11-17-2016, 03:34 AM
Hi,
I wonder if there is support for secure/trusted boot on Pine64? And how to use it?
I wonder if there is support for secure/trusted boot on Pine64? And how to use it?
|
Secure Boot on Pine64
|
11-17-2016, 04:35 AM
(11-17-2016, 03:34 AM)kirgene Wrote: Hi, Of course; its gnu+linux -- its own support for secure | trusted boot is as secure as its physical security and as far as the administrator understands how to harden any computer; particularly gnu+linux. Having said that, nothing is buillet proof. On the other hand, if you don't plug it in and turn it on it will be pretty damned secure; as long as you make sure it has good 'physical' security -- locked up in a safe lock down someplace. The Pine board running gnu+linux is no more|less secure than any gnu+linux computer if the administrator take reasonable measures to harden it; closing unused ports, placing it behind a good firewall, doing reasonable user admin, implementing good protocols ( whether PAM or other ) having good encryption and strong passwords, and doing regular maintenance... and a host of other things beyond the scope of this post. Yes, the Pine board can be made to be a very secure little computer indeed.
marcushh777
 please join us for a chat @ irc.pine64.xyz:6667 or ssl irc.pine64.xyz:6697 ( I regret that I am not able to respond to personal messages; let's meet on irc! ) 
11-17-2016, 05:04 AM
(11-17-2016, 04:35 AM)MarkHaysHarris777 Wrote:(11-17-2016, 03:34 AM)kirgene Wrote: Hi, Thanks for reply! But I meant something like High Availability Boot found in i.MX6 (https://cache.freescale.com/files/32bit/...AN4581.pdf). I'd like to sign my custom kernel and use it in the chain of trust.
11-17-2016, 05:07 AM
Maybe this here http://linux-sunxi.org/Arm64#Boot_modes is a better starting point than 'general security' platitudes?
11-17-2016, 05:33 AM
(11-17-2016, 03:34 AM)kirgene Wrote: Hi, If you mean UEFI Secure boot capability, then it will be there when UEFI support for this board is presented. Cortex-A53 containing in the Pine64's SoC has Security Extension included, this is the ARM hardware thing for "trusted" environments support. so this is the question of the SW support of it. For now, there is no such, but I bet there are people working on this. I am working on UEFI implementation, but I should admit - it's yet too early to promise Secure Boot on Pine64. As of the current fw on here, u-boot, I don't know much, but most probably, no, it is not Secure Boot capable.
ANT - my hobby OS for x86 and ARM.
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
|
External storage problem for pine64 | Dani6102 | 4 | 2,519 |
08-22-2023, 08:36 AM Last Post: gulshan212 |
| PINE A64 SBC: Clone of a functional 32GB SD card doesn't boot | burningkrome | 3 | 2,347 |
05-19-2023, 07:43 AM Last Post: crocspot |
|
| Pine A64 does only boot with Android 5.1 | Dude | 6 | 4,864 |
07-03-2022, 02:18 PM Last Post: Dude |
|
| Pine64 as wireless audio device | S265 | 3 | 3,999 |
04-07-2022, 10:39 PM Last Post: S265 |
|
| Pine64(+) and manjaro | dsychan | 0 | 1,421 |
04-05-2022, 11:32 PM Last Post: dsychan |
|
| Pine A64+ vs LCD do not boot | DDS | 3 | 6,704 |
02-23-2021, 05:33 PM Last Post: thedu |
|
|
Pine64 was a Useless Project | pushpendrak | 18 | 31,731 |
11-21-2020, 10:17 PM Last Post: tllim |
| Pine64 LCD | rstcologne | 0 | 3,406 |
09-22-2020, 12:43 PM Last Post: rstcologne |
|
| Pine64+ power button | PaddyChan | 0 | 3,076 |
09-14-2020, 09:55 AM Last Post: PaddyChan |
|
|
Can't boot when SD card inserted | kivox | 5 | 8,934 |
03-15-2020, 06:00 AM Last Post: kivox |
Users browsing this thread: 1 Guest(s)