[U-Boot] [PATCH] fit: skip signature verification if board request

Tom Rini trini at konsulko.com
Thu Apr 12 13:53:40 UTC 2018 

On Wed, Apr 11, 2018 at 11:13:05PM +0800, Jun Nie wrote:

> It may be unnecessary to check signature on unlocked board.
> Get the hint from platform specific code to support secure boot
> and non-secure boot with the same binary, so that boot is not
> blocked if board is not locked and has no key for signature
> verification.
> 
> Signed-off-by: Jun Nie <jun.nie at linaro.org>
> ---
>  common/image-sig.c | 17 +++++++++++++++++
>  1 file changed, 17 insertions(+)
> 
> diff --git a/common/image-sig.c b/common/image-sig.c
> index d9f712f..f3d1252 100644
> --- a/common/image-sig.c
> +++ b/common/image-sig.c
> @@ -151,6 +151,11 @@ struct image_region *fit_region_make_list(const void *fit,
>  	return region;
>  }
>  
> +int __attribute__((weak)) fit_board_skip_sig_verification(void)
> +{
> +	return 0;
> +}
> +
>  static int fit_image_setup_verify(struct image_sign_info *info,
>  		const void *fit, int noffset, int required_keynode,
>  		char **err_msgp)
> @@ -188,6 +193,12 @@ int fit_image_check_sig(const void *fit, int noffset, const void *data,
>  	uint8_t *fit_value;
>  	int fit_value_len;
>  
> +	/* Skip verification if board says that */
> +	if (fit_board_skip_sig_verification()) {
> +		printf("signature check skipped\n");
> +		return 0;
> +	}
> +
>  	*err_msgp = NULL;
>  	if (fit_image_setup_verify(&info, fit, noffset, required_keynode,
>  				   err_msgp))
> @@ -438,6 +449,12 @@ int fit_config_verify_required_sigs(const void *fit, int conf_noffset,
>  	int noffset;
>  	int sig_node;
>  
> +	/* Skip verification if board says that */
> +	if (fit_board_skip_sig_verification()) {
> +		printf("signature check skipped\n");
> +		return 0;
> +	}
> +
>  	/* Work out what we need to verify */
>  	sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME);
>  	if (sig_node < 0) {

I'm not sure I like the concept here.  Wouldn't this make it easier to
break in to a secure setup with some binary editing?  Or is that really
no worse than today?  Also, can you please follow up with an
implementation of fit_board_skip_sig_verification?  Thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20180412/83319551/attachment.sig>

More information about the U-Boot mailing list