Software > Firmware

How to setup Secure Boot with PetitBoot

(1/1)

cchinicz:
Hi All,

I'm new to Power9 and would like to ask the community how to setup Secure Boot on PetitBoot?

Assuming a brand new system came with Debian pre installed, will I have to reinstall the OS or just "feed-in" into PetitBoot a public key from Debian to authenticate the OS signature on the boot partition before PetitBoot loads it?

An "architectural" question: does PetitBoot run on OpenBMC? I understood that PetitBoot (or maybe it is OpenBMC) runs on a separate hardware and not in the main cpu?

Thanks in advance.

ClassicHasClass:
OpenBMC runs on the BMC (the ASPEED chip on the board). That's an ARM core. It starts the main POWER9 processor(s) and Skiroot/Petitboot run natively from there; the BMC keeps on doing what it does.

The Secure Boot process looks like this: https://www.ibm.com/developerworks/library/l-protect-system-firmware-openpower/index.html

mx08:
Recently someone on IRC got secure boot working on their Blackbird and posted instructions on the wiki: https://wiki.raptorcs.com/wiki/Secure_Boot_with_your_own_keys

But it's not... "plug and play", you have to recompile the firmware at least two times if I remember correctly.

cchinicz:
Hi guys, thanks for the replies.

Navigation

[0] Message Index