Sourcing a signed boot script
Hi,
I would like to ask if it is possible to source a script after verifying its signature.
Currently I've been able to source a script from a signed FIT image, before doing "bootm", with: source <addr>:<name> But this way the signature is not checked yet, so the script cannot be trusted.
According to the docs[1] it seems that it's not possible yet to verify a FIT image signature without also booting the corresponding image. Is that right?
[1] https://gitlab.denx.de/u-boot/u-boot/blob/v2019.10/doc/uImage.FIT/signature....
Thank you, Diego Rondini
Hi Diego,
Hi,
I would like to ask if it is possible to source a script after verifying its signature.
Currently I've been able to source a script from a signed FIT image, before doing "bootm", with: source <addr>:<name> But this way the signature is not checked yet, so the script cannot be trusted.
According to the docs[1] it seems that it's not possible yet to verify a FIT image signature without also booting the corresponding image. Is that right?
You can look into the "spl" command, which does the FIT parsing (to prepare data for falcon mode booting).
You may want to re-use such "dry-run" feature to verify the signature, extract the script and use it.
(And yes, I don't think that checking the signature for script works out of the box).
[1] https://gitlab.denx.de/u-boot/u-boot/blob/v2019.10/doc/uImage.FIT/signature....
Thank you, Diego Rondini
Best regards,
Lukasz Majewski
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-59 Fax: (+49)-8142-66989-80 Email: lukma@denx.de
Hi Lukasz,
On Thu, Dec 5, 2019 at 11:14 PM Lukasz Majewski lukma@denx.de wrote:
Hi Diego,
Hi,
I would like to ask if it is possible to source a script after verifying its signature.
Currently I've been able to source a script from a signed FIT image, before doing "bootm", with: source <addr>:<name> But this way the signature is not checked yet, so the script cannot be trusted.
According to the docs[1] it seems that it's not possible yet to verify a FIT image signature without also booting the corresponding image. Is that right?
You can look into the "spl" command, which does the FIT parsing (to prepare data for falcon mode booting).
You may want to re-use such "dry-run" feature to verify the signature, extract the script and use it.
(And yes, I don't think that checking the signature for script works out of the box).
I will have a look at your suggestion and report back the outcome!
Thanks again, Diego Rondini
participants (2)
-
Diego Rondini -
Lukasz Majewski