Build hostboot with secure boot verification enabled by default
This retains owner control since the images are signed and verified with the well-known public/private keypairs, but has two benefits: 1.) Component verification is enabled, which will catch corruption and eliminate the STB warning messages 2.) The secure boot chain is verified to work on production firmware, making transition on a customer-specific basis to customer keys a supported operation.
Showing
Please register or sign in to comment