* [U-Boot] Confusion about "u-boot/doc/uImage.FIT/signature.txt"
@ 2019-10-23 2:23 Lang Yu
2019-10-30 1:49 ` Simon Glass
0 siblings, 1 reply; 2+ messages in thread
From: Lang Yu @ 2019-10-23 2:23 UTC (permalink / raw)
To: u-boot
Hi, sjg,
I'm YuLang, a software engineer in Hesai Tech. I really appreciate your contribution to secure boot. But I'm confused with your explanation about signature with FIT image in "u-boot/doc/uImage.FIT/signature.txt". As following,
/ {
images {
kernel at 1 {
data = <data for kernel1>
hash at 1 {
algo = "sha1";
value = <...kernel hash 1...>
};
};
kernel at 2 {
data = <data for kernel2>
hash at 1 {
algo = "sha1";
value = <...kernel hash 2...>
};
};
fdt at 1 {
data = <data for fdt1>;
hash at 1 {
algo = "sha1";
value = <...fdt hash 1...>
};
};
fdt at 2 {
data = <data for fdt2>;
hash at 1 {
algo = "sha1";
value = <...fdt hash 2...>
};
};
};
configurations {
default = "conf at 1";
conf at 1 {
kernel = "kernel at 1";
fdt = "fdt at 1";
signature at 1 {
algo = "sha1,rsa2048";
value = <...conf 1 signature...>;
};
};
conf at 2 {
kernel = "kernel at 2";
fdt = "fdt at 2";
signature at 1 {
algo = "sha1,rsa2048";
value = <...conf 1 signature...>;
};
};
};
};
You can see that we have added hashes for all images (since they are no
longer signed), and a signature to each configuration. In the above example,
mkimage will sign configurations/conf at 1, the kernel and fdt that are
pointed to by the configuration (/images/kernel at 1, /images/kernel at 1/hash at 1,
/images/fdt at 1, /images/fdt at 1/hash at 1) and the root structure of the image
(so that it isn't possible to add or remove root nodes). The signature is
written into /configurations/conf at 1/signature at 1/value. It can easily be
verified later even if the FIT has been signed with other keys in the
meantime.
But what a signature to each configuration really means ?
1. rsa2048-privatekey(sha1(kernel data + fdt data))
2. rsa2048-privatekey(sha1(kernel hash+kernel hash))
3....
Could you give a clear explanation? Many thanks
Best wishes!
YuLang
Software Engineer
Heai Tech
^ permalink raw reply [flat|nested] 2+ messages in thread
* [U-Boot] Confusion about "u-boot/doc/uImage.FIT/signature.txt"
2019-10-23 2:23 [U-Boot] Confusion about "u-boot/doc/uImage.FIT/signature.txt" Lang Yu
@ 2019-10-30 1:49 ` Simon Glass
0 siblings, 0 replies; 2+ messages in thread
From: Simon Glass @ 2019-10-30 1:49 UTC (permalink / raw)
To: u-boot
Hi Lang,
On Tue, 22 Oct 2019 at 20:23, Lang Yu <yulang@hesaitech.com> wrote:
>
> Hi, sjg,
>
>
>
> I'm YuLang, a software engineer in Hesai Tech. I really appreciate your contribution to secure boot. But I'm confused with your explanation about signature with FIT image in "u-boot/doc/uImage.FIT/signature.txt". As following,
>
>
> / {
> images {
> kernel at 1 {
> data = <data for kernel1>
> hash at 1 {
> algo = "sha1";
> value = <...kernel hash 1...>
> };
> };
> kernel at 2 {
> data = <data for kernel2>
> hash at 1 {
> algo = "sha1";
> value = <...kernel hash 2...>
> };
> };
> fdt at 1 {
> data = <data for fdt1>;
> hash at 1 {
> algo = "sha1";
> value = <...fdt hash 1...>
> };
> };
> fdt at 2 {
> data = <data for fdt2>;
> hash at 1 {
> algo = "sha1";
> value = <...fdt hash 2...>
> };
> };
> };
> configurations {
> default = "conf at 1";
> conf at 1 {
> kernel = "kernel at 1";
> fdt = "fdt at 1";
> signature at 1 {
> algo = "sha1,rsa2048";
> value = <...conf 1 signature...>;
> };
> };
> conf at 2 {
> kernel = "kernel at 2";
> fdt = "fdt at 2";
> signature at 1 {
> algo = "sha1,rsa2048";
> value = <...conf 1 signature...>;
> };
> };
> };
> };
>
>
> You can see that we have added hashes for all images (since they are no
> longer signed), and a signature to each configuration. In the above example,
> mkimage will sign configurations/conf at 1, the kernel and fdt that are
> pointed to by the configuration (/images/kernel at 1, /images/kernel at 1/hash at 1,
> /images/fdt at 1, /images/fdt at 1/hash at 1) and the root structure of the image
> (so that it isn't possible to add or remove root nodes). The signature is
> written into /configurations/conf at 1/signature at 1/value. It can easily be
> verified later even if the FIT has been signed with other keys in the
> meantime.
>
>
>
> But what a signature to each configuration really means ?
>
>
> 1. rsa2048-privatekey(sha1(kernel data + fdt data))
>
>
> 2. rsa2048-privatekey(sha1(kernel hash+kernel hash))
>
>
> 3....
>
>
> Could you give a clear explanation? Many thanks
This is explained in signature.txt, just above the 'verification' heading:
> In the above example,
mkimage will sign configurations/conf-1, the kernel and fdt that are
pointed to by the configuration (/images/kernel-1, /images/kernel-1/hash-1,
/images/fdt-1, /images/fdt-1/hash-1) and the root structure of the image
(so that it isn't possible to add or remove root nodes). The signature is
written into /configurations/conf-1/signature-1/value. It can easily be
verified later even if the FIT has been signed with other keys in the
meantime.
Regards,
SImon
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-10-30 1:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-23 2:23 [U-Boot] Confusion about "u-boot/doc/uImage.FIT/signature.txt" Lang Yu
2019-10-30 1:49 ` Simon Glass
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.