[U-Boot-Users] Secure Bootloader patch

emre kara emrekara2002 at yahoo.co.uk
Wed Sep 13 23:34:45 CEST 2006


Hi Stephen;
I'am not an expert on crypto but It seems that it's
really a good job. This was critical a security
requirement for a bootloader. Thanks for sharing this
to community.
Emre
--- Stephen Johnson <steve at research.panasonic.com>
wrote:

> 
> This message contains a patch to add RSA signature
> validation to
> U-Boot.  I previously sent a similar e-mail to the
> CELinux-dev mailing
> list for comments where I received the following:
> 
>   1. I shouldn't be using OpenSSL (due to licensing
> concerns), 
>   2. alternate RSA libraries are GNU TLS and
> MatrixSSL, and
>   3. the U-Boot mailing list might be a more
> appropriate place
> 
> The patch modifies u-boot to verify an image
> signature created with a
> SHA1 digest and RSA encryption/decryption.  Because
> I found the
> necessary information fairly easily about SHA1 and
> RSA from the
> OpenSSL package, that's what I used.  Hence, the
> modified u-boot ran
> quite quickly, but was rather large.  The eventual
> goal is to release
> this patch to the community.
> 
> I'm looking for additional comments, especially
> about other encryption
> libraries that would be better to use, and whether
> or not something
> like this is seen as useful.
> 
> Notes:
>  - I'm linking against openssl-0.9.8b.  
>  - I used crosstool based on gcc-3.4.5 and
> glibc-2.3.6 for the tool
>    chain.  
>  - It all was built for an omap5912osk board.
>  - The signature is added to the u-boot header by a
> modified mkimage
>    (patch is included).
>  - The signature is verified in cmd_bootm.c.
>  - In u-boot/include/configs/omap5912osk.h there is
> a CONFIG_SIGNATURE
>    that turns on/off the signature checking and
> creating.
> 
> To compile the modified u-boot the following were
> needed:
> 
> CPATH should be defined to point to where ever
> crosstool has it's
> generic include files, e.g.
> export
>
CPATH="/opt/crosstool/gcc-3.4.5-glibc-2.3.6/arm-softfloat-linux-gnu/arm-softfloat-linux-gnu/include"
> 
> CRYPTO_INC needs to point at the openssl include
> files, e.g.
> export
>
CRYPTO_INC="-I/home/steve/src/SecureBoot/openssl-0.9.8b/include"
> 
> CRYPTO_LIBS needs to point the the openssl
> libraries, e.g.
> export CRYPTO_LIBS="-L
> /home/steve/src/SecureBoot/openssl-0.9.8b -lssl
> -lcrypto -lm -lc"
> 
> If anyone has any problems or even better,
> suggestions, don't hesitate
> to let me know.
> 
> Best regards,
>     Steve
> 
> =========================================
> 
> diff -Naur u-boot.orig/common/cmd_bootm.c
> u-boot/common/cmd_bootm.c
> --- u-boot.orig/common/cmd_bootm.c	2006-05-10
> 11:43:20.000000000 -0400
> +++ u-boot/common/cmd_bootm.c	2006-06-12
> 10:35:57.000000000 -0400
> @@ -79,6 +79,12 @@
>  # define CHUNKSZ (64 * 1024)
>  #endif
>  
> +#ifdef CONFIG_SIGNATURE
> +extern int verify_signature (const unsigned char
> *signature,
> +                             const unsigned char
> *buf,
> +                             unsigned int len);
> +#endif       /* CONFIG_SIGNATURE */
> +
>  int  gunzip (void *, int, unsigned char *, unsigned
> long *);
>  
>  static void *zalloc(void *, unsigned, unsigned);
> @@ -238,6 +244,19 @@
>  		}
