[U-Boot] [PATCH v2 0/45] Verified boot implementation based on FIT

Jagan Teki jagannadh.teki at gmail.com
Wed Apr 17 20:26:49 CEST 2013


Hi Simon,

On Wed, Apr 17, 2013 at 7:50 PM, Simon Glass <sjg at chromium.org> wrote:
> Hi,
>
> On Mon, Apr 15, 2013 at 1:38 AM, Jagan Teki <jagannadh.teki at gmail.com> wrote:
>> Hi Simon,
>>
>> I am new to this verification boot concept, could you please clarify
>> my questions.
>>
>> On Tue, Mar 19, 2013 at 5:21 AM, Simon Glass <sjg at chromium.org> wrote:
>>> This series implemented a verified boot system based around FIT images
>>> as discussed on the U-Boot mailing list, including on this thread:
>>>
>>> http://permalink.gmane.org/gmane.comp.boot-loaders.u-boot/147830
>>>
>>> RSA is used to implement the encryption. Images are signed by mkimage
>>> using private keys created by the user. Public keys are written into
>>> U-Boot control FDT (CONFIG_OF_CONTROL) for access by bootm etc. at
>>> run-time. The control FDT must be stored in a secure place where it
>>
>> 1. Who is doing RSA encryption for images?
>>     does RSA lib will do with the help of mkimage, if so where can the
>> lib will get the private key. ?
>
> There is a script in test/vboot which shows how this is done.
> Basically we use openrsa tools to create a private key.
>
>> 2. This RSA alogo will encrypt the entire (image+hash) or only encrypt
>> the hash on each individual image?
>
> Be careful with terminology - we don't actually encrypt the images -
> we only sign them. Signing means that we hash the image and (if you
> like) encrypt the hash.

Ok, means RSA will encrypt the image, is it?
There is a AES crypt on lib/aes, can we use aes to encrypt the image
and RSA for hash, is there any possibility in u-boot
to do aes and rsa encrypt and decrypt process and boot.

>
> We provide two options:
>
> a. Sign each image independently - here we sign the image data
> b. Sign the configuration, in which case we don't actually sign the
> image data, only their hashes

What does sign a data image means, can u please clarify.

Thanks,
Jagan.

