if the administrator take reasonable measures to harden it; closing unused ports, placing it behind a good firewall, doing reasonable user admin, implementing good protocols ( whether PAM or other ) having good encryption and strong passwords, and doing regular maintenance... and a host of other things beyond the scope of this post.
Yes, the Pine board can be made to be a very secure little computer indeed.
Thanks for reply!
But I meant something like High Availability Boot found in i.MX6 (https://cache.freescale.com/files/32bit/...AN4581.pdf).
I'd like to sign my custom kernel and use it in the chain of trust.
11-17-2016, 05:07 AM
Maybe this here http://linux-sunxi.org/Arm64#Boot_modes is a better starting point than 'general security' platitudes?
11-17-2016, 05:33 AM
(11-17-2016, 03:34 AM)kirgene Wrote: [ -> ]Hi,
I wonder if there is support for secure/trusted boot on Pine64? And how to use it?
If you mean UEFI Secure boot capability, then it will be there when UEFI support for this board is presented.
Cortex-A53 containing in the Pine64's SoC has Security Extension included, this is the ARM hardware thing for "trusted" environments support. so this is the question of the SW support of it.
For now, there is no such, but I bet there are people working on this. I am working on UEFI implementation, but I should admit - it's yet too early to promise Secure Boot on Pine64.
As of the current fw on here, u-boot, I don't know much, but most probably, no, it is not Secure Boot capable.