Hi Jagan,
On Wed, Apr 17, 2013 at 11:26 AM, Jagan Teki jagannadh.teki@gmail.com wrote:
Hi Simon,
On Wed, Apr 17, 2013 at 7:50 PM, Simon Glass sjg@chromium.org wrote:
Hi,
On Mon, Apr 15, 2013 at 1:38 AM, Jagan Teki jagannadh.teki@gmail.com wrote:
Hi Simon,
I am new to this verification boot concept, could you please clarify my questions.
On Tue, Mar 19, 2013 at 5:21 AM, Simon Glass sjg@chromium.org wrote:
This series implemented a verified boot system based around FIT images as discussed on the U-Boot mailing list, including on this thread:
http://permalink.gmane.org/gmane.comp.boot-loaders.u-boot/147830
RSA is used to implement the encryption. Images are signed by mkimage using private keys created by the user. Public keys are written into U-Boot control FDT (CONFIG_OF_CONTROL) for access by bootm etc. at run-time. The control FDT must be stored in a secure place where it
- Who is doing RSA encryption for images? does RSA lib will do with the help of mkimage, if so where can the
lib will get the private key. ?
There is a script in test/vboot which shows how this is done. Basically we use openrsa tools to create a private key.
- This RSA alogo will encrypt the entire (image+hash) or only encrypt
the hash on each individual image?
Be careful with terminology - we don't actually encrypt the images - we only sign them. Signing means that we hash the image and (if you like) encrypt the hash.
Ok, means RSA will encrypt the image, is it?
No, RSA encrypting the image would be very slow. We only encrypt the hash of the image - this is typically called 'signing the image'.
There is a AES crypt on lib/aes, can we use aes to encrypt the image and RSA for hash, is there any possibility in u-boot to do aes and rsa encrypt and decrypt process and boot.
You could use AES to encrypt the image, but that is not supported by my implementation. You could probably implement this quite easily since U-Boot already supports AES and already supports decompressing images, which is sort-of similar.
If you are asking to use AES instead of RSA for the signing, then I'm not sure what you are trying to achieve. AES requires a shared private key, and if you have that, you may as well just have a shared hash. The point of using RSA is that we can sign images which the original firmware will recognise (based on its public key) without needing to update that public key in what is assumed to be read-only firmware.
Perhaps it would help if you stepped up a level and explained the problem you are trying to solve?
Regards, Simon
We provide two options:
a. Sign each image independently - here we sign the image data b. Sign the configuration, in which case we don't actually sign the image data, only their hashes
What does sign a data image means, can u please clarify.
Thanks, Jagan.
- How can we provide the public key using u-boot devicetree, is there
any other way to provide this key other than dtb?
This is describes in the documentation. We use mkimage to add the public key to your device tree. There is no other way currently implemented - at present you need CONFIG_OF_CONTROL. However, with generic board it should be a simple matter to add this for most boards. The device tree is convenient because it supports structured/tagged data, making it clean and easy to store the information.
- Suppose some one/other tool does an encryption which consists of
encrypted image+public key, so does your rsa code will verify and boot?
You don't need to use mkimage - you can certainly create your own tool which does the same thing. Provided you achieve the same result then bootm will still verify and boot.
Regards, Simon
Thanks, Jagan.
cannot be changed after manufacture. Some notes are provided in the documentaion on how this can be achieved. The implementation is fairly efficient and fits nicely into U-Boot. FIT plus RSA adds around 18KB to SPL size which is manageable on modern SoCs.
When images are loaded, they are verified with the public keys.
Some minor restructuring of the image code is included in this series, since we now support signatures as well as hashes.
It is important to have a test framework for this series. For this, sandbox is used, and a script is provided which signs images and gets sandbox to load them using a script, to check that all is well. So some of the patches here related to adding image support for sandbox. A follow-on series is somewhat more agressive in further refactoring the FIT image support to clean it up improve maintainability.
