[U-Boot] Hi Simon, There may exist a problem about FIT image signature verify , can you check this problem?
Simon Glass
sjg at chromium.org
Tue Oct 21 18:27:47 CEST 2014
Hi Jason,
On 20 October 2014 20:52, Duxiaoqiang <duxiaoqiang at huawei.com> wrote:
> Hi Simon & All
>
>
>
> These days I tested verified U-Boot on ARM Foundation. And I found a problem
> when I tested like this:
>
> 1) Generate a FIT image and signature blob file like: mkimage –D “-I
> dts –O dtb –p 2000” –F kernel.its –k keys –K fvp.dtb –r signed_image.fit
>
> 2) Compile the Uboot like :
>
> Step1: Make distclean
>
> Step2: Make DEVICE_TREE=foundation all. After this step, there generated a
> u-boot-dtb.bin file, but public key was not contained in it.
>
>
>
> Normally I should use the public key contained blob file fvp.dtb to compile
> Uoobt like: make EXT_DTB=<path>/fvp.dtb.
>
> In my test case, I omitted the last step, and just choose step2’s result to
> test.
>
>
>
> 3) Package firmware together with uboot
>
> 4) Boot system on Foundation
>
>
>
> For the signed_image.fit contains the signature information, but U-Boot has
> no public key information contained, When U-boot load the image,
>
> There occurred error information like “: No signature node found: ", this
> result was normal.
>
> But the system wasn’t stopped after this error information, it keep going on
> and boot the system success at last!
>
> I checked the source code about UBoot, and found problem in function
> fit_config_verify_required_sigs
>
> Please note the red part.
>
>
>
> int fit_config_verify_required_sigs(const void *fit, int conf_noffset,
>
> const void *sig_blob)
>
> {
>
> int noffset;
>
> int sig_node;
>
>
>
> /* Work out what we need to verify */
>
> sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME);
>
> if (sig_node < 0) {
>
> debug("%s: No signature node found: %s\n", __func__,
>
> fdt_strerror(sig_node));
>
> return 0; à Since mismatch exists between UBoot and images,
> system should return a error code. Return 0 means the result was ok.
>
> }
>
> ………
>
>
>
> After I modified return0 to return -1, result seems ok.
>
>
>
> Please check this problem, and confirm should I have to commit a patch or
> someone else will modify it.
Well yes this is what happens. You have no keys, so you are not asking
for verification. The code seems correct to me. If you change it, then
it will not be possible to boot an image without a signature. Lots of
people use plain FITs with no signatures.
Regards,
Simon
More information about the U-Boot
mailing list