Goal:
U-Boot will run only software that has been authenticated to be from the system's producer.
--- A Potential Authentication Method ---
The producer of the system generates a cryptographic [private-key, public-key] pair, storing the public-key on the same media as U-Boot (i.e. NOR flash; perhaps as a read-only environment variable) on all systems and keeping the private-key hidden at a secure site. A hash of the software is generated, encrypted with the private key and shipped with the software.
U-Boot reads the private-key encrypted hash and decodes it with its public-key. U-Boot loads the software and generates the hash. If both hashes match, the software is authenticated and U-Boot executes the authenticated software.
--- Comment ---
U-Boot obviously supports loading and verification of the generated hash, but I haven't been able to locate public-key cryptographic or other authentication support in U-Boot. Perhaps, it is available as a loadable (stand-alone) module?
Any comments or suggestions?
Sincerely,
Ken Fuchs