[U-Boot] Force check of RSA-Signature

Simon Glass sjg at chromium.org
Fri Sep 5 18:47:31 CEST 2014


Hi Wolfgang,

On 4 September 2014 23:21, Wolfgang Denk <wd at denx.de> wrote:
> Dear Simon & Ulf,
>
> In message <CAPnjgZ2MH8W05zgHsHXN=ETkEi2hNNZkXk6KdRnet0RebGxXqw at mail.gmail.com> you wrote:
>>
>> > 2) Is there a possibility to check the signature/CRC before copying the
>> > image to ram with imxtract?
>>
>> I'm not sure of the specifics here - sometimes the image must be
>> decompressed, etc. so in principle this is tricky to implement (but not
>> impossible). Another option might be to zero it afterwards if the check
>> fails?
>
> Maybe I misunderstand the question, but: in any case we have to read
> the image from a storage device into memory to be able to look at the
> data, which is obviously needed for computing a checksum or signature.

In principle it is possible to stream the data through the hashing
algorithm and thus verify it without storing it all in memory. Of
course, then if the verification is successful then you would need to
read it again (and perhaps even verify it again if you are paranoid)
to actually run it.

Regards,
Simon


More information about the U-Boot mailing list