>  		puts ("OK\n");
>  	}
> +
> +#ifdef CONFIG_SIGNATURE
> +	puts ("   Verifying Signature ... ");
> +	if (verify_signature(hdr->ih_sign,
> +			    (const unsigned char *)data,
> +			    len) == 0) {
> +               puts("Invalid image signature\n");
> +               SHOW_BOOT_PROGRESS(-3);
> +               return 1;
> +       }
> +       puts ("OK\n");
> +#endif        /* CONFIG_SIGNATURE */
> +
>  	SHOW_BOOT_PROGRESS (4);
>  
>  	len_ptr = (ulong *)data;
> diff -Naur u-boot.orig/config.mk u-boot/config.mk
> --- u-boot.orig/config.mk	2006-05-10
> 11:43:20.000000000 -0400
> +++ u-boot/config.mk	2006-06-08 09:41:17.000000000
> -0400
> @@ -126,7 +126,7 @@
>  	-D__KERNEL__ -DTEXT_BASE=$(TEXT_BASE)		\
>  	-I$(TOPDIR)/include				\
>  	-fno-builtin -ffreestanding -nostdinc -isystem	\
> -	$(gccincdir) -pipe $(PLATFORM_CPPFLAGS)
> +	$(gccincdir) -pipe $(PLATFORM_CPPFLAGS)
> $(CRYPTO_INC)
>  
>  ifdef BUILD_TAG
>  CFLAGS := $(CPPFLAGS) -Wall -Wstrict-prototypes \
> diff -Naur u-boot.orig/include/configs/omap5912osk.h
> u-boot/include/configs/omap5912osk.h
> --- u-boot.orig/include/configs/omap5912osk.h
> 2006-05-10 11:43:20.000000000 -0400
> +++ u-boot/include/configs/omap5912osk.h	2006-06-08
> 15:34:00.000000000 -0400
> @@ -38,6 +38,8 @@
>  #define CONFIG_DISPLAY_CPUINFO	1	/* display cpu
> info (and speed)	*/
>  #define CONFIG_DISPLAY_BOARDINFO 1	/* display board
> info		*/
>  
> +#define CONFIG_SIGNATURE	1
> +
>  /* input clock of PLL */
>  /* the OMAP5912 OSK has 12MHz input clock */
>  #define CONFIG_SYS_CLK_FREQ	12000000
> @@ -112,7 +122,11 @@
>   */
>  #define CFG_LONGHELP	/* undef to save memory     */
>  #define CFG_PROMPT	"OMAP5912 OSK # "	/* Monitor
> Command Prompt   */
> +#ifdef CONFIG_SIGNATURE
> +#define CFG_CBSIZE	512		/* Console I/O Buffer Size 
> */
> +#else
>  #define CFG_CBSIZE	256		/* Console I/O Buffer Size 
> */
> +#endif
>  /* Print Buffer Size */
>  #define CFG_PBSIZE
> (CFG_CBSIZE+sizeof(CFG_PROMPT)+16)
>  #define CFG_MAXARGS	16		/* max number of command
> args   */
> @@ -183,9 +197,9 @@
>   */
>  #define CFG_ENV_IS_IN_FLASH	1
>  /* addr of environment */
> -#define CFG_ENV_ADDR	(CFG_FLASH_BASE + 0x020000)
> +#define CFG_ENV_ADDR	(CFG_FLASH_BASE + 0x0E0000)
>  
>  #define CFG_ENV_SIZE	0x20000	/* Total Size of
> Environment Sector */
> -#define CFG_ENV_OFFSET	0x20000	/* environment
> starts here  */
> +#define CFG_ENV_OFFSET	0xE0000	/* environment
> starts here  */
>  
>  #endif							/* __CONFIG_H */
> diff -Naur u-boot.orig/include/image.h
> u-boot/include/image.h
> --- u-boot.orig/include/image.h	2006-05-10
> 11:43:20.000000000 -0400
> +++ u-boot/include/image.h	2006-06-08
> 09:09:09.000000000 -0400
> @@ -134,6 +134,9 @@
>  
>  #define IH_MAGIC	0x27051956	/* Image Magic Number	
> */
>  #define IH_NMLEN		32	/* Image Name Length		*/
> +#ifdef CONFIG_SIGNATURE
> +#define	IH_SIGN			256	/* Image Signature Length	*/
> +#endif	/* CONFIG_SIGNATURE */
>  
>  /*
>   * all data in network byte order (aka natural aka
> bigendian)
> @@ -152,6 +155,9 @@
> 
=== message truncated ===



	
	
		
___________________________________________________________ 
All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine 
http://uk.docs.yahoo.com/nowyoucan.html




More information about the U-Boot mailing list