Goal: U-Boot will run only software that has been authenticated to be from the system's producer.
--- A Potential Authentication Method --- The producer of the system generates a cryptographic [private-key, public-key] pair, storing the public-key on the same media as U-Boot (i.e. NOR flash; perhaps as a read-only environment variable) on all systems and keeping the private-key hidden at a secure site. A hash of the software is generated, encrypted with the private key and shipped with the software. U-Boot reads the private-key encrypted hash and decodes it with its public-key. U-Boot loads the software and generates the hash. If both hashes match, the software is authenticated and U-Boot executes the authenticated software. --- Comment --- U-Boot obviously supports loading and verification of the generated hash, but I haven't been able to locate public-key cryptographic or other authentication support in U-Boot. Perhaps, it is available as a loadable (stand-alone) module? Any comments or suggestions? Sincerely, Ken Fuchs ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ U-Boot-Users mailing list U-Boot-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/u-boot-users
