Author Topic: How to setup Secure Boot with PetitBoot  (Read 7217 times)

cchinicz

  • Full Member
  • ***
  • Posts: 131
  • Karma: +1/-0
    • View Profile
How to setup Secure Boot with PetitBoot
« on: April 24, 2020, 09:35:29 am »
Hi All,

I'm new to Power9 and would like to ask the community how to setup Secure Boot on PetitBoot?

Assuming a brand new system came with Debian pre installed, will I have to reinstall the OS or just "feed-in" into PetitBoot a public key from Debian to authenticate the OS signature on the boot partition before PetitBoot loads it?

An "architectural" question: does PetitBoot run on OpenBMC? I understood that PetitBoot (or maybe it is OpenBMC) runs on a separate hardware and not in the main cpu?

Thanks in advance.

ClassicHasClass

  • Sr. Member
  • ****
  • Posts: 464
  • Karma: +35/-0
  • Talospace Earth Orbit
    • View Profile
    • Floodgap
Re: How to setup Secure Boot with PetitBoot
« Reply #1 on: April 25, 2020, 01:41:36 pm »
OpenBMC runs on the BMC (the ASPEED chip on the board). That's an ARM core. It starts the main POWER9 processor(s) and Skiroot/Petitboot run natively from there; the BMC keeps on doing what it does.

The Secure Boot process looks like this: https://www.ibm.com/developerworks/library/l-protect-system-firmware-openpower/index.html

mx08

  • Newbie
  • *
  • Posts: 8
  • Karma: +2/-0
    • View Profile
Re: How to setup Secure Boot with PetitBoot
« Reply #2 on: May 03, 2020, 09:52:07 am »
Recently someone on IRC got secure boot working on their Blackbird and posted instructions on the wiki: https://wiki.raptorcs.com/wiki/Secure_Boot_with_your_own_keys

But it's not... "plug and play", you have to recompile the firmware at least two times if I remember correctly.

cchinicz

  • Full Member
  • ***
  • Posts: 131
  • Karma: +1/-0
    • View Profile
Re: How to setup Secure Boot with PetitBoot
« Reply #3 on: May 12, 2020, 02:22:39 pm »
Hi guys, thanks for the replies.