[U-Boot-Users] Secure Firmware + Firmware Upgrade?
Wolfgang Denk
wd at denx.de
Fri Jun 2 22:24:49 CEST 2006
In message <586f5d00606020556s1940cd23seb0a8e7d67dc32a6 at mail.gmail.com> you wrote:
>
> The bootcmd envrionment variable shall "cp the-boot-script-image from
> flash to RAM" and
> "bootm the-boot-script-image". The boot script image is not compressed.
This is redundand. "bootm" includes loading the image to the load
address. No extra copy is needed here.
> Case 1: If the boot-bit flag is set, the boot-script shall copy the
> image to RAM and check the signed/encrypted image for authenticity and
> integrity (how this is done is yet to be identified)
You can check the image in flash before running "bootm".
> Case 2: If the boot flag is not set the boot-loader shall
> copy the new firmware image to a given address in RAM via kermit protocol
Copy from flash to RAM with kermit protocol? Either you omitted some
vital information here, or this is fundamentally broken.
> erase the old kernel image at the given address
> copy the new image from RAM to flash
> finally save env so the new firmware is writable
> set the boot-bit to boot from the new firmware
You are aware that this is not really secure in any way, as it leaves
many ways to run random unsigned images, too?
Best regards,
Wolfgang Denk
--
Software Engineering: Embedded and Realtime Systems, Embedded Linux
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
Don't tell me how hard you work. Tell me how much you get done.
-- James J. Ling
More information about the U-Boot
mailing list