[U-Boot] Force check of RSA-Signature
Hello.
We are currently testing U-Boot on a PPC. Beside booting the system we like to use it do some system updates (e.g. Kernel, FDT and Initrd). I've compiled U-Boot with support for AES and RSA-Signatures. We are storing the RSA public keys using a Fit-Image for U-Boot configuration on Flash. Basically both AES and RSA support works as expected,
but:
1) is there a possibility to always be sure that accessing an image from a Fit-container checks the signature? If the signature is wrong, we get an error as expected. But if we generate an image without any signature (which may be generated by anybody) the access is of course possible. Currently I used something like
fdt get value algorithm /images/script@1/signature@1/ algo && test "$algorithm" = "sha1,rsa2048" && echo success
to check if the image has a signature before proceeding. But this feels wrong.
2) Is there a possibility to check the signature/CRC before copying the image to ram with imxtract?
P.s. great project. I'm really impressed by its features!
Thanks in advance, Ulf
Hi,
On 3 September 2014 09:12, Ulf Bartel ulf.bartel@scansonic.de wrote:
Hello.
We are currently testing U-Boot on a PPC. Beside booting the system we like to use it do some system updates (e.g. Kernel, FDT and Initrd). I've compiled U-Boot with support for AES and RSA-Signatures. We are storing the RSA public keys using a Fit-Image for U-Boot configuration on Flash. Basically both AES and RSA support works as expected,
but:
- is there a possibility to always be sure that accessing an image from a
Fit-container checks the signature? If the signature is wrong, we get an error as expected. But if we generate an image without any signature (which may be generated by anybody) the access is of course possible. Currently I used something like
fdt get value algorithm /images/script@1/signature@1/ algo && test "$algorithm" = "sha1,rsa2048" && echo success
to check if the image has a signature before proceeding. But this feels wrong.
See the -r flag for mkimage. See also doc/uImage.FIT/beaglebone_vboot.txt which uses it.
- Is there a possibility to check the signature/CRC before copying the
image to ram with imxtract?
I'm not sure of the specifics here - sometimes the image must be decompressed, etc. so in principle this is tricky to implement (but not impossible). Another option might be to zero it afterwards if the check fails?
Regards, Simon
Dear Simon & Ulf,
In message CAPnjgZ2MH8W05zgHsHXN=ETkEi2hNNZkXk6KdRnet0RebGxXqw@mail.gmail.com you wrote:
- Is there a possibility to check the signature/CRC before copying the
image to ram with imxtract?
I'm not sure of the specifics here - sometimes the image must be decompressed, etc. so in principle this is tricky to implement (but not impossible). Another option might be to zero it afterwards if the check fails?
Maybe I misunderstand the question, but: in any case we have to read the image from a storage device into memory to be able to look at the data, which is obviously needed for computing a checksum or signature.
Best regards,
Wolfgang Denk
Hi Wolfgang,
On 4 September 2014 23:21, Wolfgang Denk wd@denx.de wrote:
Dear Simon & Ulf,
In message CAPnjgZ2MH8W05zgHsHXN=ETkEi2hNNZkXk6KdRnet0RebGxXqw@mail.gmail.com you wrote:
- Is there a possibility to check the signature/CRC before copying the
image to ram with imxtract?
I'm not sure of the specifics here - sometimes the image must be decompressed, etc. so in principle this is tricky to implement (but not impossible). Another option might be to zero it afterwards if the check fails?
Maybe I misunderstand the question, but: in any case we have to read the image from a storage device into memory to be able to look at the data, which is obviously needed for computing a checksum or signature.
In principle it is possible to stream the data through the hashing algorithm and thus verify it without storing it all in memory. Of course, then if the verification is successful then you would need to read it again (and perhaps even verify it again if you are paranoid) to actually run it.
Regards, Simon
participants (3)
-
Simon Glass -
Ulf Bartel -
Wolfgang Denk