Raptor Computing Systems Community Forums (BETA)

Software => Firmware => Topic started by: cchinicz on April 24, 2020, 09:35:29 am

Title: How to setup Secure Boot with PetitBoot
Post by: cchinicz on April 24, 2020, 09:35:29 am

Hi All,

I'm new to Power9 and would like to ask the community how to setup Secure Boot on PetitBoot?

Assuming a brand new system came with Debian pre installed, will I have to reinstall the OS or just "feed-in" into PetitBoot a public key from Debian to authenticate the OS signature on the boot partition before PetitBoot loads it?

An "architectural" question: does PetitBoot run on OpenBMC? I understood that PetitBoot (or maybe it is OpenBMC) runs on a separate hardware and not in the main cpu?

Thanks in advance.

Title: Re: How to setup Secure Boot with PetitBoot
Post by: ClassicHasClass on April 25, 2020, 01:41:36 pm

OpenBMC runs on the BMC (the ASPEED chip on the board). That's an ARM core. It starts the main POWER9 processor(s) and Skiroot/Petitboot run natively from there; the BMC keeps on doing what it does.

The Secure Boot process looks like this: https://www.ibm.com/developerworks/library/l-protect-system-firmware-openpower/index.html

Title: Re: How to setup Secure Boot with PetitBoot
Post by: mx08 on May 03, 2020, 09:52:07 am

Recently someone on IRC got secure boot working on their Blackbird and posted instructions on the wiki: https://wiki.raptorcs.com/wiki/Secure_Boot_with_your_own_keys

But it's not... "plug and play", you have to recompile the firmware at least two times if I remember correctly.

Title: Re: How to setup Secure Boot with PetitBoot
Post by: cchinicz on May 12, 2020, 02:22:39 pm

Hi guys, thanks for the replies.