I'm working on a concept of implementing Trusted Boot with Linux on a imx6 based board board.
The needed steps I assume are:
- Burn the hash of the uboot public signing keys to the imx6 eFuses
- Sign uboot with the private signing key and integrate the public signing to the uboot image
- Sign the Linux-Kernel
- Sign files on Rootfs (with dm-verity or Linux IMA?)
Is this roughly correct? Have you an example already implementing Trusted Boot that you can provide me? Or can you recommend me some external resources?
Thank you in advance,