[U-Boot] AES: Encryption of u-boot.img

Albert ARIBAUD albert.u.boot at aribaud.net
Sat Oct 5 12:03:30 CEST 2013


Hi bin4ry,

Sorry for the delay in answering.

On Mon, 30 Sep 2013 09:51:54 +0200, bin4ry <0xbin4ry at gmail.com> wrote:

> Hi Albert,
> 
> so if I get you right the workflow for payload authentication is the
> following:
> 
> Encryption process:

(you really should not talk about "encryption process" if your goal is
authentication rather than encryption. The correct term would be
somehting like "signature process" and "signature verification process")
 
> 1. Create hash value H for u-boot.img
> 2. Encrypt the hash value H with secret K to get encrypted hash values H_enc
> 3. Store H_enc
>
> Decryption process:
> 
> 1. Read H_enc
> 2. Decrypt H_enc using secret K to get plain hash values H
> 3. Create Hash values H' of u-boot.img
> 4. Compare H and H'
> 
> Did I get you right?

Almost, but not quite.

The most important problem is that you seem to assume use of symmetric
encryption , since your 'K' seems to be both the encryption and
decryption key. That is not good, because K is needed on the target for
the verification phase, and thus, could then be used by an attacker to
encrypt the hash of a malicious payload that would then pass
verification. You need asymetric encryption, with a pair of public and
private keys. The private key is used in the signing process, for
encrypting the hash. The public key is on the device and is used in the
verification process, for decrypting the encrypted hash.

But then, of course, you can't simply have the public key in Flash,
because the attacker could generate a new pair of keys, then sign the
malicious payload hash with the new private key and flash the new
public key. Therefore, you need a way to secure the public key. One way
is to have it in ROM, but this could be against silicon or manufacter
budget. Fuses are usually not big enough, but you could fuse a hash of
the key.

Note that, in any case, authentication only makes senses if you can
trust the piece of software on the arget that will check the key and
verify the payload hash... Which means you need some secure mode on the
device to boot (pun intended). And that mode will probably already
include a way of signing the payloads.

> Thanks and best regards,

You're welcome.

> -b

Amicalement,
-- 
Albert.


More information about the U-Boot mailing list