Rollback prevention has been added in a separate TPM patch. This ensures that an attacker cannot boot your system with an old image that has been compromised. Support for this is not built into bootm, but instead must be scripted in U-Boot. It is possible that a standard scheme for this could be devised by adding version number tags to the signing procedure. However scripts do provide more flexibility. The TPM patch is here:
http://patchwork.ozlabs.org/patch/224163/
This series is available at:
http://git.denx.de/u-boot-x86.git
in the branch 'vboot'.
I have received a number of off-list comments - please do copy the list when replying so that everyone can see your comments.
Changes in v2:
- Add IMAGE_ENABLE_IGNORE to avoid #ifdef around ignore property handling
- Add comment about why mkimage needs to open FIT with O_RDWR
- Add new patch to control FIT image printing in SPL
- Add new patch to remove #ifdefs in image-fit.c
- Add sanity checks on key sizes in RSA (improves security)
- Adjust how signing enable works in image.h
- Adjust mkimage help to separate out signing options
- Allow the control FDT to be set even if there is currently no control FDT
- Avoid using malloc in RSA routines (for smaller SPL code size)
- Build signing support unconditionally in mkimage
- Change hash_block() to use an unsigned int len
- Clarify use of output_size parameter to hash_block()
- Correct bug in setting control FDT
- Fix FDT error handling in fit_image_write_sig()
- Fix checkpatch checks about parenthesis alignment
- Fix checkpatch warnings about space after cast
- Fix checkpatch warnings about split strings
- Fix line continuation problem
- Fix spelling of multiply in rsa-verify.c
- Fix spelling of quite
- Fix typo "os defined" -> "is defined"
- Move sandbox's command list patch from a later series
- Only build RSA support into mkimage if CONFIG_RSA is defined
- Put err_msgp strings on a single line
- Put params before description in fit_conf_get_prop_node() comment
- Rebase on previous patches
- Rebase to use updated fdt_valid() function
- Rename commit message to say "function" instead of "function"
- Require CONFIG_FIT_SIGNATURE in image.h for mkimage to support signing
- Revert the whole change including the set_working_fdt_addr() part
- Support RSA library version without ERR_remove_thread_state()
- Tweak tools/Makefile to make image signing optional
- Update README to fix typos
- Update README to fix typos and clarify some points
- Use U-Boot's -c option instead of hard-coding a boot script
- Use gd->arch.ram_buf instead of gd->ram_buf (now that generic board is in)
- Use stack instead of calloc() within U-Boot's signature verification code
- fdt_valid() sets the FDT pointer to NULL on error, to simplify callers
- gd->fdt_blob is now available on all archs (generic board landed)
Simon Glass (45): sandbox: config: Enable CONFIG_FIT and CONFIG_CMD_FIT bootstage: Don't build for HOSTCC mkimage: Move ARRAY_SIZE to header file libfdt: Add fdt_next_subnode() to permit easy subnode iteration image: Move timestamp #ifdefs to header file image: Export fit_check_ramdisk() image: Split FIT code into new image-fit.c image: Move HOSTCC image code to tools/ image: Split hash node processing into its own function image: Convert fit_image_hash_set_value() to static, and rename image: Rename fit_image_check_hashes() to fit_image_verify() image: Move hash checking into its own function image: Move error! string to common place image: Export fit_conf_get_prop_node() image: Rename fit_add_hashes() to fit_add_verification_data() image: Rename hash printing to fit_image_print_verification_data() sandbox: Add CONFIG_OF_HOSTFILE to read FDT from host file fdt: Add a parameter to fdt_valid() Add getenv_hex() to