cancel
Showing results for 
Search instead for 
Did you mean: 

[Secure boot] Is it possible to add kernel authentication?

AVazquez
Associate III

Hi,all!

In the wiki about secure boot, only FSBL and SSBL files are signed and authenticated.

It would be very interesting and useful if you could also sign and authenticate the kernel and increase security.

Is this possible?

1 ACCEPTED SOLUTION

Accepted Solutions
Olivier GALLIEN
ST Employee

Hi @AVazquez​ ,

It's possible to authenticate any level of application code but ST only provide complete support/guideline for Secure Boot part.

Authentication of kernel and upper layer can be done using standard community methodology.

2 Kbytes in the OTP register are available to store extra keys.

Olivier

Olivier GALLIEN
In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.

View solution in original post

2 REPLIES 2
Olivier GALLIEN
ST Employee

Hi @AVazquez​ ,

It's possible to authenticate any level of application code but ST only provide complete support/guideline for Secure Boot part.

Authentication of kernel and upper layer can be done using standard community methodology.

2 Kbytes in the OTP register are available to store extra keys.

Olivier

Olivier GALLIEN
In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
AVazquez
Associate III

Perfect!

Thanks!