Jump to content
  • Sky
  • Blueberry
  • Slate
  • Blackcurrant
  • Watermelon
  • Strawberry
  • Orange
  • Banana
  • Apple
  • Emerald
  • Chocolate
  • Charcoal
t35

secure boot BIOS for OpenComputers

Recommended Posts

I made a post in the OETF section, but since I have an actual implementation and I think there are many people interested in security, but not the OETF standards, I decided to post here also.

 

The BIOS has the same functionality as the stock Lua BIOS, with one key difference: It stores a public key and refuses to boot an init.lua no signed with that key.

The EEPROM also has to be set to read-only, so the public key can not be changed.

 

There are also 3 utilities included that work on OpenOS and make it easier to set up secure boot:

secure-boot-genkey - generates a public/private keypair

secure-boot-install - installs secure boot with a specific public key

secure-boot-sign - signs a file <file> with the private key, generating <file>.sig

 

The OS gets the public key via a global variable, secure_boot.pubkey.

That means you can write programs that use this key to check the signature of other files with the secure boot key.

If you want to implement an OS or bootloader that supports secure boot, have a look at the OETF post.

 

Maybe I'll make a program next that replaces OpenOS init.lua and checks the signature of the OpenOS files with the secure boot key.

 

https://github.com/oc-t35/secure-boot-lua-BIOS

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use and Privacy Policy.