[RFC 3/4] FIT: add FIT image support

Jean-Christophe PLAGNIOL-VILLARD plagnioj at jcrosoft.com
Fri Mar 13 08:54:23 PDT 2015 

On 12:33 Fri 13 Mar     , Marc Kleine-Budde wrote:
> On 03/13/2015 11:05 AM, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > On 10:28 Fri 13 Mar     , Jan Lübbe wrote:
> >> On Do, 2015-03-12 at 19:19 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> >>> please do not send a new version except for fix
> >>>
> >>> I'm going to re-integrate it with the keystore & co
> >>
> >> Could you describe your keystore design?
> > 
> > I'll send the patch series soon
> > 
> > code is better than 1000s of words
> > 
> > with DER support and the fit
> >>
> >>> and sha1,rsa2048 is considered weak in term of security
> >>> and worse md4/md5
> >>>
> >>> for barebox I would only use
> >>> at least sha256 with rs2048 or sha512 with rsa4096
> >>
> >> Yes, of course. These were only used as an example and it's trivial to
> >> switch to other hash algos or RSA key sizes. Also, the FIT format can
> >> easily be extended to support ECC/Curve25519.
> > 
> > very slow vs rsa, but as we will use a generic framework we will just need to
> > add the algo
> > 
> > if you can break rsa4096, the chance you can break ECC are high too
> 
> If you want to open the box, today you would probably not break
> rsa2048/sha1 (unless you have huge calculation power) but look for
> implementation weaknesses, like bugs or side channel attacks.

I alredy see it done on rsa1024 few years ago, today rs2048 is supposedly
secured but as you hw may have to run for 10 years rs2048/sha1 is considered not
strong enough

Keep in on mind, for security you do need to choose the correct algo for how
long the data need to be secured.
> 
> >> In some cases, where the SoC's ROM code only supports RSA2048 with SHA1,
> >> using stronger settings in Barebox doesn't increase security. So there
> >> we want to use the same settings as the ROM code.
> > 
> > agreed but I refuse to allow it unless we have no choice
> > and emit a warning
> > 
> > and even I'll prefer to use stonger, yes this will increase the security.
> > As a secure boot is as strong as it's weak link
> > 
> > but this will not reduce it either
> 
> Adding unneeded complexity might not the best move here.
common it just change the sha and the number of bits of key

Best Regards,
J.

More information about the barebox mailing list