Comment by kogepathic

1 month ago

This is very much not an option on most embedded devices. They allow one key to be burned once.

IIRC, a certain Marvell SoC datasheet says multiple key slots are supported, but the boot ROM only supports reading the first entry (so really, only one key is supported).

4 comments

kogepathic

Reply
nullpoint420  1 month ago

Unless it becomes a law, and the hardware makers adapt.

  • palata  1 month ago

    My Google Pixel allows adding custom keys, which GrapheneOS uses. So I guess that's technically feasible?

    • nullpoint420  24 days ago

      That adds your custom keys to the fastboot bootloader, not the boot ROM. This means you'd still have to chain your boot through fastboot.

      You couldn't boot straight from boot ROM -> UEFI for instance.

      1 reply →