On Fri, 30 Dec 2011 13:37:47 +0100 Wolfgang Denk <w...@denx.de> wrote:
> Dear Andreas, > > In message > <CAB+EkH4j-UoUyHb=XgDbGRncX=oq6+3+mnjwstiuojooyuc...@mail.gmail.com> you > wrote: > > > > sha1sum sum is yes enough to verify that no files have been modified on the > > file system on the already installed Linux device. > > It is also good enough to ensure that the files on any distribution > media have not been corrupted or modified in some way. Of course it > dies not protect against intentional modifications. > > > But my case here is if one need to update the software on the device out > > somewhere in the world we have now made a usb stick and uboot looks for > > special files first on the usb stick before it continues normal boot. How > > can one ensure that the software on the usb stick is not altered on the way > > to include some additional unwanted features? > > You cannot. Actually you would have to insure first that the U-Boot > running on that system has not been tampered with. If I were to > attack such a system, I'd probably first install (or otherwise run) a > version of U-boot that has any such security checks disabled or > removed. That depends on your hardware. SoCs with Freescale SEC v4+ h/w can enable a trusted boot mode after writing a private key to special-purpose on-chip key memory and subsequently blowing a fuse. The trusted boot mode ensures a continuous root of trust by booting an initial (u-)bootloader from on-chip firmware that verifies the authenticity of the u-boot image it loads before executing it. The initial bootloader is written in a similar fashion to the private key of the chip, and similarly can never be overwritten. Subsequent loads, e.g., u-boot->kernel, kernel->app, are free to inherit that same root of trust. The Freescale BSP version of u-boot includes some of Freescale's secure boot work [1], but since then it's been modified to use the dedicated crypto unit to do the crypto and therefore boot much faster. Ideally u-boot would be modified to use either s/w or h/w crypto, but unfortunately I haven't had the time to look into it. Kim [1] I don't know where to find the latest that uses the h/w to do the crypto right now, but there's some s/w crypto based code available here: http://git.freescale.com/git/cgit.cgi/ppc/sdk/u-boot.git/log/ _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot