The objective was to secure the boot process by adding verification of the boot images at each stage. Hence providing boot access only to the verified image.
Signing the images with PKI keys at build stage
Re-partitioning the NOR flash to accommodate the keys and securing the Root of trust at the NOR flash
Verifying the signatures at each stage of the boot process
Identifying fall back mechanisms in case of image verification failure
Benison team was able to bring the secure boot verification up and enable the upgrade of the signed images over network as well fresh install.
Public Key Infrastructure, Board bring-up, OpenSSL. Linux device driver, Coreboot, UBoot,