[U-Boot] AES: Encryption of u-boot.img

Albert ARIBAUD albert.u.boot at aribaud.net
Sun Sep 15 08:08:35 CEST 2013


Hi bin4ry,

On Fri, 13 Sep 2013 16:57:20 +0200, bin4ry <0xbin4ry at gmail.com> wrote:

> Hi everyone,
> 
> I want to implement a minimal secure boot architecture into u-boot by
> letting the u-boot.img be decrypted during SPL execution. Thus, the
> u-boot.img is present on the MMC in an encrypted version. I already
> implemented a basic AES-128 en-/decryption algorithm into the SPL.

What's the point of encrypting the whole binary? Secure boot usually
uses authentication, not encryption, of the payload that is to be
secured: instead of decrypting several hundreds of KBs, you hash them
(which is faster) and decrypt only the few hundreds bits of the
encrypted hash in order to compare both hashes (but trust chain remains
the same of course).

Note: if you chose payload encryption over authentication (hash
encryption) because you are worried about collision, preimage or even
second preimage resistance, then you should just go with use a stronger
hash function. Besides, for a small and compact payload such as a
bootloader, the risks of collisions are reduced because there is less
room in the input space.

Amicalement,
-- 
Albert.


More information about the U-Boot mailing list