[RFC 3/4] FIT: add FIT image support
Jan Lübbe
jlu at pengutronix.de
Mon Mar 16 07:31:56 PDT 2015
On Mo, 2015-03-16 at 14:51 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > > The other pb I see is this one where and do you plan to store the RO x509
> > > the trusted one.
> >
> > Sorry, I can't parse this.
> where do we store the trusted keys/cert need to be secured or inaccessible
> except crypto API
(The following depends on prohibiting any unauthenticated access to the
barebox console.)
If you just use a chain of signed code like with HAB on i.MX, every cert
is verified by the previous step (up to the SRK table hash), so there is
no need to additionally protect certs against modification. Any modified
cert would result in a verification error. In this setup there is no
secret information on the device at all.
When doing this without support from the SoC's ROM code, you could store
barebox (with compiled-in master public key(s)) in RO flash. Against an
attacker without physical access, this results in the same security
properties. You couldn't update the RO barebox, tough (only boot another
one second stage).
Regards,
Jan
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list