[U-Boot] [PATCH v2 0/45] Verified boot implementation based on FIT
Jagan Teki
jagannadh.teki at gmail.com
Wed Apr 17 20:26:49 CEST 2013
Hi Simon,
On Wed, Apr 17, 2013 at 7:50 PM, Simon Glass <sjg at chromium.org> wrote:
> Hi,
>
> On Mon, Apr 15, 2013 at 1:38 AM, Jagan Teki <jagannadh.teki at gmail.com> wrote:
>> Hi Simon,
>>
>> I am new to this verification boot concept, could you please clarify
>> my questions.
>>
>> On Tue, Mar 19, 2013 at 5:21 AM, Simon Glass <sjg at chromium.org> wrote:
>>> This series implemented a verified boot system based around FIT images
>>> as discussed on the U-Boot mailing list, including on this thread:
>>>
>>> http://permalink.gmane.org/gmane.comp.boot-loaders.u-boot/147830
>>>
>>> RSA is used to implement the encryption. Images are signed by mkimage
>>> using private keys created by the user. Public keys are written into
>>> U-Boot control FDT (CONFIG_OF_CONTROL) for access by bootm etc. at
>>> run-time. The control FDT must be stored in a secure place where it
>>
>> 1. Who is doing RSA encryption for images?
>> does RSA lib will do with the help of mkimage, if so where can the
>> lib will get the private key. ?
>
> There is a script in test/vboot which shows how this is done.
> Basically we use openrsa tools to create a private key.
>
>> 2. This RSA alogo will encrypt the entire (image+hash) or only encrypt
>> the hash on each individual image?
>
> Be careful with terminology - we don't actually encrypt the images -
> we only sign them. Signing means that we hash the image and (if you
> like) encrypt the hash.
Ok, means RSA will encrypt the image, is it?
There is a AES crypt on lib/aes, can we use aes to encrypt the image
and RSA for hash, is there any possibility in u-boot
to do aes and rsa encrypt and decrypt process and boot.
>
> We provide two options:
>
> a. Sign each image independently - here we sign the image data
> b. Sign the configuration, in which case we don't actually sign the
> image data, only their hashes
What does sign a data image means, can u please clarify.
Thanks,
Jagan.
>
>> 3. How can we provide the public key using u-boot devicetree, is there
>> any other way to provide this key other than dtb?
>
> This is describes in the documentation. We use mkimage to add the
> public key to your device tree. There is no other way currently
> implemented - at present you need CONFIG_OF_CONTROL. However, with
> generic board it should be a simple matter to add this for most
> boards. The device tree is convenient because it supports
> structured/tagged data, making it clean and easy to store the
> information.
>
>> 4. Suppose some one/other tool does an encryption which consists of
>> encrypted image+public key, so does your rsa code
>> will verify and boot?
>
> You don't need to use mkimage - you can certainly create your own tool
> which does the same thing. Provided you achieve the same result then
> bootm will still verify and boot.
>
> Regards,
> Simon
>
>>
>> Thanks,
>> Jagan.
>>
>>> cannot be changed after manufacture. Some notes are provided in the
>>> documentaion on how this can be achieved. The implementation is fairly
>>> efficient and fits nicely into U-Boot. FIT plus RSA adds around 18KB
>>> to SPL size which is manageable on modern SoCs.
>>>
>>> When images are loaded, they are verified with the public keys.
>>>
>>> Some minor restructuring of the image code is included in this series,
>>> since we now support signatures as well as hashes.
>>>
>>> It is important to have a test framework for this series. For this, sandbox
>>> is used, and a script is provided which signs images and gets sandbox to
>>> load them using a script, to check that all is well. So some of the patches
>>> here related to adding image support for sandbox. A follow-on series is
>>> somewhat more agressive in further refactoring the FIT image support to
>>> clean it up improve maintainability.
>>>
>>> Rollback prevention has been added in a separate TPM patch. This ensures
>>> that an attacker cannot boot your system with an old image that has been
>>> compromised. Support for this is not built into bootm, but instead must
>>> be scripted in U-Boot. It is possible that a standard scheme for this could
>>> be devised by adding version number tags to the signing procedure. However
>>> scripts do provide more flexibility. The TPM patch is here:
>>>
>>> http://patchwork.ozlabs.org/patch/224163/
>>>
>>> This series is available at:
>>>
>>> http://git.denx.de/u-boot-x86.git
>>>
>>> in the branch 'vboot'.
>>>
>>> I have received a number of off-list comments - please do copy the list when
>>> replying so that everyone can see your comments.
