Hi Markus,
Hi Maria,
On Mon, 2017-02-20 at 12:33 +0100, Maria Sepulveda wrote:
The reason to store the public key on an external device is to verify
that it is our hardware.
Do you want to verify it is your hardware or do you want to verify the Software
is the one you designated to run on this hardware?
I want to avoid that someone could use my Software in a different hardware.
This is my idea:
In the host:
1. Sign my fit image with mkimage.
2. Store the public key in some i2c device ( crypto-memory, read-only
device, TPM)
In the target:
1. Start U-boot and load my standalone application.
Using i2c functions, I would like to check the i2c address of my
external device (i2c_probe function) and read the public key stored
inside. Then, I want to pass the public key to the U-boot to do the
verification.
I am not sure about if the public key has to be always stored in DBT to
do the verification (in both: DBT and external device) or it could just
be in the external device.
This is my configuration to enable verification:
[...]
2. U-boot load the fit image (bootm command)
This is the general idea but first of all, I need to know if it is
possible to do that and how I could store the public key in somewhere
else, not only in dtb.
As far as i know it is not designated to store the public key outside the DTB
so it would need some coding on your side.
As i said before you can do the verification with less effort, storing a
checksum of your public key in a save place. It will take less space and you
can make sure your public key, stored in the DTB, has not been modified by a
third party.
You just need to calculate a checksum over your public key at runtime and
compare it to the securely stored one, if they match your public key is
authenticated
Maybe your processor has some builtin secure boot mechanism?
I am using an AM3352 processor and I think it doesn't have any secure
boot mechanism. That's why I would like to do the security part of my
project in U-Boot before load the kernel image.
Maybe your idea could satisfy my needs. I will calculate a checksum over
the public key that will be stored in an external device. With a
standalone U-Boot Application, I will read the checksum from the
external device and check that the public key hasn't been tampered with.
If everything is right, U-Boot will load the FIT image.
My question now is how to do that. I have read about 'crc' command but I
don't know if there is a better way to check at runtime the checksum of
the public key stored in dtb and compare it with the one stored in my
external device.
Thank you,
MarÃa
best regards
Markus
El 20/02/2017 a las 10:49, Markus Valentin escribió:
Hi,
On Fri, 2017-02-17 at 13:55 -0800, Rick Altherr wrote:
How would you verify that the public key hasn't been tampered with?
On Fri, Feb 17, 2017 at 12:37 AM, Maria Sepulveda <[email protected]
wrote:
Good morning,
I am working with FIT image in U-Boot 2013.07. I have configured the
image
verification with signed image and kernel boots fine so, I would like
to
know if I can store my public key in an external device (like crypto-
memory
or an i2c device) because I am storing the key in DBT with the
CONFIG_OF_CONTROL configuration.
Imho is perfectly fine to store the public key in the u-boot.dtb for most
needs(specially for using it with fit-images). Do you have a specific
reason
for wanting to store it elsewhere?
The aim of this is that U-Boot should check the i2c address of my
external device, read the public key and verify the signed image later.
I work with am335x board and Kernel 3.14.
As Rick suggests you should verify your public key with a checksum which is
somehow protected from being tampered. In the most cases there is some OTP-
Fuse-Register that can do the job.
best regards
Markus
--
_______________________________________________
U-Boot mailing list
[email protected]
https://lists.denx.de/listinfo/u-boot
