[U-Boot] [PATCH v2 0/45] Verified boot implementation based on FIT

Simon Glass sjg at chromium.org
Wed Apr 17 20:33:14 CEST 2013


Hi Jagan,

On Wed, Apr 17, 2013 at 11:26 AM, Jagan Teki <jagannadh.teki at gmail.com> wrote:
> Hi Simon,
>
> On Wed, Apr 17, 2013 at 7:50 PM, Simon Glass <sjg at chromium.org> wrote:
>> Hi,
>>
>> On Mon, Apr 15, 2013 at 1:38 AM, Jagan Teki <jagannadh.teki at gmail.com> wrote:
>>> Hi Simon,
>>>
>>> I am new to this verification boot concept, could you please clarify
>>> my questions.
>>>
>>> On Tue, Mar 19, 2013 at 5:21 AM, Simon Glass <sjg at chromium.org> wrote:
>>>> This series implemented a verified boot system based around FIT images
>>>> as discussed on the U-Boot mailing list, including on this thread:
>>>>
>>>> http://permalink.gmane.org/gmane.comp.boot-loaders.u-boot/147830
>>>>
>>>> RSA is used to implement the encryption. Images are signed by mkimage
>>>> using private keys created by the user. Public keys are written into
>>>> U-Boot control FDT (CONFIG_OF_CONTROL) for access by bootm etc. at
>>>> run-time. The control FDT must be stored in a secure place where it
>>>
>>> 1. Who is doing RSA encryption for images?
>>>     does RSA lib will do with the help of mkimage, if so where can the
>>> lib will get the private key. ?
>>
>> There is a script in test/vboot which shows how this is done.
>> Basically we use openrsa tools to create a private key.
>>
>>> 2. This RSA alogo will encrypt the entire (image+hash) or only encrypt
>>> the hash on each individual image?
>>
>> Be careful with terminology - we don't actually encrypt the images -
>> we only sign them. Signing means that we hash the image and (if you
>> like) encrypt the hash.
>
> Ok, means RSA will encrypt the image, is it?

No, RSA encrypting the image would be very slow. We only encrypt the
hash of the image - this is typically called 'signing the image'.

> There is a AES crypt on lib/aes, can we use aes to encrypt the image
> and RSA for hash, is there any possibility in u-boot
> to do aes and rsa encrypt and decrypt process and boot.

You could use AES to encrypt the image, but that is not supported by
my implementation. You could probably implement this quite easily
since U-Boot already supports AES and already supports decompressing
images, which is sort-of similar.

If you are asking to use AES instead of RSA for the signing, then I'm
not sure what you are trying to achieve. AES requires a shared private
key, and if you have that, you may as well just have a shared hash.
The point of using RSA is that we can sign images which the original
firmware will recognise (based on its public key) without needing to
update that public key in what is assumed to be read-only firmware.

Perhaps it would help if you stepped up a level and explained the
problem you are trying to solve?