>
>> 3. How can we provide the public key using u-boot devicetree, is there
>> any other way to provide this key other than dtb?
>
> This is describes in the documentation. We use mkimage to add the
> public key to your device tree. There is no other way currently
> implemented - at present you need CONFIG_OF_CONTROL. However, with
> generic board it should be a simple matter to add this for most
> boards. The device tree is convenient because it supports
> structured/tagged data, making it clean and easy to store the
> information.
>
>> 4. Suppose some one/other tool does an encryption which consists of
>> encrypted image+public key, so does your rsa code
>>     will verify and boot?
>
> You don't need to use mkimage - you can certainly create your own tool
> which does the same thing. Provided you achieve the same result then
> bootm will still verify and boot.
>
> Regards,
> Simon
>
>>
>> Thanks,
>> Jagan.
>>
>>> cannot be changed after manufacture. Some notes are provided in the
>>> documentaion on how this can be achieved. The implementation is fairly
>>> efficient and fits nicely into U-Boot. FIT plus RSA adds around 18KB
>>> to SPL size which is manageable on modern SoCs.
>>>
>>> When images are loaded, they are verified with the public keys.
>>>
>>> Some minor restructuring of the image code is included in this series,
>>> since we now support signatures as well as hashes.
>>>
>>> It is important to have a test framework for this series. For this, sandbox
>>> is used, and a script is provided which signs images and gets sandbox to
>>> load them using a script, to check that all is well. So some of the patches
>>> here related to adding image support for sandbox. A follow-on series is
>>> somewhat more agressive in further refactoring the FIT image support to
>>> clean it up improve maintainability.
>>>
>>> Rollback prevention has been added in a separate TPM patch. This ensures
>>> that an attacker cannot boot your system with an old image that has been
>>> compromised. Support for this is not built into bootm, but instead must
>>> be scripted in U-Boot. It is possible that a standard scheme for this could
>>> be devised by adding version number tags to the signing procedure. However
>>> scripts do provide more flexibility. The TPM patch is here:
>>>
>>> http://patchwork.ozlabs.org/patch/224163/
>>>
>>> This series is available at:
>>>
>>> http://git.denx.de/u-boot-x86.git
>>>
>>> in the branch 'vboot'.
>>>
>>> I have received a number of off-list comments - please do copy the list when
>>> replying so that everyone can see your comments.
>>>
>>> Changes in v2:
>>> - Add IMAGE_ENABLE_IGNORE to avoid #ifdef around ignore property handling
>>> - Add comment about why mkimage needs to open FIT with O_RDWR
>>> - Add new patch to control FIT image printing in SPL
>>> - Add new patch to remove #ifdefs in image-fit.c
>>> - Add sanity checks on key sizes in RSA (improves security)
>>> - Adjust how signing enable works in image.h
>>> - Adjust mkimage help to separate out signing options
>>> - Allow the control FDT to be set even if there is currently no control FDT
>>> - Avoid using malloc in RSA routines (for smaller SPL code size)
>>> - Build signing support unconditionally in mkimage
>>> - Change hash_block() to use an unsigned int len
>>> - Clarify use of output_size parameter to hash_block()
>>> - Correct bug in setting control FDT
>>> - Fix FDT error handling in fit_image_write_sig()
>>> - Fix checkpatch checks about parenthesis alignment
>>> - Fix checkpatch warnings about space after cast
>>> - Fix checkpatch warnings about split strings
>>> - Fix line continuation problem
>>> - Fix spelling of multiply in rsa-verify.c
>>> - Fix spelling of quite
>>> - Fix typo "os defined" -> "is defined"
>>> - Move sandbox's command list patch from a later series
>>> - Only build RSA support into mkimage if CONFIG_RSA is defined
>>> - Put err_msgp strings on a single line
>>> - Put params before description in fit_conf_get_prop_node() comment
>>> - Rebase on previous patches
>>> - Rebase to use updated fdt_valid() function
>>> - Rename commit message to say "function" instead of "function"
>>> - Require CONFIG_FIT_SIGNATURE in image.h for mkimage to support signing
>>> - Revert the whole change including the set_working_fdt_addr() part
>>> - Support RSA library version without ERR_remove_thread_state()
>>> - Tweak tools/Makefile to make image signing optional
>>> - Update README to fix typos
>>> - Update README to fix typos and clarify some points
>>> - Use U-Boot's -c option instead of hard-coding a boot script
>>> - Use gd->arch.ram_buf instead of gd->ram_buf (now that generic board is in)
>>> - Use stack instead of calloc() within U-Boot's signature verification code
>>> - fdt_valid() sets the FDT pointer to NULL on error, to simplify callers
>>> - gd->fdt_blob is now available on all archs (generic board landed)
>>>
>>> Simon Glass (45):
>>>   sandbox: config: Enable CONFIG_FIT and CONFIG_CMD_FIT
>>>   bootstage: Don't build for HOSTCC
>>>   mkimage: Move ARRAY_SIZE to header file
>>>   libfdt: Add fdt_next_subnode() to permit easy subnode iteration
>>>   image: Move timestamp #ifdefs to header file
>>>   image: Export fit_check_ramdisk()
>>>   image: Split FIT code into new image-fit.c
>>>   image: Move HOSTCC image code to tools/
>>>   image: Split hash node processing into its own function
>>>   image: Convert fit_image_hash_set_value() to static, and rename
>>>   image: Rename fit_image_check_hashes() to fit_image_verify()
>>>   image: Move hash checking into its own function
