On 14 Dec 2016, at 12:30 PM, Jeff Waugh wrote:

On Wed, Dec 14, 2016 at 11:19 AM, Jeff Waugh mailto:jdub@bethesignal.org> wrote: Out of interest, are there any ARM targets the seL4 development team / community care about that do not boot via u-boot or UEFI (whatever the implementation, be it u-boot, vendor-supplied, etc)?

Off-list (intentionally or not, but I'll anonymise for now!) someone mentioned LK*, which I hadn't previously seen in an seL4 context…

* https://github.com/littlekernel/lk/wiki/Introduction https://github.com/littlekernel/lk/wiki/Introduction That was me - just didn’t want to spam the list. LK is used on some ARM mobile devices, and we are working on a variant that helps with chain of trust and running production code.

On 14 Dec 2016, at 12:42 PM, Jeff Waugh wrote:

On Wed, Dec 14, 2016 at 12:39 PM, Daniel P Potts mailto:daniel.potts@gmail.com> wrote: That was me - just didn’t want to spam the list. LK is used on some ARM mobile devices, and we are working on a variant that helps with chain of trust and running production code.

It was an interesting answer though! :-)

Some questions if you're able to answer them: Have you built the bootloading pieces yourself, or using existing code / loading protocol? Do you still use seL4's elfloader?

LK has a lot of good building blocks for signed boot signature checking, so most of the important parts use what’s already existing code there. I’m unsure if this (bootloader) is sufficient though for a trustworthy system running seL4. Generally we’d boot run an OS/kernel’s expected bootloader rather than have to hack it around too much, so in the case of seL4 we’d most likely leave its elfloader alone.