Secure boot in OpenWrt

Hi,
I want to implement secure boot in openwrt. if any one worked on secure boot in openwrt please help me on this . And also is there any way to prevent access to the partitions from Uboot source in openwrt.

@rafiq Have you made any progress?

I read abit into it though havent tried experimenting yet. I think a good starting point might be a NanoPi R1. It became supported recently
https://github.com/jayanta525/openwrt/commit/a39697fe845c58c929afc0af8f2f1732b6d02765
It has the problem of the second slot only being 100mbps, however, a similar device, the NanoPi R1S-H3 has its second Ethernet port as USB2Ethernet with ~320Mbps. However, with only half the Ram at 512mb of the R1
https://www.friendlyarm.com/index.php?route=product/product&product_id=274

The reason for the board being that H3 has the possibility for hash checks and writable fuses. Armbian might have got it running


Ofcourse this is only a hash, so you need to go up the chain for a ECDSA sign.

Misc:

  • https://linux-sunxi.org/BROM
  • Instead of the Nano R1 you might also take a look at the ZeroPi(same manufacturer) + USB 2 Ethernet for LAN Port 2
    ZeroPi with FriendlyWrt and USB Ralink 5370 Especially if you play with the Fuses. The 10 Dollar is pretty much unbeatable. Not yet supported in OpenWRT though. But you should be able to test the first stages.

Please report back or drop me a PM if you are making progress. Good Luck!