Secure Boot on Pine64
#1
Hi,

I wonder if there is support for secure/trusted boot on Pine64? And how to use it?
#2
(11-17-2016, 03:34 AM)kirgene Wrote: Hi,

I wonder if there is support for secure/trusted boot on Pine64? And how to use it?

Of course;  its gnu+linux -- its own support for secure | trusted boot is as secure as its physical security and as far as the administrator understands how to harden any computer; particularly gnu+linux.

Having said that, nothing is buillet proof. On the other hand, if you don't plug it in and turn it on it will be pretty damned secure;  as long as you make sure it has good 'physical' security -- locked up in a safe lock down someplace.

The Pine board running gnu+linux is no more|less secure than any gnu+linux computer if the administrator take reasonable measures to harden it;  closing unused ports, placing it behind a good firewall, doing reasonable user admin, implementing good protocols ( whether PAM or other ) having good encryption and strong passwords, and doing regular maintenance...  and a host of other things beyond the scope of this post. 

Yes, the Pine board can be made to be a very secure little computer indeed.
marcushh777    Cool

please join us for a chat @  irc.pine64.xyz:6667   or ssl  irc.pine64.xyz:6697

( I regret that I am not able to respond to personal messages;  let's meet on irc! )
#3
(11-17-2016, 04:35 AM)MarkHaysHarris777 Wrote:
(11-17-2016, 03:34 AM)kirgene Wrote: Hi,

I wonder if there is support for secure/trusted boot on Pine64? And how to use it?

Of course;  its gnu+linux -- its own support for secure | trusted boot is as secure as its physical security and as far as the administrator understands how to harden any computer; particularly gnu+linux.

Having said that, nothing is buillet proof. On the other hand, if you don't plug it in and turn it on it will be pretty damned secure;  as long as you make sure it has good 'physical' security -- locked up in a safe lock down someplace.

The Pine board running gnu+linux is no more|less secure than any gnu+linux computer if the administrator take reasonable measures to harden it;  closing unused ports, placing it behind a good firewall, doing reasonable user admin, implementing good protocols ( whether PAM or other ) having good encryption and strong passwords, and doing regular maintenance...  and a host of other things beyond the scope of this post. 

Yes, the Pine board can be made to be a very secure little computer indeed.

Thanks for reply!

But I meant something like High Availability Boot found in i.MX6 (https://cache.freescale.com/files/32bit/...AN4581.pdf).
I'd like to sign my custom kernel and use it in the chain of trust.
#4
Maybe this here http://linux-sunxi.org/Arm64#Boot_modes is a better starting point than 'general security' platitudes?
#5
(11-17-2016, 03:34 AM)kirgene Wrote: Hi,

I wonder if there is support for secure/trusted boot on Pine64? And how to use it?

If you mean UEFI Secure boot capability, then it will be there when UEFI support for this board is presented.
Cortex-A53 containing in the Pine64's SoC has Security Extension included, this is the ARM hardware thing for "trusted" environments support. so this is the question of the SW support of it.
For now, there is no such, but I bet there are people working on this. I am working on UEFI implementation, but I should admit - it's yet too early to promise Secure Boot on Pine64.
As of the current fw on here, u-boot, I don't know much, but most probably, no, it is not Secure Boot capable.
ANT - my hobby OS for x86 and ARM.


Possibly Related Threads…
Thread Author Replies Views Last Post
Question External storage problem for pine64 Dani6102 4 1,619 08-22-2023, 08:36 AM
Last Post: gulshan212
  PINE A64 SBC: Clone of a functional 32GB SD card doesn't boot burningkrome 3 1,512 05-19-2023, 07:43 AM
Last Post: crocspot
  Pine A64 does only boot with Android 5.1 Dude 6 3,777 07-03-2022, 02:18 PM
Last Post: Dude
  Pine64 as wireless audio device S265 3 3,161 04-07-2022, 10:39 PM
Last Post: S265
  Pine64(+) and manjaro dsychan 0 1,113 04-05-2022, 11:32 PM
Last Post: dsychan
  Pine A64+ vs LCD do not boot DDS 3 5,869 02-23-2021, 05:33 PM
Last Post: thedu
Thumbs Down Pine64 was a Useless Project pushpendrak 18 28,335 11-21-2020, 10:17 PM
Last Post: tllim
  Pine64 LCD rstcologne 0 3,091 09-22-2020, 12:43 PM
Last Post: rstcologne
  Pine64+ power button PaddyChan 0 2,743 09-14-2020, 09:55 AM
Last Post: PaddyChan
Exclamation Can't boot when SD card inserted kivox 5 7,926 03-15-2020, 06:00 AM
Last Post: kivox

Forum Jump:


Users browsing this thread: 1 Guest(s)