[U-Boot] Verified boot of images without signatures
I am looking at enabling verified boot in the v2019.04-rc4 tag of u-boot. I was pleased when I learned how to embed the public authentication key in my u-boot device tree, sign my kernel using my private authentication key, and see u-boot validate the signature on boot.
But then I was very surprised to learn that I could still boot an unsigned image. So I started looking at the code and I found `fit_image_verify_with_data() in "common/image_fit.c", which does:
if (IMAGE_ENABLE_VERIFY && fit_image_verify_required_sigs(fit, image_noffset, data, size, gd_fdt_blob(), &verify_all)) { err_msg = "Unable to verify required signature"; goto error; }
/* Process all hash subnodes of the component image node */ fdt_for_each_subnode(noffset, fit, image_noffset) { const char *name = fit_get_name(fit, noffset, NULL);
/* * Check subnode name, must be equal to "hash". * Multiple hash nodes require unique unit node * names, e.g. hash-1, hash-2, etc. */ if (!strncmp(name, FIT_HASH_NODENAME, strlen(FIT_HASH_NODENAME))) { if (fit_image_check_hash(fit, noffset, data, size, &err_msg)) goto error; puts("+ "); } else if (IMAGE_ENABLE_VERIFY && verify_all && !strncmp(name, FIT_SIG_NODENAME, strlen(FIT_SIG_NODENAME))) { ret = fit_image_check_sig(fit, noffset, data, size, -1, &err_msg);
/* * Show an indication on failure, but do not return * an error. Only keys marked 'required' can cause * an image validation failure. See the call to * fit_image_verify_required_sigs() above. */ if (ret) puts("- "); else puts("+ "); } }
I see that if I create a "required" property in my signature block, then u-boot will require that the signature match. But if I don't have that, then it will happily boot an unsigned image (or even one that doesn't have any signature blocks).
Am I missing something here?
Has this been improved/addressed since v2019.04-rc4?
If the answers are "No" and "No", then I will go in and address it myself. I welcome any tips folks might care to give me in advance of me just submitting a patch to address this.
--wpd
On Wed, Jun 12, 2019 at 7:00 PM Patrick Doyle wpdster@gmail.com wrote:
I am looking at enabling verified boot in the v2019.04-rc4 tag of u-boot. I was pleased when I learned how to embed the public authentication key in my u-boot device tree, sign my kernel using my private authentication key, and see u-boot validate the signature on boot.
But then I was very surprised to learn that I could still boot an unsigned image. So I started looking at the code and I found `fit_image_verify_with_data() in "common/image_fit.c", which does:
if (IMAGE_ENABLE_VERIFY && fit_image_verify_required_sigs(fit, image_noffset, data, size, gd_fdt_blob(), &verify_all)) { err_msg = "Unable to verify required signature"; goto error; } /* Process all hash subnodes of the component image node */ fdt_for_each_subnode(noffset, fit, image_noffset) { const char *name = fit_get_name(fit, noffset, NULL); /* * Check subnode name, must be equal to "hash". * Multiple hash nodes require unique unit node * names, e.g. hash-1, hash-2, etc. */ if (!strncmp(name, FIT_HASH_NODENAME, strlen(FIT_HASH_NODENAME))) { if (fit_image_check_hash(fit, noffset, data, size, &err_msg)) goto error; puts("+ "); } else if (IMAGE_ENABLE_VERIFY && verify_all && !strncmp(name, FIT_SIG_NODENAME, strlen(FIT_SIG_NODENAME))) { ret = fit_image_check_sig(fit, noffset, data, size, -1, &err_msg); /* * Show an indication on failure, but do not return * an error. Only keys marked 'required' can cause * an image validation failure. See the call to * fit_image_verify_required_sigs() above. */ if (ret) puts("- "); else puts("+ "); } }I see that if I create a "required" property in my signature block, then u-boot will require that the signature match. But if I don't have that, then it will happily boot an unsigned image (or even one that doesn't have any signature blocks).
Am I missing something here?
Probably... I went round a very similar loop too. You need the required property in the U-Boot DTB, not in the image you're booting. And if you're trying to do this for SPL loading U-Boot you need CONFIG_SPL_LOAD_FIT_FULL. Oh and make sure you've disabled legacy image support.
On Wed, Jun 12, 2019 at 2:10 PM Alex Kiernan alex.kiernan@gmail.com wrote:
On Wed, Jun 12, 2019 at 7:00 PM Patrick Doyle wpdster@gmail.com wrote:
Am I missing something here?
Probably... I went round a very similar loop too. You need the required property in the U-Boot DTB, not in the image you're booting. And if you're trying to do this for SPL loading U-Boot you need CONFIG_SPL_LOAD_FIT_FULL. Oh and make sure you've disabled legacy image support.
Hi Alex, You nailed it. I didn't understand that the "required" property belonged to the u-boot dtb, not the fitImage. Now that I understand that, I see where that is described in signature.txt. I'm great at understanding documentation once I know what the documentation says :-)
Thanks for the help.
--wpd
Hi Patrick,
On Wed, 12 Jun 2019 at 14:28, Patrick Doyle wpdster@gmail.com wrote:
On Wed, Jun 12, 2019 at 2:10 PM Alex Kiernan alex.kiernan@gmail.com wrote:
On Wed, Jun 12, 2019 at 7:00 PM Patrick Doyle wpdster@gmail.com wrote:
Am I missing something here?
Probably... I went round a very similar loop too. You need the required property in the U-Boot DTB, not in the image you're booting. And if you're trying to do this for SPL loading U-Boot you need CONFIG_SPL_LOAD_FIT_FULL. Oh and make sure you've disabled legacy image support.
Hi Alex, You nailed it. I didn't understand that the "required" property belonged to the u-boot dtb, not the fitImage. Now that I understand that, I see where that is described in signature.txt. I'm great at understanding documentation once I know what the documentation says
A doc patch is welcome.
The 'required' property is in the 'trusted' DT since otherwise an image could just omit it.
Regards, Simon
participants (3)
-
Alex Kiernan -
Patrick Doyle -
Simon Glass