[U-Boot] [swupdate] Re: SWUpdate - U-Boot environment library dependency

Simon Goldschmidt simon.k.r.goldschmidt at gmail.com
Wed Nov 21 14:37:55 UTC 2018


Am Mi., 21. Nov. 2018, 15:27 hat Wolfgang Denk <wd at denx.de> geschrieben:

> Dear Stefano,
>
> In message <7089ef62-ed0f-87f4-e979-8c18a6ae4b62 at denx.de> you wrote:
> >
> > > Right, when we sign (and check the signatures) of all other images,
> > > then why not do the very same for some environment image?
> >
> > The weird thing is with "saveenv" - if we just read the env, it is fine,
> > but if we want to change it, we need to sign, and this requires a
> > private key on target.
>
> Agreed, but this is a totaly different issue.
>
> The separate (potentially singed0 environment image is only the
> replacement for the current "default environment", which is not
> used for "env save".  In the same way, there is no need to modfy the
> signed image.
>
> But yes, it might be desirable to protect the working environment
> against malicious manipulation - but this should be discussed in a
> separate thread.
>
> > > That would even be _better_ as currently there is no, absolutely no
> > > check if the builtin default environment is in any way consistent.
> >
> > This is not true. If the environment is linked to u-boot, it is signed
> > together with u-boot and its consistency is automatically verified.
>
> Only if you use signed images.  With plain U-Boot, there is not even
> a checksum for it...
>

When SPL loads U-Boot from a legacy image, isn't there a CRC involved over
the full image including the environment?

Simon

>


More information about the U-Boot mailing list