Hi Albert,
so if I get you right the workflow for payload authentication is the following:
Encryption process:
1. Create hash value H for u-boot.img 2. Encrypt the hash value H with secret K to get encrypted hash values H_enc 3. Store H_enc
Decryption process:
1. Read H_enc 2. Decrypt H_enc using secret K to get plain hash values H 3. Create Hash values H' of u-boot.img 4. Compare H and H'
Did I get you right?
Thanks and best regards, -b
Am 15.09.2013 08:08, schrieb Albert ARIBAUD:
What's the point of encrypting the whole binary? Secure boot usually uses authentication, not encryption, of the payload that is to be secured: instead of decrypting several hundreds of KBs, you hash them (which is faster) and decrypt only the few hundreds bits of the encrypted hash in order to compare both hashes (but trust chain remains the same of course).
Note: if you chose payload encryption over authentication (hash encryption) because you are worried about collision, preimage or even second preimage resistance, then you should just go with use a stronger hash function. Besides, for a small and compact payload such as a bootloader, the risks of collisions are reduced because there is less room in the input space.
Amicalement,