Sorry, I'm not clear on which specification document you're referring to?So when is it expected that the specification document will be final? i.e. at which point could I consider that I could distribute secure boot pis based on the spec without fear that I could suddenly find that I am no longer able to update them?I'm currently developing a tool to simplify RPI Secure boot.
The initial release aims for a mass-provisioning flow for CM4, but you may do well to look at the repo for reference of how to correctly deploy secure boot.
https://github.com/raspberrypi/rpi-sb-provisioner
Feedback and PRs appreciated!
The only failure I'm aware of that would prevent updates and be non-exceptional (read: cosmic rays, asteroid attack, etc) would be losing your signing key. The intent of rpi-sb-provisioner and the supporting tools are that if used in the manner we describe, you will be in a position to receive and deploy updates in a timely manner through an OTA mechanism of your choice.
Statistics: Posted by tdewey — Wed Aug 14, 2024 3:45 pm