[U-Boot] [swupdate] Re: SWUpdate - U-Boot environment library dependency

Wolfgang Denk wd at denx.de
Wed Nov 21 14:27:49 UTC 2018


Dear Stefano,

In message <7089ef62-ed0f-87f4-e979-8c18a6ae4b62 at denx.de> you wrote:
>
> > Right, when we sign (and check the signatures) of all other images,
> > then why not do the very same for some environment image?
>
> The weird thing is with "saveenv" - if we just read the env, it is fine,
> but if we want to change it, we need to sign, and this requires a
> private key on target.

Agreed, but this is a totaly different issue.

The separate (potentially singed0 environment image is only the
replacement for the current "default environment", which is not
used for "env save".  In the same way, there is no need to modfy the
signed image.

But yes, it might be desirable to protect the working environment
against malicious manipulation - but this should be discussed in a
separate thread.

> > That would even be _better_ as currently there is no, absolutely no
> > check if the builtin default environment is in any way consistent.
>
> This is not true. If the environment is linked to u-boot, it is signed
> together with u-boot and its consistency is automatically verified.

Only if you use signed images.  With plain U-Boot, there is not even
a checksum for it...

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
If all you have is a hammer, everything looks like a nail.


More information about the U-Boot mailing list