How would I do signature verification of standalone binary?
Hey all,
I have a SoC which does secure boot in a multi staged process. (ROM loads a signed SPL to an aux core, which loads another signed SPL to main core, which loads a signed u-boot.img)
But the thing I want u-boot to load, verify signature and then run/boot is a standalone binary app, not a Linux Kernel. (It does work fine when I load that and run it with the "go" command, but no signature verification is done as of now)
All the research I did pointed towards using signed FIT images and then "bootm" to do the verification and loading. But I cannot get "bootm" to load a FIT containing only my raw binary standalone app.
Is that road a dead-end and I need to do something completely else?
I would love to stay as close to vanilla u-boot (or at least the SDK vanilla version) and not implement a fully custom signature verification.
Any pointers would be highly appreciated.
kind regards Fabian
Informationspflicht nach Art. 13 und 14 DS-GVO: https://www.hima.com/de/informationen-DSGVO Information obligation according to Art. 13 and 14 DS-GVO: https://www.hima.com/en/information-GDPR
HIMA Paul Hildebrandt GmbH, Albert-Bassermann-Str. 28, 68782 Bruehl bei Mannheim Gesellschaft mit beschraenkter Haftung, Sitz Bruehl, Deutschland - Registergericht Mannheim HRB 720409 USt-ID: DE 144286400 WEEE-Reg.-Nr.: DE87326515
Geschaeftsfuehrender Gesellschafter: Steffen Philipp, Geschaeftsfuehrer: Joerg de la Motte (Vorsitz), Dr. Michael Loebig
Diese Nachricht und saemtliche Anhaenge sind vertraulich und duerfen nicht an Dritte weitergeleitet oder sonst veroeffentlicht werden, soweit nicht ausdruecklich etwas anderes bestimmt ist. Falls Sie nicht der beabsichtigte Empfaenger sind, bitten wir Sie, mit dem Absender Kontakt aufzunehmen und diese Nachricht und saemtliche Anhaenge von Ihrem System zu loeschen. Auch in diesem Fall sind Sie weder berechtigt, diese Nachricht oder etwaige Anhaenge zu kopieren noch deren Inhalt einem Dritten zugaenglich zu machen.
This message and its attachments are confidential and can contain privileged information which may not be distributed or published, unless expressly stated otherwise. If you are not the intended recipient, please notify us immediately and delete this email and its attachments. If you have received this communication in error, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.
Hi Fabian,
On Thu, 5 Dec 2024 at 06:09, Koch, Fabian Fabian.Koch@hima.com wrote:
Hey all,
I have a SoC which does secure boot in a multi staged process. (ROM loads a signed SPL to an aux core, which loads another signed SPL to main core, which loads a signed u-boot.img)
But the thing I want u-boot to load, verify signature and then run/boot is a standalone binary app, not a Linux Kernel. (It does work fine when I load that and run it with the "go" command, but no signature verification is done as of now)
All the research I did pointed towards using signed FIT images and then "bootm" to do the verification and loading. But I cannot get "bootm" to load a FIT containing only my raw binary standalone app.
Is that road a dead-end and I need to do something completely else?
I would love to stay as close to vanilla u-boot (or at least the SDK vanilla version) and not implement a fully custom signature verification.
Any pointers would be highly appreciated.
So long as you put your image in a configuration, it can be verified. The question is whether you can load it.
bootm assumes it is booting an OS. It does not support IH_TYPE_FIRMWARE as a type. You could write a new command to handle that, perhaps. SPL does support loading firmware, but you are running U-Boot proper so that isn't very useful.
For your command, you could call fit_config_verify() to verify the config, then fit_image_load() to load the image you want.
Regards, Simon
kind regards Fabian
Informationspflicht nach Art. 13 und 14 DS-GVO: https://www.hima.com/de/informationen-DSGVO Information obligation according to Art. 13 and 14 DS-GVO: https://www.hima.com/en/information-GDPR
HIMA Paul Hildebrandt GmbH, Albert-Bassermann-Str. 28, 68782 Bruehl bei Mannheim Gesellschaft mit beschraenkter Haftung, Sitz Bruehl, Deutschland - Registergericht Mannheim HRB 720409 USt-ID: DE 144286400 WEEE-Reg.-Nr.: DE87326515
Geschaeftsfuehrender Gesellschafter: Steffen Philipp, Geschaeftsfuehrer: Joerg de la Motte (Vorsitz), Dr. Michael Loebig
Diese Nachricht und saemtliche Anhaenge sind vertraulich und duerfen nicht an Dritte weitergeleitet oder sonst veroeffentlicht werden, soweit nicht ausdruecklich etwas anderes bestimmt ist. Falls Sie nicht der beabsichtigte Empfaenger sind, bitten wir Sie, mit dem Absender Kontakt aufzunehmen und diese Nachricht und saemtliche Anhaenge von Ihrem System zu loeschen. Auch in diesem Fall sind Sie weder berechtigt, diese Nachricht oder etwaige Anhaenge zu kopieren noch deren Inhalt einem Dritten zugaenglich zu machen.
This message and its attachments are confidential and can contain privileged information which may not be distributed or published, unless expressly stated otherwise. If you are not the intended recipient, please notify us immediately and delete this email and its attachments. If you have received this communication in error, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.
[can you please drop this as it is not correct for a public mailing list?]
participants (2)
-
Koch, Fabian -
Simon Glass