[U-Boot-Users] What methods of software authentication does U-Boot support?
Kim Phillips
kim.phillips at freescale.com
Fri Apr 18 23:32:11 CEST 2008
On Fri, 18 Apr 2008 12:01:38 -0500
<Ken.Fuchs at bench.com> wrote:
> Goal:
>
> U-Boot will run only software that has been
> authenticated to be from the system's producer.
>
> --- A Potential Authentication Method ---
>
> The producer of the system generates a cryptographic
> [private-key, public-key] pair, storing the public-key
> on the same media as U-Boot (i.e. NOR flash; perhaps
> as a read-only environment variable) on all systems
> and keeping the private-key hidden at a secure site.
> A hash of the software is generated, encrypted
> with the private key and shipped with the software.
>
> U-Boot reads the private-key encrypted hash and decodes
> it with its public-key. U-Boot loads the software and
> generates the hash. If both hashes match, the software
> is authenticated and U-Boot executes the authenticated
> software.
>
> --- Comment ---
>
> U-Boot obviously supports loading and verification of
> the generated hash, but I haven't been able to locate
> public-key cryptographic or other authentication support
> in U-Boot. Perhaps, it is available as a loadable
> (stand-alone) module?
>
> Any comments or suggestions?
>
this patch taps into openssl:
http://thread.gmane.org/gmane.comp.boot-loaders.u-boot/23977
or you might want to reuse some of linux' crypto library code.
Kim
More information about the U-Boot
mailing list