[U-Boot-Users] What methods of software authentication does U-Boot support?
Ken.Fuchs at bench.com
Ken.Fuchs at bench.com
Fri Apr 18 19:01:38 CEST 2008
Goal:
U-Boot will run only software that has been
authenticated to be from the system's producer.
--- A Potential Authentication Method ---
The producer of the system generates a cryptographic
[private-key, public-key] pair, storing the public-key
on the same media as U-Boot (i.e. NOR flash; perhaps
as a read-only environment variable) on all systems
and keeping the private-key hidden at a secure site.
A hash of the software is generated, encrypted
with the private key and shipped with the software.
U-Boot reads the private-key encrypted hash and decodes
it with its public-key. U-Boot loads the software and
generates the hash. If both hashes match, the software
is authenticated and U-Boot executes the authenticated
software.
--- Comment ---
U-Boot obviously supports loading and verification of
the generated hash, but I haven't been able to locate
public-key cryptographic or other authentication support
in U-Boot. Perhaps, it is available as a loadable
(stand-alone) module?
Any comments or suggestions?
Sincerely,
Ken Fuchs
More information about the U-Boot
mailing list