>>>
>>> Changes in v2:
>>> - Add IMAGE_ENABLE_IGNORE to avoid #ifdef around ignore property handling
>>> - Add comment about why mkimage needs to open FIT with O_RDWR
>>> - Add new patch to control FIT image printing in SPL
>>> - Add new patch to remove #ifdefs in image-fit.c
>>> - Add sanity checks on key sizes in RSA (improves security)
>>> - Adjust how signing enable works in image.h
>>> - Adjust mkimage help to separate out signing options
>>> - Allow the control FDT to be set even if there is currently no control FDT
>>> - Avoid using malloc in RSA routines (for smaller SPL code size)
>>> - Build signing support unconditionally in mkimage
>>> - Change hash_block() to use an unsigned int len
>>> - Clarify use of output_size parameter to hash_block()
>>> - Correct bug in setting control FDT
>>> - Fix FDT error handling in fit_image_write_sig()
>>> - Fix checkpatch checks about parenthesis alignment
>>> - Fix checkpatch warnings about space after cast
>>> - Fix checkpatch warnings about split strings
>>> - Fix line continuation problem
>>> - Fix spelling of multiply in rsa-verify.c
>>> - Fix spelling of quite
>>> - Fix typo "os defined" -> "is defined"
>>> - Move sandbox's command list patch from a later series
>>> - Only build RSA support into mkimage if CONFIG_RSA is defined
>>> - Put err_msgp strings on a single line
>>> - Put params before description in fit_conf_get_prop_node() comment
>>> - Rebase on previous patches
>>> - Rebase to use updated fdt_valid() function
>>> - Rename commit message to say "function" instead of "function"
>>> - Require CONFIG_FIT_SIGNATURE in image.h for mkimage to support signing
>>> - Revert the whole change including the set_working_fdt_addr() part
>>> - Support RSA library version without ERR_remove_thread_state()
>>> - Tweak tools/Makefile to make image signing optional
>>> - Update README to fix typos
>>> - Update README to fix typos and clarify some points
>>> - Use U-Boot's -c option instead of hard-coding a boot script
>>> - Use gd->arch.ram_buf instead of gd->ram_buf (now that generic board is in)
>>> - Use stack instead of calloc() within U-Boot's signature verification code
>>> - fdt_valid() sets the FDT pointer to NULL on error, to simplify callers
>>> - gd->fdt_blob is now available on all archs (generic board landed)
>>>
>>> Simon Glass (45):
>>> sandbox: config: Enable CONFIG_FIT and CONFIG_CMD_FIT
>>> bootstage: Don't build for HOSTCC
>>> mkimage: Move ARRAY_SIZE to header file
>>> libfdt: Add fdt_next_subnode() to permit easy subnode iteration
>>> image: Move timestamp #ifdefs to header file
>>> image: Export fit_check_ramdisk()
>>> image: Split FIT code into new image-fit.c
>>> image: Move HOSTCC image code to tools/
>>> image: Split hash node processing into its own function
>>> image: Convert fit_image_hash_set_value() to static, and rename
>>> image: Rename fit_image_check_hashes() to fit_image_verify()
>>> image: Move hash checking into its own function
>>> image: Move error! string to common place
>>> image: Export fit_conf_get_prop_node()
>>> image: Rename fit_add_hashes() to fit_add_verification_data()
>>> image: Rename hash printing to fit_image_print_verification_data()
>>> sandbox: Add CONFIG_OF_HOSTFILE to read FDT from host file
>>> fdt: Add a parameter to fdt_valid()
>>> Add getenv_hex() to return an environment variable as hex
>>> fdt: Allow fdt command to check and update control FDT
>>> sandbox: fdt: Support fdt command for sandbox
>>> env: Fix minor comment typos in cmd_nvedit
>>> fdt: Skip checking FDT if the pointer is NULL
>>> Revert "fdt- Tell the FDT library where the device tree is"
>>> Add stdarg to vsprintf.h
>>> Add minor updates to README.fdt-control
>>> hash: Add a way to calculate a hash for any algortihm
>>> sandbox: config: Enable FIT signatures with RSA
