[U-Boot] U-Boot: Verified Boot: signed configuration and mix and match attack

Johann Neuhauser jneuhauser at dh-electronics.de
Thu Aug 2 13:20:36 UTC 2018 

Hello Simon,

> > Dear U-Boot devs,
> >
> > I've setup verified boot on a imx6 board and want to protect my device
> against the "mix and match" attacks mentioned in
> "doc/uImage.FIT/signature.txt".
> > That's why I have only implemented signed configurations and no signed
> images as in doc/uImage.FIT/signed-configs.its.
> > My public key in my embedded fdt has the property required = "conf";
> >
> > Booting a signed config with "bootm ${loadaddr}#conf at 1" and an
> embedded public key required for configurations does work as expected and
> do fail to boot if I modify the config, image, hash, signature and so on.
> >
> > If I boot any fit image(signed and unsigned) for example with "bootm
> ${loadaddr}:kernel at 1 - fdt at 1" to select the subimages directly, I could boot
> every image combination without signature verification although a signature
> is enforced for a configuration.
> >
> > Is this the expected behavior?
> >
> > I thought if I had set the public key in in the embedded fdt as required for
> configurations, bootm does only boot signed configurations and no
> subimages directly...
> 
> I don't think there is any restriction on that at the moment. You are explicitly
> asking to boot particular images rather than a config. So I suppose it would be
> odd if U-Boot tried to enforce a config. Are you thinking it should try to find a
> config that has those images in it?

No, I expected that I cannot boot sub images directly if there is a required public key for a configuration.
After a dive into the bootm source I think this is not easily possible to enforce this behavior.

> But why not just specify the config to bootm?

At first I wanted to use a simple boot script wrapped in a fit image (unsigned) and
have only the needed commands enabled in U-Boot.
Now I switched to a signed U-Boot script as boot script and can be sure that this one gets not tampered.
The only bad thing is here that the source command does only have support for fit sub images and 
I have to sign the config and the image of my system image if I had a required certificate for images and configs.

Probably this behavior should be mentioned in the doc.

Many thanks for the clarification.

Best regards
Johann Neuhauser

More information about the U-Boot mailing list