return an environment variable as hex fdt: Allow fdt command to check and update control FDT sandbox: fdt: Support fdt command for sandbox env: Fix minor comment typos in cmd_nvedit fdt: Skip checking FDT if the pointer is NULL Revert "fdt- Tell the FDT library where the device tree is" Add stdarg to vsprintf.h Add minor updates to README.fdt-control hash: Add a way to calculate a hash for any algortihm sandbox: config: Enable FIT signatures with RSA sandbox: Provide a way to map from host RAM to U-Boot RAM sandbox: image: Add support for booting images in sandbox image: Add signing infrastructure image: Support signing of images image: Add RSA support for image signing mkimage: Put FIT loading in function and tidy error handling mkimage: Add -k option to specify key directory mkimage: Add -K to write public keys to an FDT blob mkimage: Add -F option to modify an existing .fit file mkimage: Add -c option to specify a comment for key signing mkimage: Add -r option to specify keys that must be verified libfdt: Add fdt_find_regions() image: Add support for signing of FIT configurations image: Remove remaining #ifdefs in image-fit.c image: Add CONFIG_FIT_SPL_PRINT to control FIT image printing in SPL sandbox: Allow -c argument to provide a command list Add verified boot information and test
Makefile | 1 + README | 21 + arch/sandbox/cpu/cpu.c | 5 + arch/sandbox/cpu/start.c | 9 +- arch/sandbox/include/asm/io.h | 2 + arch/sandbox/include/asm/state.h | 1 + arch/sandbox/lib/board.c | 38 +- common/Makefile | 2 + common/cmd_bootm.c | 37 +- common/cmd_fdt.c | 87 +- common/cmd_fpga.c | 2 +- common/cmd_nvedit.c | 19 +- common/cmd_source.c | 2 +- common/cmd_ximg.c | 2 +- common/hash.c | 23 + common/image-fit.c | 1533 ++++++++++++++++++++++++++++++++++ common/image-sig.c | 430 ++++++++++ common/image.c | 1686 +------------------------------------- common/main.c | 8 - common/update.c | 2 +- config.mk | 1 + doc/README.fdt-control | 13 +- doc/mkimage.1 | 73 +- doc/uImage.FIT/sign-configs.its | 45 + doc/uImage.FIT/sign-images.its | 42 + doc/uImage.FIT/signature.txt | 382 +++++++++ doc/uImage.FIT/verified-boot.txt | 104 +++ include/bootstage.h | 5 +- include/common.h | 18 + include/configs/sandbox.h | 6 + include/hash.h | 22 + include/image.h | 265 +++++- include/libfdt.h | 81 ++ include/rsa.h | 108 +++ include/vsprintf.h | 2 + lib/fdtdec.c | 3 +- lib/libfdt/fdt.c | 12 + lib/libfdt/fdt_wip.c | 129 +++ lib/rsa/Makefile | 48 ++ lib/rsa/rsa-sign.c | 460 +++++++++++ lib/rsa/rsa-verify.c | 385 +++++++++ test/vboot/.gitignore | 3 + test/vboot/sandbox-kernel.dts | 7 + test/vboot/sandbox-u-boot.dts | 7 + test/vboot/sign-configs.its | 45 + test/vboot/sign-images.its | 42 + test/vboot/vboot_test.sh | 126 +++ tools/Makefile | 23 +- tools/aisimage.c | 1 - tools/fit_image.c | 136 +-- tools/image-host.c | 722 ++++++++++++++++ tools/mkimage.c | 36 +- tools/mkimage.h | 6 + 53 files changed, 5485 insertions(+), 1783 deletions(-) create mode 100644 common/image-fit.c create mode 100644 common/image-sig.c create mode 100644 doc/uImage.FIT/sign-configs.its create mode 100644 doc/uImage.FIT/sign-images.its create mode 100644 doc/uImage.FIT/signature.txt create mode 100644 doc/uImage.FIT/verified-boot.txt create mode 100644 include/rsa.h create mode 100644 lib/rsa/Makefile create mode 100644 lib/rsa/rsa-sign.c create mode 100644 lib/rsa/rsa-verify.c create mode 100644 test/vboot/.gitignore create mode 100644 test/vboot/sandbox-kernel.dts create mode 100644 test/vboot/sandbox-u-boot.dts create mode 100644 test/vboot/sign-configs.its create mode 100644 test/vboot/sign-images.its create mode 100755 test/vboot/vboot_test.sh create mode 100644 tools/image-host.c
-- 1.8.1.3
U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot