[RFC 3/4] FIT: add FIT image support
plagnioj at jcrosoft.com
Fri Mar 13 08:54:23 PDT 2015
On 12:33 Fri 13 Mar , Marc Kleine-Budde wrote:
> On 03/13/2015 11:05 AM, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > On 10:28 Fri 13 Mar , Jan Lübbe wrote:
> >> On Do, 2015-03-12 at 19:19 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> >>> please do not send a new version except for fix
> >>> I'm going to re-integrate it with the keystore & co
> >> Could you describe your keystore design?
> > I'll send the patch series soon
> > code is better than 1000s of words
> > with DER support and the fit
> >>> and sha1,rsa2048 is considered weak in term of security
> >>> and worse md4/md5
> >>> for barebox I would only use
> >>> at least sha256 with rs2048 or sha512 with rsa4096
> >> Yes, of course. These were only used as an example and it's trivial to
> >> switch to other hash algos or RSA key sizes. Also, the FIT format can
> >> easily be extended to support ECC/Curve25519.
> > very slow vs rsa, but as we will use a generic framework we will just need to
> > add the algo
> > if you can break rsa4096, the chance you can break ECC are high too
> If you want to open the box, today you would probably not break
> rsa2048/sha1 (unless you have huge calculation power) but look for
> implementation weaknesses, like bugs or side channel attacks.
I alredy see it done on rsa1024 few years ago, today rs2048 is supposedly
secured but as you hw may have to run for 10 years rs2048/sha1 is considered not
Keep in on mind, for security you do need to choose the correct algo for how
long the data need to be secured.
> >> In some cases, where the SoC's ROM code only supports RSA2048 with SHA1,
> >> using stronger settings in Barebox doesn't increase security. So there
> >> we want to use the same settings as the ROM code.
> > agreed but I refuse to allow it unless we have no choice
> > and emit a warning
> > and even I'll prefer to use stonger, yes this will increase the security.
> > As a secure boot is as strong as it's weak link
> > but this will not reduce it either
> Adding unneeded complexity might not the best move here.
common it just change the sha and the number of bits of key
More information about the barebox