Secure Boot on Pine64
#1
Hi,

I wonder if there is support for secure/trusted boot on Pine64? And how to use it?
#2
(11-17-2016, 03:34 AM)kirgene Wrote: Hi,

I wonder if there is support for secure/trusted boot on Pine64? And how to use it?

Of course;  its gnu+linux -- its own support for secure | trusted boot is as secure as its physical security and as far as the administrator understands how to harden any computer; particularly gnu+linux.

Having said that, nothing is buillet proof. On the other hand, if you don't plug it in and turn it on it will be pretty damned secure;  as long as you make sure it has good 'physical' security -- locked up in a safe lock down someplace.

The Pine board running gnu+linux is no more|less secure than any gnu+linux computer if the administrator take reasonable measures to harden it;  closing unused ports, placing it behind a good firewall, doing reasonable user admin, implementing good protocols ( whether PAM or other ) having good encryption and strong passwords, and doing regular maintenance...  and a host of other things beyond the scope of this post. 

Yes, the Pine board can be made to be a very secure little computer indeed.
marcushh777    Cool

please join us for a chat @  irc.pine64.xyz:6667   or ssl  irc.pine64.xyz:6697

( I regret that I am not able to respond to personal messages;  let's meet on irc! )
#3
(11-17-2016, 04:35 AM)MarkHaysHarris777 Wrote:
(11-17-2016, 03:34 AM)kirgene Wrote: Hi,

I wonder if there is support for secure/trusted boot on Pine64? And how to use it?

Of course;  its gnu+linux -- its own support for secure | trusted boot is as secure as its physical security and as far as the administrator understands how to harden any computer; particularly gnu+linux.

Having said that, nothing is buillet proof. On the other hand, if you don't plug it in and turn it on it will be pretty damned secure;  as long as you make sure it has good 'physical' security -- locked up in a safe lock down someplace.

The Pine board running gnu+linux is no more|less secure than any gnu+linux computer if the administrator take reasonable measures to harden it;  closing unused ports, placing it behind a good firewall, doing reasonable user admin, implementing good protocols ( whether PAM or other ) having good encryption and strong passwords, and doing regular maintenance...  and a host of other things beyond the scope of this post. 

Yes, the Pine board can be made to be a very secure little computer indeed.

Thanks for reply!

But I meant something like High Availability Boot found in i.MX6 (https://cache.freescale.com/files/32bit/...AN4581.pdf).
I'd like to sign my custom kernel and use it in the chain of trust.
#4
Maybe this here http://linux-sunxi.org/Arm64#Boot_modes is a better starting point than 'general security' platitudes?
#5
(11-17-2016, 03:34 AM)kirgene Wrote: Hi,

I wonder if there is support for secure/trusted boot on Pine64? And how to use it?

If you mean UEFI Secure boot capability, then it will be there when UEFI support for this board is presented.
Cortex-A53 containing in the Pine64's SoC has Security Extension included, this is the ARM hardware thing for "trusted" environments support. so this is the question of the SW support of it.
For now, there is no such, but I bet there are people working on this. I am working on UEFI implementation, but I should admit - it's yet too early to promise Secure Boot on Pine64.
As of the current fw on here, u-boot, I don't know much, but most probably, no, it is not Secure Boot capable.


Possibly Related Threads…
Thread Author Replies Views Last Post
  Pine A64+ vs LCD do not boot DDS 3 2,463 02-23-2021, 05:33 PM
Last Post: thedu
Thumbs Down Pine64 was a Useless Project pushpendrak 18 14,935 11-21-2020, 10:17 PM
Last Post: tllim
  Pine64 LCD rstcologne 0 1,507 09-22-2020, 12:43 PM
Last Post: rstcologne
  Pine64+ power button PaddyChan 0 1,164 09-14-2020, 09:55 AM
Last Post: PaddyChan
Exclamation Can't boot when SD card inserted kivox 5 3,495 03-15-2020, 06:00 AM
Last Post: kivox
  Pine64 OS dpcons 2 2,281 03-02-2020, 04:32 PM
Last Post: dpcons
  Jailhouse supports Pine64+ vj-kumar 0 1,382 02-17-2020, 11:39 PM
Last Post: vj-kumar
  Boot from HDD via usb BnEc 1 1,762 11-29-2019, 04:39 AM
Last Post: evilbunny
  PINE64 board not powering up loki21century 2 2,843 11-25-2019, 12:19 PM
Last Post: Partymack711
  Pine A64 stuck in boot process joey 1 1,774 05-28-2019, 09:07 PM
Last Post: joey

Forum Jump:


Users browsing this thread: 1 Guest(s)