Traversing through docs.mender.io, I could see w.r.t. mender-convert does have Grub 2.04.
Here am wondering whether Mender support TrustedGrub (tgrub) which does supporting feature of Trusted Platform Module?
Thanks
Sashank
Mender does not support TrustedGrub at the moment. If it’s based on Grub, I imagine it would not be very hard to integrate with it though. Let us know if you attempt it!
2 Likes
Thank you @kacf. How about mender supporting Trusted Boot (TBoot)?
Is there any product which has implemented Secure OTA?
Regards,
Sashank
There is no support for TBoot at the moment. This would require porting
to a brand new boot loader, and I suspect there is significantly more
effort involved than for a GRUB derivative. I know some users have used
Secure Boot via GRUB, perhaps @drewmoseley has more information about this.
I have partially implement EFI Secure Boot on Intel platforms. I got pulled off of that project so at some point I need to revisit it and clean up my patches for submission upstream.
Note that this was specifically for a Yocto-based setup but similar work should be feasible for binary distros with the caveat that you may need to ensure the root filesystem is read-only if you are using dm-verity or some such to verify the filesystem.