Hi,

On Mon, 14 Oct 2024 at 08:24, Sean Anderson sean.anderson@seco.com wrote:

Hi Lev,

On 10/14/24 04:42, Lev R. Oshvang wrote:

...

Hi Sean,

I am looking for help with Uboot FIT signatures problem

I started to work with FIT image (u-boot 2024) and managed to sign kernel and load this image with Uboot using 'required' property in signature as :

signature-1 {

                            algo = "sha1,rsa2048";

                            key-name-hint = "dev_key";

                            sign-images="kernel";

                            required="conf";

                     {

Iminfo reports"

## Checking hash(es) for FIT Image at 01000000 ...

Hash(es) for Image 0 (kernel-1): sha256+ sha256,rsa2048:dev_key-

To test the procedure, I generated another private key and signed another kernel with this new key on another Linux host.

I expected bootm to fail, but it just happily loads this image!!!

Even an image without a signature but with a valid hash is not rejected against my expectations.

In this case iminfo report only hash is OK

Did you embed the public key into your U-Boot devicetree with `mkimage -K` ?

Also see the walkthrough at [1] which might help.

The 'required' field needs to be in the public-key information (i.e. protected and separate from the image being loaded), not the signature node, since anyone can change the signature node.

Regards, Simon

[1] https://docs.u-boot.org/en/latest/usage/fit/beaglebone_vboot.html