[U-Boot] Kernel RSA signature ?

Cyrille Francois mercyril at gmail.com
Wed Jul 22 10:54:03 CEST 2009


Dear Wolfgang Denk,

Thanks for this information.
But this feature is used to check the kernel integrity.

My need is to authenticate the kernel image by the u-boot, to be sure
that the kernel image is a official firmware.

That is why i'm thinking about RSA signature.

The goal is, at generation time, to sign the uImage with a private RSA
key (unique for one firmware release), and u-boot uses the public RSA
key to authenticate the uImage.

Best regards,

Cyrille FRANCOIS

2009/7/22, Wolfgang Denk <wd at denx.de>:
> Dear Cyrille Francois,
>
> In message <61acdef60907212330r1a4d5829t976f88f72bcdeb56 at mail.gmail.com> you
> wrote:
>>
>> I'm looking for a solution to authenticate the kernel launched by
>> u-boot via a RSA signature.
>> Or another way perhaps...
>>
>> I ask here for that, before beginning my development... if a solution
>> already exist.
>
> It exists. At least MD5 and SHA1 are supported. You need to wrap your
> kernel into a "new style" aka FIT (Flattened Image Tree) image. See
> doc/uImage.FIT/howto.txt and doc/uImage.FIT/* for details.
>
> Best regards,
>
> Wolfgang Denk
>
> --
> DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
> Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
> You are only young once, but you can stay immature indefinitely.
>


More information about the U-Boot mailing list