On 03/01/2016 04:12 AM, Alban Bedel wrote:
On Mon, 29 Feb 2016 23:03:01 +0000
Jimmy Zhang <jimmzhang@xxxxxxxxxx> wrote:
Alban,
First of all, I believe the code your added here should and will work.
However, it is probably purely coincident that I was adding similar
functions as requested by Avionic Design (AD) in the last a few weeks.
I think we could merge both approaches and result in one best
solution.
Up to yesterday what I did was only based on guess work, it was enough
to use RCM, but loading the bootloader failed. Now we finally got access
to (part of) the miniloader source and I was able to pin point the
missing piece to start the bootloader. The miniloader need the
bootloader signature before the bootloader binary when in PKC mode.
I added that and I was finally able to bootstrap my fused board.
The main differences between your and mine are:
1. When to sign.
My solution is to separate signing and flashing. Ie, signing can be
done at a secure server and flashing at non-secure factory. During
flashing, only signed RCM messages and bootloader are needed. No pkc
private key file is required to be present at factory. This private
key management feature is also requested by AD. Your solution requires
the rsa key file being present when downloading flasher.
Yes, this is currently not suited for production.
Given that, I think I'll ignore this patch series for now. It's typical
to mark such patches "RFC" in the email subject to indicate that they
shouldn't be applied. Hopefully you and Jimmy can work together to
combine your work and post a production-ready patch set?
--
To unsubscribe from this list: send the line "unsubscribe linux-tegra" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
