[Cryptography] Help with Raspberry Pi IoT initialization...
Peter Todd
pete at petertodd.org
Thu Mar 10 14:28:08 EST 2016
On Thu, Mar 10, 2016 at 02:03:53PM +0100, Ralf Senderek wrote:
> The best you can do is to adapt the LIVE-image DVD approach. Treat everything
> on your boot media as read-only. On first use of the boot media, run a Unix
> in pure memory (like isolinux) that starts your verification code. Then verify
> the boot partition, that has never been touched before, and then boot it
> (chroot).
> After this point the boot partition will change and no further verification
> will succeed with the old signature value.
Note that the RPI firmware on all models is writable/updatable and as far as I
can tell can't be put into read-only mode.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160310/bb0b3f7c/attachment.sig>
More information about the cryptography
mailing list