[U-Boot-Users] Secure Firmware + Firmware Upgrade?

Rohit rohits79 at gmail.com
Fri Jun 2 14:56:50 CEST 2006


I know this has been asked directly/indirectly before but i need to
know if my approach is correct or not? Any correction or opinion are
highly appreciated so please feel free to correct me.

My requirement is to
(1) Load and boot an image which is signed i.e. before the image could
be booted i need to check for the authenticity. This is to support
image for a given vendor only
(2) Support Firmware Upgrade

Following is my approach:

The flash memory segment shall be virtually divided into four partitions
(1) Boot-bit (type read-write)
(2) U-Boot image (type read-only)
(3) Boot Script Image (type read-only)
(4) Firmware Image (type read-write)

The boot-delay environment variable shall be set to 0 so boot process
could not be manually overridden,
The bootcmd envrionment variable shall "cp the-boot-script-image from
flash to RAM" and
"bootm the-boot-script-image". The boot script image is not compressed.

The very first thing boot-script-image shall check to see will be if
the Boot-bit is set or not

Case 1: If the boot-bit flag is set, the boot-script shall copy the
image to RAM and check the signed/encrypted image for authenticity and
integrity (how this is done is yet to be identified)
If the check is successfull the image shall than be decrypted,
expanded and executed (bootm)

Case 2: If the boot flag is not set the boot-loader shall
copy the new firmware image to a given address in RAM via kermit protocol
erase the old kernel image at the given address
copy the new image from RAM to flash
finally save env so the new firmware is writable
set the boot-bit to boot from the new firmware
reset CPU

Best Regards,

More information about the U-Boot mailing list