joholl / rpi4-uboot-tpm

I want to know how to use TPM to verify that u-boot is trusted on raspberry pie. I don't know who should verify the credibility of u-boot. Could you help me?

As far as I know, it is not possible to verify u-boot before booting into it, that is by the Raspberry Pi bootloader. See the manual:

rpi4-uboot-tpm/README.md

Lines 10 to 20 in 8fbd687

    
           ## No Secure Boot on Raspberry Pi 
        
           Secure boot on the Raspberry Pi is not possible. That is because the first-stage 
        
           bootloader on the raspberry (`bootcode.bin` and `start.elf`) is closed source. 
        
           For secure boot, you need a so-called *Root of Trust* in the first-stage 
        
           bootloader, and we do not have that. 
        
           Actually, there is an [open-source first-stage 
        
           bootloader](https://github.com/christinaa/rpi-open-firmware) implemented mostly 
        
           via reverse-engineering. Unfortunately, this project has its limitations and is 
        
           currently on an indefinite hold.

I had the same question and would like to verify the hardware ID's
especially over the CPU Id

https://github.com/joholl/rpi4-uboot-tpm/issues/

	## No Secure Boot on Raspberry Pi

	Secure boot on the Raspberry Pi is not possible. That is because the first-stage
	bootloader on the raspberry (`bootcode.bin` and `start.elf`) is closed source.
	For secure boot, you need a so-called Root of Trust in the first-stage
	bootloader, and we do not have that.

	Actually, there is an [open-source first-stage
	bootloader](https://github.com/christinaa/rpi-open-firmware) implemented mostly
	via reverse-engineering. Unfortunately, this project has its limitations and is
	currently on an indefinite hold.

How to verify u-boot