>>> sandbox: Provide a way to map from host RAM to U-Boot RAM
>>> sandbox: image: Add support for booting images in sandbox
>>> image: Add signing infrastructure
>>> image: Support signing of images
>>> image: Add RSA support for image signing
>>> mkimage: Put FIT loading in function and tidy error handling
>>> mkimage: Add -k option to specify key directory
>>> mkimage: Add -K to write public keys to an FDT blob
>>> mkimage: Add -F option to modify an existing .fit file
>>> mkimage: Add -c option to specify a comment for key signing
>>> mkimage: Add -r option to specify keys that must be verified
>>> libfdt: Add fdt_find_regions()
>>> image: Add support for signing of FIT configurations
>>> image: Remove remaining #ifdefs in image-fit.c
>>> image: Add CONFIG_FIT_SPL_PRINT to control FIT image printing in SPL
>>> sandbox: Allow -c argument to provide a command list
>>> Add verified boot information and test
>>>
>>> Makefile | 1 +
>>> README | 21 +
>>> arch/sandbox/cpu/cpu.c | 5 +
>>> arch/sandbox/cpu/start.c | 9 +-
>>> arch/sandbox/include/asm/io.h | 2 +
>>> arch/sandbox/include/asm/state.h | 1 +
>>> arch/sandbox/lib/board.c | 38 +-
>>> common/Makefile | 2 +
>>> common/cmd_bootm.c | 37 +-
>>> common/cmd_fdt.c | 87 +-
>>> common/cmd_fpga.c | 2 +-
>>> common/cmd_nvedit.c | 19 +-
>>> common/cmd_source.c | 2 +-
>>> common/cmd_ximg.c | 2 +-
>>> common/hash.c | 23 +
>>> common/image-fit.c | 1533 ++++++++++++++++++++++++++++++++++
>>> common/image-sig.c | 430 ++++++++++
>>> common/image.c | 1686 +-------------------------------------
>>> common/main.c | 8 -
>>> common/update.c | 2 +-
>>> config.mk | 1 +
>>> doc/README.fdt-control | 13 +-
>>> doc/mkimage.1 | 73 +-
>>> doc/uImage.FIT/sign-configs.its | 45 +
>>> doc/uImage.FIT/sign-images.its | 42 +
>>> doc/uImage.FIT/signature.txt | 382 +++++++++
>>> doc/uImage.FIT/verified-boot.txt | 104 +++
>>> include/bootstage.h | 5 +-
>>> include/common.h | 18 +
>>> include/configs/sandbox.h | 6 +
>>> include/hash.h | 22 +
>>> include/image.h | 265 +++++-
>>> include/libfdt.h | 81 ++
>>> include/rsa.h | 108 +++
>>> include/vsprintf.h | 2 +
>>> lib/fdtdec.c | 3 +-
>>> lib/libfdt/fdt.c | 12 +
>>> lib/libfdt/fdt_wip.c | 129 +++
>>> lib/rsa/Makefile | 48 ++
>>> lib/rsa/rsa-sign.c | 460 +++++++++++
>>> lib/rsa/rsa-verify.c | 385 +++++++++
>>> test/vboot/.gitignore | 3 +
>>> test/vboot/sandbox-kernel.dts | 7 +
>>> test/vboot/sandbox-u-boot.dts | 7 +
>>> test/vboot/sign-configs.its | 45 +
>>> test/vboot/sign-images.its | 42 +
>>> test/vboot/vboot_test.sh | 126 +++
>>> tools/Makefile | 23 +-
>>> tools/aisimage.c | 1 -
>>> tools/fit_image.c | 136 +--
>>> tools/image-host.c | 722 ++++++++++++++++
>>> tools/mkimage.c | 36 +-
>>> tools/mkimage.h | 6 +
>>> 53 files changed, 5485 insertions(+), 1783 deletions(-)
>>> create mode 100644 common/image-fit.c
>>> create mode 100644 common/image-sig.c
>>> create mode 100644 doc/uImage.FIT/sign-configs.its
>>> create mode 100644 doc/uImage.FIT/sign-images.its
>>> create mode 100644 doc/uImage.FIT/signature.txt
>>> create mode 100644 doc/uImage.FIT/verified-boot.txt
>>> create mode 100644 include/rsa.h
>>> create mode 100644 lib/rsa/Makefile
>>> create mode 100644 lib/rsa/rsa-sign.c
>>> create mode 100644 lib/rsa/rsa-verify.c
>>> create mode 100644 test/vboot/.gitignore
>>> create mode 100644 test/vboot/sandbox-kernel.dts
>>> create mode 100644 test/vboot/sandbox-u-boot.dts
>>> create mode 100644 test/vboot/sign-configs.its
>>> create mode 100644 test/vboot/sign-images.its
>>> create mode 100755 test/vboot/vboot_test.sh
>>> create mode 100644 tools/image-host.c
>>>
>>> --
>>> 1.8.1.3
>>>
>>> _______________________________________________
>>> U-Boot mailing list
>>> U-Boot at lists.denx.de
>>> http://lists.denx.de/mailman/listinfo/u-boot
More information about the U-Boot
mailing list