[U-Boot] U-boot FIT Signature

Tue Feb 28 08:58:54 UTC 2017

Hi Maria,
On Tue, 2017-02-28 at 08:50 +0100, Maria Sepulveda wrote:
> > On Mon, 2017-02-20 at 12:33 +0100, Maria Sepulveda wrote:
> > > 
> > > The reason to store the public key on an external device is to verify
> > > that it is our hardware.
> > Do you want to verify it is your hardware or do you want to verify the
> > Software
> > is the one you designated to run on this hardware?
> I want to avoid that someone could use my Software in a different hardware.
> > 
> > > 
> > > This is my idea:
> > > 
> > > In the host:
> > > 
> > > 1. Sign my fit image with mkimage.
> > > 2. Store the public key in some i2c device ( crypto-memory, read-only
> > > device, TPM)
> > > 
> > > In the target:
> > > 
> > > 1. Start U-boot and load my standalone application.
> > > Using i2c functions, I would like to check the i2c address of my
> > > external device (i2c_probe function) and read the public key stored
> > > inside. Then, I want to pass the public key to the U-boot to do the
> > > verification.
> > > I am not sure about if the public key has to be always stored in DBT to
> > > do the verification (in both: DBT and external device) or it could just
> > > be in the external device.
> > > This is my configuration to enable verification:
> > > 
> > > [...]
> > > 2. U-boot load the fit image  (bootm command)
> > > 
> > > This is the general idea but first of all, I need to know if it is
> > > possible to do that and how I could store the public key in somewhere
> > > else, not only in dtb.
> > As far as i know it is not designated to store the public key outside the
> > DTB
> > so it would need some coding on your side.
> > 
> > As i said before you can do the verification with less effort, storing a
> > checksum of your public key in a save place. It will take less space and
> > you
> > can make sure your public key, stored in the DTB, has not been modified by
> > a
> > third party.
> > 
> > You just need to calculate a checksum over your public key at runtime and
> > compare it to the securely stored one, if they match your public key is
> > authenticated
> > 
> > Maybe your processor has some builtin secure boot mechanism?
> I am using an AM3352 processor and I think it doesn't have any secure 
> boot mechanism. That's why I would like to do the security part of my 
> project in U-Boot before load the kernel image.
Ok, then you are on the right path :)

> Maybe your idea could satisfy my needs. I will calculate a checksum over 
> the public key that will be stored in an external device. With a 
> standalone U-Boot Application, I will read the checksum from the 
> external device and check that the public key hasn't been tampered with. 
> If everything is right, U-Boot will load the FIT image.
correct.

> My question now is how to do that. I have read about 'crc' command but I 
> don't know if there is a better way to check at runtime the checksum of 
> the public key stored in dtb and compare it with the one stored in my 
> external device.
In U-Boot there is a function called "calculate_hash" in "common/image-fit.c".
For ease of use you can just verify the whole devicetree. You could use the
function to calculate the hash over your devicetree in u-boot runtime. The hash
to be stored in your external device you can calculate using openssl. I suggest
you use sha256 as hash-function. 

On your host:
openssl dgst -sha256 -binary -out checksum.bin u-boot.dtb 

in u-boot code:

uint8_t value[SHA256_SUM_LEN];
int value_len;

calculate_hash(start_address, size, "sha256", (unsigned char *)value,
&value_len);

And then memcmp "value" to the hash you took from the external
device(checksum.bin).

best regards

Markus
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-60 Fax: (+49)-8142-66989-80 Email: mv at denx.de