auracaster/castbox-provisioning
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add secure boot USB mass storage scripts for CM4

Browse Source 
- Added gen-secure-msd-sig.sh to sign boot.img with private key using rpi-eeprom-digest
- Added rpi-boot-secure.sh to load signed secure-boot mass storage gadget via rpiboot
- Updated .gitignore to exclude usbboot/ directory
- Updated README with secure boot CM4 unlock instructions
This commit is contained in:
pstruebi
2025-11-25 10:32:46 +01:00
parent 886030c533
commit fc0b75af8f
4 changed files with 99 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -52,3 +52,8 @@ For production, the devices need to be provisoned uniquely
- start the application (script if custom device, server and frontend if ui version)
- set mac add of secondary eth port in /etc/systemd/network/10-eth1-mac.link
- activate overlayfs (?) -probably not because we need persistent storage for stream states
## Secure-boot CM4: unlock secure USB mass-storage
bash gen-secure-msd-sig.sh
bash rpi-boot-secure.sh