From: Ye Li <ye.li@nxp.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [EXT] Re: [PATCH 4/6] spl: mmc: support loading i.MX container format file
Date: Fri, 24 May 2019 01:59:36 +0000 [thread overview]
Message-ID: <VI1PR04MB4414C8A215520C7131457E02E4020@VI1PR04MB4414.eurprd04.prod.outlook.com> (raw)
In-Reply-To: a137fad4-a73f-35b7-d39f-b275390e6bfe@denx.de
Hi Marek,
On 2019/5/22 19:41, Marek Vasut wrote:
> Caution: EXT Email
>
> On 5/22/19 9:34 AM, Lukasz Majewski wrote:
> [...]
>>>>>>>> By using above approach we do have the NXP's "container"
>>>>>>>> format only seen in the SPL (which is OK, as for example
>>>>>>>> Samsung does similar thing with FBL/BL1). When SPL is
>>>>>>>> "trused" we may use available facilities.
>>>>>>>
>>>>>>> The issue to me is that sc_seco_authenticate could not take a
>>>>>>> FIT image as input.
>>>>>>
>>>>>> Is the sc_seco_authenticate an API accessible from SPL, U-Boot
>>>>>> proper or Linux crypro engine driver?
>>>>>
>>>>> Yes, it is an API accessible in SPL/U-Boot stage. I do not know
>>>>> about Linux crypto driver.
>>>>
>>>> Maybe it would be worth to check how Linux handle this? Maybe it
>>>> would shed some more light on it?
>>>
>>> I am not familiar with that, so might be stupid question below.
>>> Does it really matter?
>>
>> I would check it just out of curiosity.
>
> Yes, it matters, because there should be such API. How would Linux
> authenticate e.g. userspace binaries if there wasn't one, surely not by
> wrapping every single object into the custom vendor-specific container ?
> And if there is one, you can use it to authenticate raw binaries from
> U-Boot SPL too, e.g. fitImage blobs with an associated signature.
>
iMX8 AHAB uses RSA key pair for authentication, the on-chip thing we called SRK is a array of public
key hash which is dedicated for AHAB. It is not a real key. The real public key is in container.
AHAB will check the public key with the on-chip SRK before using it to authenticate the image.
Seco which contains the crypto engine on imx8 does not allow to use the SRK by user. No such API exported.
And the fuse of SRK is locked, can't be read directly.
Actually on imx6/imx7/imx8m, the SPL and u-boot are already using ROM HAB to implement the trust chain, like
SPL authenticates u-boot, u-boot authenticatse kernel. We just follow this same way on imx8, the difference
is imx8 needs container format for signed image. We prefer directly loading container image than fit image.
If we pack fit image into container, obviously this will cause one more copy.
As a boot loader, isn't it better to have more image format supported? We don't force to use container, just
set it as default. Users still can choose fit or raw image.
> [...]
>
> --
> Best regards,
> Marek Vasut
>
next prev parent reply other threads:[~2019-05-24 1:59 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-07 12:52 [U-Boot] [PATCH 0/6] imx8: support container Peng Fan
2019-05-07 12:52 ` [U-Boot] [PATCH 1/6] imx: mach-imx: clean up Makefile Peng Fan
2019-05-07 12:52 ` [U-Boot] [PATCH 2/6] spl: Add function to get u-boot raw sector Peng Fan
2019-05-07 12:52 ` [U-Boot] [PATCH 3/6] imx8: support parsing i.MX8 Container file Peng Fan
2019-05-07 12:52 ` [U-Boot] [PATCH 4/6] spl: mmc: support loading i.MX container format file Peng Fan
2019-05-18 16:09 ` Simon Glass
2019-05-20 1:30 ` Peng Fan
2019-05-20 1:45 ` Marek Vasut
2019-05-20 1:54 ` Peng Fan
2019-05-20 10:36 ` Marek Vasut
2019-05-21 2:31 ` Peng Fan
2019-05-21 2:49 ` Marek Vasut
2019-05-21 2:55 ` Peng Fan
2019-05-21 3:03 ` Marek Vasut
2019-05-21 3:19 ` Peng Fan
2019-05-21 8:32 ` Lukasz Majewski
2019-05-21 12:41 ` Marek Vasut
2019-05-21 13:13 ` Lukasz Majewski
2019-05-22 4:18 ` Peng Fan
2019-05-22 6:02 ` Lukasz Majewski
2019-05-22 6:15 ` Peng Fan
2019-05-22 6:46 ` Lukasz Majewski
2019-05-22 7:22 ` Peng Fan
2019-05-22 7:34 ` Lukasz Majewski
2019-05-22 11:41 ` Marek Vasut
2019-05-24 1:59 ` Ye Li [this message]
2019-05-27 9:49 ` [U-Boot] [EXT] " Peng Fan
2019-05-27 11:31 ` Marek Vasut
2019-05-30 7:06 ` Ye Li
2019-05-30 8:19 ` Marek Vasut
2019-06-04 3:27 ` Peng Fan
2019-06-04 11:24 ` Marek Vasut
2019-06-05 1:18 ` Peng Fan
2019-06-05 1:30 ` Marek Vasut
2019-06-05 1:59 ` Peng Fan
2019-06-05 2:38 ` Marek Vasut
2019-06-05 3:03 ` Peng Fan
2019-06-05 13:24 ` Marek Vasut
2019-06-05 13:52 ` Tom Rini
2019-06-05 13:55 ` Marek Vasut
2019-06-06 2:33 ` Peng Fan
2019-06-06 7:02 ` Lukasz Majewski
2019-06-06 7:23 ` Peng Fan
2019-06-06 7:12 ` Marek Vasut
2019-06-06 7:54 ` Peng Fan
2019-06-06 8:05 ` Marek Vasut
2019-05-22 2:56 ` [U-Boot] " Peng Fan
2019-05-07 12:52 ` [U-Boot] [PATCH 5/6] imx: add container target Peng Fan
2019-05-07 12:52 ` [U-Boot] [PATCH 6/6] imx8qxp_mek: switch to use container image Peng Fan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=VI1PR04MB4414C8A215520C7131457E02E4020@VI1PR04MB4414.eurprd04.prod.outlook.com \
--to=ye.li@nxp.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.