[U-Boot] Confusion about "u-boot/doc/uImage.FIT/signature.txt"
Hi, sjg,
I'm YuLang, a software engineer in Hesai Tech. I really appreciate your contribution to secure boot. But I'm confused with your explanation about signature with FIT image in "u-boot/doc/uImage.FIT/signature.txt". As following,
/ { images { kernel@1 { data = <data for kernel1> hash@1 { algo = "sha1"; value = <...kernel hash 1...> }; }; kernel@2 { data = <data for kernel2> hash@1 { algo = "sha1"; value = <...kernel hash 2...> }; }; fdt@1 { data = <data for fdt1>; hash@1 { algo = "sha1"; value = <...fdt hash 1...> }; }; fdt@2 { data = <data for fdt2>; hash@1 { algo = "sha1"; value = <...fdt hash 2...> }; }; }; configurations { default = "conf@1"; conf@1 { kernel = "kernel@1"; fdt = "fdt@1"; signature@1 { algo = "sha1,rsa2048"; value = <...conf 1 signature...>; }; }; conf@2 { kernel = "kernel@2"; fdt = "fdt@2"; signature@1 { algo = "sha1,rsa2048"; value = <...conf 1 signature...>; }; }; }; };
You can see that we have added hashes for all images (since they are no longer signed), and a signature to each configuration. In the above example, mkimage will sign configurations/conf@1, the kernel and fdt that are pointed to by the configuration (/images/kernel@1, /images/kernel@1/hash@1, /images/fdt@1, /images/fdt@1/hash@1) and the root structure of the image (so that it isn't possible to add or remove root nodes). The signature is written into /configurations/conf@1/signature@1/value. It can easily be verified later even if the FIT has been signed with other keys in the meantime.
But what a signature to each configuration really means ?
1. rsa2048-privatekey(sha1(kernel data + fdt data))
2. rsa2048-privatekey(sha1(kernel hash+kernel hash))
3....
Could you give a clear explanation? Many thanks
Best wishes!
YuLang
Software Engineer
Heai Tech
Hi Lang,
On Tue, 22 Oct 2019 at 20:23, Lang Yu yulang@hesaitech.com wrote:
Hi, sjg,
I'm YuLang, a software engineer in Hesai Tech. I really appreciate your contribution to secure boot. But I'm confused with your explanation about signature with FIT image in "u-boot/doc/uImage.FIT/signature.txt". As following,/ { images { kernel@1 { data = <data for kernel1> hash@1 { algo = "sha1"; value = <...kernel hash 1...> }; }; kernel@2 { data = <data for kernel2> hash@1 { algo = "sha1"; value = <...kernel hash 2...> }; }; fdt@1 { data = <data for fdt1>; hash@1 { algo = "sha1"; value = <...fdt hash 1...> }; }; fdt@2 { data = <data for fdt2>; hash@1 { algo = "sha1"; value = <...fdt hash 2...> }; }; }; configurations { default = "conf@1"; conf@1 { kernel = "kernel@1"; fdt = "fdt@1"; signature@1 { algo = "sha1,rsa2048"; value = <...conf 1 signature...>; }; }; conf@2 { kernel = "kernel@2"; fdt = "fdt@2"; signature@1 { algo = "sha1,rsa2048"; value = <...conf 1 signature...>; }; }; }; };
You can see that we have added hashes for all images (since they are no longer signed), and a signature to each configuration. In the above example, mkimage will sign configurations/conf@1, the kernel and fdt that are pointed to by the configuration (/images/kernel@1, /images/kernel@1/hash@1, /images/fdt@1, /images/fdt@1/hash@1) and the root structure of the image (so that it isn't possible to add or remove root nodes). The signature is written into /configurations/conf@1/signature@1/value. It can easily be verified later even if the FIT has been signed with other keys in the meantime.
But what a signature to each configuration really means ?
rsa2048-privatekey(sha1(kernel data + fdt data))
rsa2048-privatekey(sha1(kernel hash+kernel hash))
3....
Could you give a clear explanation? Many thanks
This is explained in signature.txt, just above the 'verification' heading:
In the above example,
mkimage will sign configurations/conf-1, the kernel and fdt that are pointed to by the configuration (/images/kernel-1, /images/kernel-1/hash-1, /images/fdt-1, /images/fdt-1/hash-1) and the root structure of the image (so that it isn't possible to add or remove root nodes). The signature is written into /configurations/conf-1/signature-1/value. It can easily be verified later even if the FIT has been signed with other keys in the meantime.
Regards, SImon
participants (2)
-
Lang Yu -
Simon Glass