[RFC 3/4] FIT: add FIT image support
Jean-Christophe PLAGNIOL-VILLARD
plagnioj at jcrosoft.com
Mon Mar 16 07:40:41 PDT 2015
On 15:31 Mon 16 Mar , Jan Lübbe wrote:
> On Mo, 2015-03-16 at 14:51 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > > > The other pb I see is this one where and do you plan to store the RO x509
> > > > the trusted one.
> > >
> > > Sorry, I can't parse this.
> > where do we store the trusted keys/cert need to be secured or inaccessible
> > except crypto API
>
> (The following depends on prohibiting any unauthenticated access to the
> barebox console.)
>
> If you just use a chain of signed code like with HAB on i.MX, every cert
> is verified by the previous step (up to the SRK table hash), so there is
> no need to additionally protect certs against modification. Any modified
> cert would result in a verification error. In this setup there is no
> secret information on the device at all.
>
> When doing this without support from the SoC's ROM code, you could store
> barebox (with compiled-in master public key(s)) in RO flash. Against an
> attacker without physical access, this results in the same security
> properties. You couldn't update the RO barebox, tough (only boot another
> one second stage).
I agree with you I said the same
my key point is if we do allow console access we need be sure at 100% that
they can not tempered with the trusted key in RAM and barebox binary and
malloc space
Best Regards,
J.
More information about the barebox
mailing list