Hi Stephen; I'am not an expert on crypto but It seems that it's really a good job. This was critical a security requirement for a bootloader. Thanks for sharing this to community. Emre --- Stephen Johnson steve@research.panasonic.com wrote:
This message contains a patch to add RSA signature validation to U-Boot. I previously sent a similar e-mail to the CELinux-dev mailing list for comments where I received the following:
- I shouldn't be using OpenSSL (due to licensing
concerns), 2. alternate RSA libraries are GNU TLS and MatrixSSL, and 3. the U-Boot mailing list might be a more appropriate place
The patch modifies u-boot to verify an image signature created with a SHA1 digest and RSA encryption/decryption. Because I found the necessary information fairly easily about SHA1 and RSA from the OpenSSL package, that's what I used. Hence, the modified u-boot ran quite quickly, but was rather large. The eventual goal is to release this patch to the community.
I'm looking for additional comments, especially about other encryption libraries that would be better to use, and whether or not something like this is seen as useful.
Notes:
- I'm linking against openssl-0.9.8b.
- I used crosstool based on gcc-3.4.5 and
glibc-2.3.6 for the tool chain.
- It all was built for an omap5912osk board.
- The signature is added to the u-boot header by a
modified mkimage (patch is included).
- The signature is verified in cmd_bootm.c.
- In u-boot/include/configs/omap5912osk.h there is
a CONFIG_SIGNATURE that turns on/off the signature checking and creating.
To compile the modified u-boot the following were needed:
CPATH should be defined to point to where ever crosstool has it's generic include files, e.g. export
CPATH="/opt/crosstool/gcc-3.4.5-glibc-2.3.6/arm-softfloat-linux-gnu/arm-softfloat-linux-gnu/include"
CRYPTO_INC needs to point at the openssl include files, e.g. export
CRYPTO_INC="-I/home/steve/src/SecureBoot/openssl-0.9.8b/include"
CRYPTO_LIBS needs to point the the openssl libraries, e.g. export CRYPTO_LIBS="-L /home/steve/src/SecureBoot/openssl-0.9.8b -lssl -lcrypto -lm -lc"
If anyone has any problems or even better, suggestions, don't hesitate to let me know.
Best regards, Steve
=========================================
diff -Naur u-boot.orig/common/cmd_bootm.c u-boot/common/cmd_bootm.c --- u-boot.orig/common/cmd_bootm.c 2006-05-10 11:43:20.000000000 -0400 +++ u-boot/common/cmd_bootm.c 2006-06-12 10:35:57.000000000 -0400 @@ -79,6 +79,12 @@ # define CHUNKSZ (64 * 1024) #endif
+#ifdef CONFIG_SIGNATURE +extern int verify_signature (const unsigned char *signature,
const unsigned char*buf,
unsigned int len);+#endif /* CONFIG_SIGNATURE */
int gunzip (void *, int, unsigned char *, unsigned long *);
static void *zalloc(void *, unsigned, unsigned); @@ -238,6 +244,19 @@ } puts ("OK\n"); }
+#ifdef CONFIG_SIGNATURE
- puts (" Verifying Signature ... ");
- if (verify_signature(hdr->ih_sign,
(const unsigned char *)data,len) == 0) {puts("Invalid image signature\n");SHOW_BOOT_PROGRESS(-3);return 1;}puts ("OK\n");+#endif /* CONFIG_SIGNATURE */
SHOW_BOOT_PROGRESS (4);
len_ptr = (ulong *)data;
diff -Naur u-boot.orig/config.mk u-boot/config.mk --- u-boot.orig/config.mk 2006-05-10 11:43:20.000000000 -0400 +++ u-boot/config.mk 2006-06-08 09:41:17.000000000 -0400 @@ -126,7 +126,7 @@ -D__KERNEL__ -DTEXT_BASE=$(TEXT_BASE) \ -I$(TOPDIR)/include \ -fno-builtin -ffreestanding -nostdinc -isystem \
- $(gccincdir) -pipe $(PLATFORM_CPPFLAGS)
- $(gccincdir) -pipe $(PLATFORM_CPPFLAGS)
$(CRYPTO_INC)
ifdef BUILD_TAG CFLAGS := $(CPPFLAGS) -Wall -Wstrict-prototypes \ diff -Naur u-boot.orig/include/configs/omap5912osk.h u-boot/include/configs/omap5912osk.h --- u-boot.orig/include/configs/omap5912osk.h 2006-05-10 11:43:20.000000000 -0400 +++ u-boot/include/configs/omap5912osk.h 2006-06-08 15:34:00.000000000 -0400 @@ -38,6 +38,8 @@ #define CONFIG_DISPLAY_CPUINFO 1 /* display cpu info (and speed) */ #define CONFIG_DISPLAY_BOARDINFO 1 /* display board info */
+#define CONFIG_SIGNATURE 1
/* input clock of PLL */ /* the OMAP5912 OSK has 12MHz input clock */ #define CONFIG_SYS_CLK_FREQ 12000000 @@ -112,7 +122,11 @@ */ #define CFG_LONGHELP /* undef to save memory */ #define CFG_PROMPT "OMAP5912 OSK # " /* Monitor Command Prompt */ +#ifdef CONFIG_SIGNATURE +#define CFG_CBSIZE 512 /* Console I/O Buffer Size */ +#else #define CFG_CBSIZE 256 /* Console I/O Buffer Size */ +#endif /* Print Buffer Size */ #define CFG_PBSIZE (CFG_CBSIZE+sizeof(CFG_PROMPT)+16) #define CFG_MAXARGS 16 /* max number of command args */ @@ -183,9 +197,9 @@ */ #define CFG_ENV_IS_IN_FLASH 1 /* addr of environment */ -#define CFG_ENV_ADDR (CFG_FLASH_BASE + 0x020000) +#define CFG_ENV_ADDR (CFG_FLASH_BASE + 0x0E0000)
#define CFG_ENV_SIZE 0x20000 /* Total Size of Environment Sector */ -#define CFG_ENV_OFFSET 0x20000 /* environment starts here */ +#define CFG_ENV_OFFSET 0xE0000 /* environment starts here */
#endif /* __CONFIG_H */ diff -Naur u-boot.orig/include/image.h u-boot/include/image.h --- u-boot.orig/include/image.h 2006-05-10 11:43:20.000000000 -0400 +++ u-boot/include/image.h 2006-06-08 09:09:09.000000000 -0400 @@ -134,6 +134,9 @@
#define IH_MAGIC 0x27051956 /* Image Magic Number */ #define IH_NMLEN 32 /* Image Name Length */ +#ifdef CONFIG_SIGNATURE +#define IH_SIGN 256 /* Image Signature Length */ +#endif /* CONFIG_SIGNATURE */
/*
- all data in network byte order (aka natural aka
bigendian) @@ -152,6 +155,9 @@
=== message truncated ===
___________________________________________________________ All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine http://uk.docs.yahoo.com/nowyoucan.html