Hi, On Fr, 2015-03-13 at 16:49 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote: > you just need to have a unique ID on the HW and then use a x509 object > to store it. then signed it with you CA. As only validated keys can be > used, you can easly give a generated key for a specific HW. > And this key will be valid only for this HW. Yes, this sounds useful. So you'd have a board-specific way to check the unique ID constraint in an intermediate cert against the HW ID? Regards, Jan -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox
