[U-Boot] AES: Encryption of u-boot.img

bin4ry 0xbin4ry at gmail.com
Mon Sep 30 09:28:16 CEST 2013


Am 13.09.2013 19:28, schrieb Michael Trimarchi:
> Hi
> I don't understand you can decrypt it after load. Why just verify the signature?
>
> Michael
>

This is a proof-of-concept for a technique, which involves
de-/encrypting the u-boot.img with a key derived from a hardware
fingerprint. This is why I can not just verify the signature.

Yes, I want to decrypt it after load. However, I am not sure about the
correct position in the SPL source code to this, i.e. the position after
loading the u-boot.img and before executing it. I assume after
do_fat_read() the u-boot.img is loaded into internal memory and
jump_to_image_no_args() executes the u-boot.img. Thus, the decryption
routine should be implemented between both functions?


More information about the U-Boot mailing list