- Enable TPM Support
- Check if new patches fixed problem
- Remove rkbin dependency from rk3568 & rk3588
- TF-A upstreamed initial patches from rockchip
- U-boot modifications to use u-boot-tpl vs rockchip-tpl
- Resolve rk3568 issues - SPL_MAX
- Enable UEFI Secure Boot with Root CA only on a Yubikey
- Try higher bit RSA/ECDSA keys to protect against Quantum Attacks
- 4096 bit Fails on 5.7.1 Yubikey
- Test 3072 bit RSA
- Test ECDSA keys
- Create hybrid scheme fallback and use dbx revocations
- Try higher bit RSA/ECDSA keys to protect against Quantum Attacks
- Setup Secure Bootflow
- U-Boot Secure boot with verified FIT -> TF-A -> Default: run bootcmd -> UEFI Secure Boot
- Change default run to efiload
- Enable stack protection
- Block dropping down to shell
- U-Boot Secure boot with verified FIT -> TF-A -> Default: run bootcmd -> UEFI Secure Boot
- Generate SBOM at buildtime
- Scan with Grype
- Fine tune for reproducibility
- Convert to docker build
- Build variants in one branch
- Make reproducable debian docker images
- Convert to docker build
buildscript.sh
-c {Clean: yes/no}
-d {Date: source_date_epoch}
-r {Release-tag: tagname}
-t {Test-mode: yes/no}
To build current release run:
sudo su && \
git clone [email protected]:0mniteck/U-Boot.git && \
cd U-Boot && \
./buildscript.sh -r "tagname"
To build for reproducibility run:
sudo su && \
git clone [email protected]:0mniteck/U-Boot.git -b "tagname" && \
cd U-Boot && \
./buildscript.sh -d "$(cat Results/release.sha512sum | grep Epoch | cut -d ' ' -f5)"
-
Debian based OS already running on an ARM64 CPU
-
Any microSD in the /dev/mmcblk1 slot
--> FLASHING
--> SIGNING YOUR OWN