Regards,
Simon

>
>>
>> We provide two options:
>>
>> a. Sign each image independently - here we sign the image data
>> b. Sign the configuration, in which case we don't actually sign the
>> image data, only their hashes
>
> What does sign a data image means, can u please clarify.
>
> Thanks,
> Jagan.
>
>>
>>> 3. How can we provide the public key using u-boot devicetree, is there
>>> any other way to provide this key other than dtb?
>>
>> This is describes in the documentation. We use mkimage to add the
>> public key to your device tree. There is no other way currently
>> implemented - at present you need CONFIG_OF_CONTROL. However, with
>> generic board it should be a simple matter to add this for most
>> boards. The device tree is convenient because it supports
>> structured/tagged data, making it clean and easy to store the
>> information.
>>
>>> 4. Suppose some one/other tool does an encryption which consists of
>>> encrypted image+public key, so does your rsa code
>>>     will verify and boot?
>>
>> You don't need to use mkimage - you can certainly create your own tool
>> which does the same thing. Provided you achieve the same result then
>> bootm will still verify and boot.
>>
>> Regards,
>> Simon
>>
>>>
>>> Thanks,
>>> Jagan.
>>>
>>>> cannot be changed after manufacture. Some notes are provided in the
>>>> documentaion on how this can be achieved. The implementation is fairly
>>>> efficient and fits nicely into U-Boot. FIT plus RSA adds around 18KB
>>>> to SPL size which is manageable on modern SoCs.
>>>>
>>>> When images are loaded, they are verified with the public keys.
>>>>
>>>> Some minor restructuring of the image code is included in this series,
>>>> since we now support signatures as well as hashes.
>>>>
>>>> It is important to have a test framework for this series. For this, sandbox
>>>> is used, and a script is provided which signs images and gets sandbox to
>>>> load them using a script, to check that all is well. So some of the patches
>>>> here related to adding image support for sandbox. A follow-on series is
>>>> somewhat more agressive in further refactoring the FIT image support to
>>>> clean it up improve maintainability.
>>>>
>>>> Rollback prevention has been added in a separate TPM patch. This ensures
>>>> that an attacker cannot boot your system with an old image that has been
>>>> compromised. Support for this is not built into bootm, but instead must
>>>> be scripted in U-Boot. It is possible that a standard scheme for this could
>>>> be devised by adding version number tags to the signing procedure. However
>>>> scripts do provide more flexibility. The TPM patch is here:
>>>>
>>>> http://patchwork.ozlabs.org/patch/224163/
>>>>
>>>> This series is available at:
>>>>
>>>> http://git.denx.de/u-boot-x86.git
>>>>
>>>> in the branch 'vboot'.
>>>>
>>>> I have received a number of off-list comments - please do copy the list when
>>>> replying so that everyone can see your comments.
>>>>
>>>> Changes in v2:
>>>> - Add IMAGE_ENABLE_IGNORE to avoid #ifdef around ignore property handling
>>>> - Add comment about why mkimage needs to open FIT with O_RDWR
>>>> - Add new patch to control FIT image printing in SPL
>>>> - Add new patch to remove #ifdefs in image-fit.c
>>>> - Add sanity checks on key sizes in RSA (improves security)
>>>> - Adjust how signing enable works in image.h
>>>> - Adjust mkimage help to separate out signing options
>>>> - Allow the control FDT to be set even if there is currently no control FDT
>>>> - Avoid using malloc in RSA routines (for smaller SPL code size)
>>>> - Build signing support unconditionally in mkimage
>>>> - Change hash_block() to use an unsigned int len
>>>> - Clarify use of output_size parameter to hash_block()
>>>> - Correct bug in setting control FDT
>>>> - Fix FDT error handling in fit_image_write_sig()
>>>> - Fix checkpatch checks about parenthesis alignment
