El Wed, Aug 24, 2016 at 01:56:58PM -0400, Stefan Monnier deia:
PS: by the way, if you boot from the µSD card, you could probably get the same result as a trusted boot by using your own µSD when booting and making sure this card is read-only (e.g. by taking it out after the boot is over).
mmm... manually taking it out is cumbersome. And leaves some time vulnerable to remote attacks (during boot and between boot and removal).
uSD cards already have a microcontroller in them. And some have been hacked, I think. You could design one that has a way to define a read only part (not like the SD cards that have that switch which only asks the O.S. "please don't write me" but like the microcontrolled answering "nah nah nah I don't hear you" when write requests to the specified range arrive).
Then you could put some switch in the uSD card itself to allow RW access. Or you could have an unreadable part that holds a passphrase and when you write to it the same passphrase it allows writing to all the storage, until you write something again in that area which becomes the new passphrase and locks the readonly region.
With such a uSD card you could have verified boot (without evil maid protection, only remote attacks protection) in basically any computer that can boot from uSD. You should possibly take care if the computer can boot from more non-removable places, though.
But you would need a uSD factory, of course, and people who trust you and your factory. And you would need to have verified boot for the software running in the uSD microcontroller. It's verified boot turtles all the way down...
I think it's easier to put a switch in serial to the write enable in the EEPROM or NAND and make sure the switch makes it boot only from there. If you can afford it to only make a region read-only much the better.
Or you can live without secure boot, verified boot, etc. like most people has most of the computer history.