>>>   image: Move error! string to common place
>>>   image: Export fit_conf_get_prop_node()
>>>   image: Rename fit_add_hashes() to fit_add_verification_data()
>>>   image: Rename hash printing to fit_image_print_verification_data()
>>>   sandbox: Add CONFIG_OF_HOSTFILE to read FDT from host file
>>>   fdt: Add a parameter to fdt_valid()
>>>   Add getenv_hex() to return an environment variable as hex
>>>   fdt: Allow fdt command to check and update control FDT
>>>   sandbox: fdt: Support fdt command for sandbox
>>>   env: Fix minor comment typos in cmd_nvedit
>>>   fdt: Skip checking FDT if the pointer is NULL
>>>   Revert "fdt- Tell the FDT library where the device tree is"
>>>   Add stdarg to vsprintf.h
>>>   Add minor updates to README.fdt-control
>>>   hash: Add a way to calculate a hash for any algortihm
>>>   sandbox: config: Enable FIT signatures with RSA
>>>   sandbox: Provide a way to map from host RAM to U-Boot RAM
>>>   sandbox: image: Add support for booting images in sandbox
>>>   image: Add signing infrastructure
>>>   image: Support signing of images
>>>   image: Add RSA support for image signing
>>>   mkimage: Put FIT loading in function and tidy error handling
>>>   mkimage: Add -k option to specify key directory
>>>   mkimage: Add -K to write public keys to an FDT blob
>>>   mkimage: Add -F option to modify an existing .fit file
>>>   mkimage: Add -c option to specify a comment for key signing
>>>   mkimage: Add -r option to specify keys that must be verified
>>>   libfdt: Add fdt_find_regions()
>>>   image: Add support for signing of FIT configurations
>>>   image: Remove remaining #ifdefs in image-fit.c
>>>   image: Add CONFIG_FIT_SPL_PRINT to control FIT image printing in SPL
>>>   sandbox: Allow -c argument to provide a command list
>>>   Add verified boot information and test
>>>
>>>  Makefile                         |    1 +
>>>  README                           |   21 +
>>>  arch/sandbox/cpu/cpu.c           |    5 +
>>>  arch/sandbox/cpu/start.c         |    9 +-
>>>  arch/sandbox/include/asm/io.h    |    2 +
>>>  arch/sandbox/include/asm/state.h |    1 +
>>>  arch/sandbox/lib/board.c         |   38 +-
>>>  common/Makefile                  |    2 +
>>>  common/cmd_bootm.c               |   37 +-
>>>  common/cmd_fdt.c                 |   87 +-
>>>  common/cmd_fpga.c                |    2 +-
>>>  common/cmd_nvedit.c              |   19 +-
>>>  common/cmd_source.c              |    2 +-
>>>  common/cmd_ximg.c                |    2 +-
>>>  common/hash.c                    |   23 +
>>>  common/image-fit.c               | 1533 ++++++++++++++++++++++++++++++++++
>>>  common/image-sig.c               |  430 ++++++++++
>>>  common/image.c                   | 1686 +-------------------------------------
>>>  common/main.c                    |    8 -
>>>  common/update.c                  |    2 +-
>>>  config.mk                        |    1 +
>>>  doc/README.fdt-control           |   13 +-
>>>  doc/mkimage.1                    |   73 +-
>>>  doc/uImage.FIT/sign-configs.its  |   45 +
>>>  doc/uImage.FIT/sign-images.its   |   42 +
>>>  doc/uImage.FIT/signature.txt     |  382 +++++++++
>>>  doc/uImage.FIT/verified-boot.txt |  104 +++
>>>  include/bootstage.h              |    5 +-
>>>  include/common.h                 |   18 +
>>>  include/configs/sandbox.h        |    6 +
>>>  include/hash.h                   |   22 +
>>>  include/image.h                  |  265 +++++-
>>>  include/libfdt.h                 |   81 ++
>>>  include/rsa.h                    |  108 +++
>>>  include/vsprintf.h               |    2 +
>>>  lib/fdtdec.c                     |    3 +-
>>>  lib/libfdt/fdt.c                 |   12 +
>>>  lib/libfdt/fdt_wip.c             |  129 +++
>>>  lib/rsa/Makefile                 |   48 ++
>>>  lib/rsa/rsa-sign.c               |  460 +++++++++++
>>>  lib/rsa/rsa-verify.c             |  385 +++++++++
>>>  test/vboot/.gitignore            |    3 +
>>>  test/vboot/sandbox-kernel.dts    |    7 +
>>>  test/vboot/sandbox-u-boot.dts    |    7 +
>>>  test/vboot/sign-configs.its      |   45 +
>>>  test/vboot/sign-images.its       |   42 +
>>>  test/vboot/vboot_test.sh         |  126 +++
>>>  tools/Makefile                   |   23 +-
>>>  tools/aisimage.c                 |    1 -
>>>  tools/fit_image.c                |  136 +--
>>>  tools/image-host.c               |  722 ++++++++++++++++
>>>  tools/mkimage.c                  |   36 +-
>>>  tools/mkimage.h                  |    6 +
>>>  53 files changed, 5485 insertions(+), 1783 deletions(-)
>>>  create mode 100644 common/image-fit.c
>>>  create mode 100644 common/image-sig.c
>>>  create mode 100644 doc/uImage.FIT/sign-configs.its
>>>  create mode 100644 doc/uImage.FIT/sign-images.its
>>>  create mode 100644 doc/uImage.FIT/signature.txt
>>>  create mode 100644 doc/uImage.FIT/verified-boot.txt
>>>  create mode 100644 include/rsa.h
>>>  create mode 100644 lib/rsa/Makefile
>>>  create mode 100644 lib/rsa/rsa-sign.c
>>>  create mode 100644 lib/rsa/rsa-verify.c
>>>  create mode 100644 test/vboot/.gitignore
>>>  create mode 100644 test/vboot/sandbox-kernel.dts
>>>  create mode 100644 test/vboot/sandbox-u-boot.dts
>>>  create mode 100644 test/vboot/sign-configs.its
>>>  create mode 100644 test/vboot/sign-images.its
>>>  create mode 100755 test/vboot/vboot_test.sh
>>>  create mode 100644 tools/image-host.c
>>>
>>> --
>>> 1.8.1.3
>>>
>>> _______________________________________________
>>> U-Boot mailing list
>>> U-Boot at lists.denx.de
>>> http://lists.denx.de/mailman/listinfo/u-boot


More information about the U-Boot mailing list