>>>> - Fix checkpatch warnings about space after cast
>>>> - Fix checkpatch warnings about split strings
>>>> - Fix line continuation problem
>>>> - Fix spelling of multiply in rsa-verify.c
>>>> - Fix spelling of quite
>>>> - Fix typo "os defined" -> "is defined"
>>>> - Move sandbox's command list patch from a later series
>>>> - Only build RSA support into mkimage if CONFIG_RSA is defined
>>>> - Put err_msgp strings on a single line
>>>> - Put params before description in fit_conf_get_prop_node() comment
>>>> - Rebase on previous patches
>>>> - Rebase to use updated fdt_valid() function
>>>> - Rename commit message to say "function" instead of "function"
>>>> - Require CONFIG_FIT_SIGNATURE in image.h for mkimage to support signing
>>>> - Revert the whole change including the set_working_fdt_addr() part
>>>> - Support RSA library version without ERR_remove_thread_state()
>>>> - Tweak tools/Makefile to make image signing optional
>>>> - Update README to fix typos
>>>> - Update README to fix typos and clarify some points
>>>> - Use U-Boot's -c option instead of hard-coding a boot script
>>>> - Use gd->arch.ram_buf instead of gd->ram_buf (now that generic board is in)
>>>> - Use stack instead of calloc() within U-Boot's signature verification code
>>>> - fdt_valid() sets the FDT pointer to NULL on error, to simplify callers
>>>> - gd->fdt_blob is now available on all archs (generic board landed)
>>>>
>>>> Simon Glass (45):
>>>>   sandbox: config: Enable CONFIG_FIT and CONFIG_CMD_FIT
>>>>   bootstage: Don't build for HOSTCC
>>>>   mkimage: Move ARRAY_SIZE to header file
>>>>   libfdt: Add fdt_next_subnode() to permit easy subnode iteration
>>>>   image: Move timestamp #ifdefs to header file
>>>>   image: Export fit_check_ramdisk()
>>>>   image: Split FIT code into new image-fit.c
>>>>   image: Move HOSTCC image code to tools/
>>>>   image: Split hash node processing into its own function
>>>>   image: Convert fit_image_hash_set_value() to static, and rename
>>>>   image: Rename fit_image_check_hashes() to fit_image_verify()
>>>>   image: Move hash checking into its own function
>>>>   image: Move error! string to common place
>>>>   image: Export fit_conf_get_prop_node()
>>>>   image: Rename fit_add_hashes() to fit_add_verification_data()
>>>>   image: Rename hash printing to fit_image_print_verification_data()
>>>>   sandbox: Add CONFIG_OF_HOSTFILE to read FDT from host file
>>>>   fdt: Add a parameter to fdt_valid()
>>>>   Add getenv_hex() to return an environment variable as hex
>>>>   fdt: Allow fdt command to check and update control FDT
>>>>   sandbox: fdt: Support fdt command for sandbox
>>>>   env: Fix minor comment typos in cmd_nvedit
>>>>   fdt: Skip checking FDT if the pointer is NULL
>>>>   Revert "fdt- Tell the FDT library where the device tree is"
>>>>   Add stdarg to vsprintf.h
>>>>   Add minor updates to README.fdt-control
>>>>   hash: Add a way to calculate a hash for any algortihm
>>>>   sandbox: config: Enable FIT signatures with RSA
>>>>   sandbox: Provide a way to map from host RAM to U-Boot RAM
>>>>   sandbox: image: Add support for booting images in sandbox
>>>>   image: Add signing infrastructure
>>>>   image: Support signing of images
>>>>   image: Add RSA support for image signing
>>>>   mkimage: Put FIT loading in function and tidy error handling
>>>>   mkimage: Add -k option to specify key directory
>>>>   mkimage: Add -K to write public keys to an FDT blob
>>>>   mkimage: Add -F option to modify an existing .fit file
>>>>   mkimage: Add -c option to specify a comment for key signing
>>>>   mkimage: Add -r option to specify keys that must be verified
>>>>   libfdt: Add fdt_find_regions()
>>>>   image: Add support for signing of FIT configurations
>>>>   image: Remove remaining #ifdefs in image-fit.c
>>>>   image: Add CONFIG_FIT_SPL_PRINT to control FIT image printing in SPL
>>>>   sandbox: Allow -c argument to provide a command list
