[RFC 3/4] FIT: add FIT image support
Jan Lübbe
jlu at pengutronix.de
Mon Mar 16 07:50:18 PDT 2015
On Mo, 2015-03-16 at 15:40 +0100, Jean-Christophe PLAGNIOL-VILLARD
wrote:
> On 15:31 Mon 16 Mar , Jan Lübbe wrote:
> > (The following depends on prohibiting any unauthenticated access to the
> > barebox console.)
> >
> > If you just use a chain of signed code like with HAB on i.MX, every cert
> > is verified by the previous step (up to the SRK table hash), so there is
> > no need to additionally protect certs against modification. Any modified
> > cert would result in a verification error. In this setup there is no
> > secret information on the device at all.
> >
> > When doing this without support from the SoC's ROM code, you could store
> > barebox (with compiled-in master public key(s)) in RO flash. Against an
> > attacker without physical access, this results in the same security
> > properties. You couldn't update the RO barebox, tough (only boot another
> > one second stage).
>
> I agree with you I said the same
>
> my key point is if we do allow console access we need be sure at 100% that
> they can not tempered with the trusted key in RAM and barebox binary and
> malloc space
Yes. We would also need to disallow access to devices and non-verifying
boot commands.
Regards,
Jan
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list