Hello,
I know this has been asked directly/indirectly before but i need to know if my approach is correct or not? Any correction or opinion are highly appreciated so please feel free to correct me.
My requirement is to (1) Load and boot an image which is signed i.e. before the image could be booted i need to check for the authenticity. This is to support image for a given vendor only (2) Support Firmware Upgrade
Following is my approach:
The flash memory segment shall be virtually divided into four partitions (1) Boot-bit (type read-write) (2) U-Boot image (type read-only) (3) Boot Script Image (type read-only) (4) Firmware Image (type read-write)
The boot-delay environment variable shall be set to 0 so boot process could not be manually overridden, The bootcmd envrionment variable shall "cp the-boot-script-image from flash to RAM" and "bootm the-boot-script-image". The boot script image is not compressed.
The very first thing boot-script-image shall check to see will be if the Boot-bit is set or not
Case 1: If the boot-bit flag is set, the boot-script shall copy the image to RAM and check the signed/encrypted image for authenticity and integrity (how this is done is yet to be identified) If the check is successfull the image shall than be decrypted, expanded and executed (bootm)
Case 2: If the boot flag is not set the boot-loader shall copy the new firmware image to a given address in RAM via kermit protocol erase the old kernel image at the given address copy the new image from RAM to flash finally save env so the new firmware is writable set the boot-bit to boot from the new firmware reset CPU
Best Regards, rohit