>>>>   Add verified boot information and test
>>>>
>>>>  Makefile                         |    1 +
>>>>  README                           |   21 +
>>>>  arch/sandbox/cpu/cpu.c           |    5 +
>>>>  arch/sandbox/cpu/start.c         |    9 +-
>>>>  arch/sandbox/include/asm/io.h    |    2 +
>>>>  arch/sandbox/include/asm/state.h |    1 +
>>>>  arch/sandbox/lib/board.c         |   38 +-
>>>>  common/Makefile                  |    2 +
>>>>  common/cmd_bootm.c               |   37 +-
>>>>  common/cmd_fdt.c                 |   87 +-
>>>>  common/cmd_fpga.c                |    2 +-
>>>>  common/cmd_nvedit.c              |   19 +-
>>>>  common/cmd_source.c              |    2 +-
>>>>  common/cmd_ximg.c                |    2 +-
>>>>  common/hash.c                    |   23 +
>>>>  common/image-fit.c               | 1533 ++++++++++++++++++++++++++++++++++
>>>>  common/image-sig.c               |  430 ++++++++++
>>>>  common/image.c                   | 1686 +-------------------------------------
>>>>  common/main.c                    |    8 -
>>>>  common/update.c                  |    2 +-
>>>>  config.mk                        |    1 +
>>>>  doc/README.fdt-control           |   13 +-
>>>>  doc/mkimage.1                    |   73 +-
>>>>  doc/uImage.FIT/sign-configs.its  |   45 +
>>>>  doc/uImage.FIT/sign-images.its   |   42 +
>>>>  doc/uImage.FIT/signature.txt     |  382 +++++++++
>>>>  doc/uImage.FIT/verified-boot.txt |  104 +++
>>>>  include/bootstage.h              |    5 +-
>>>>  include/common.h                 |   18 +
>>>>  include/configs/sandbox.h        |    6 +
>>>>  include/hash.h                   |   22 +
>>>>  include/image.h                  |  265 +++++-
>>>>  include/libfdt.h                 |   81 ++
>>>>  include/rsa.h                    |  108 +++
>>>>  include/vsprintf.h               |    2 +
>>>>  lib/fdtdec.c                     |    3 +-
>>>>  lib/libfdt/fdt.c                 |   12 +
>>>>  lib/libfdt/fdt_wip.c             |  129 +++
>>>>  lib/rsa/Makefile                 |   48 ++
>>>>  lib/rsa/rsa-sign.c               |  460 +++++++++++
>>>>  lib/rsa/rsa-verify.c             |  385 +++++++++
>>>>  test/vboot/.gitignore            |    3 +
>>>>  test/vboot/sandbox-kernel.dts    |    7 +
>>>>  test/vboot/sandbox-u-boot.dts    |    7 +
>>>>  test/vboot/sign-configs.its      |   45 +
>>>>  test/vboot/sign-images.its       |   42 +
>>>>  test/vboot/vboot_test.sh         |  126 +++
>>>>  tools/Makefile                   |   23 +-
>>>>  tools/aisimage.c                 |    1 -
>>>>  tools/fit_image.c                |  136 +--
>>>>  tools/image-host.c               |  722 ++++++++++++++++
>>>>  tools/mkimage.c                  |   36 +-
>>>>  tools/mkimage.h                  |    6 +
>>>>  53 files changed, 5485 insertions(+), 1783 deletions(-)
>>>>  create mode 100644 common/image-fit.c
>>>>  create mode 100644 common/image-sig.c
>>>>  create mode 100644 doc/uImage.FIT/sign-configs.its
>>>>  create mode 100644 doc/uImage.FIT/sign-images.its
>>>>  create mode 100644 doc/uImage.FIT/signature.txt
>>>>  create mode 100644 doc/uImage.FIT/verified-boot.txt
>>>>  create mode 100644 include/rsa.h
>>>>  create mode 100644 lib/rsa/Makefile
>>>>  create mode 100644 lib/rsa/rsa-sign.c
>>>>  create mode 100644 lib/rsa/rsa-verify.c
>>>>  create mode 100644 test/vboot/.gitignore
>>>>  create mode 100644 test/vboot/sandbox-kernel.dts
>>>>  create mode 100644 test/vboot/sandbox-u-boot.dts
>>>>  create mode 100644 test/vboot/sign-configs.its
>>>>  create mode 100644 test/vboot/sign-images.its
>>>>  create mode 100755 test/vboot/vboot_test.sh
>>>>  create mode 100644 tools/image-host.c
>>>>
>>>> --
>>>> 1.8.1.3
>>>>
>>>> _______________________________________________
>>>> U-Boot mailing list
>>>> U-Boot at lists.denx.de
>>>> http://lists.denx.de/mailman/listinfo/u-boot


More information about the U-Boot mailing list