[U-Boot] Extract RSA Keys from image
Jeridiah.Welti at bench.com
Jeridiah.Welti at bench.com
Tue Feb 19 15:30:03 UTC 2019
I am working on an application needing the ability to update to a verified image from the running kernel/application.
We can follow the "normal" verified image boot sequence, where the chain of trust is verified from U-Boot to image to execution, etc, but unsure how to verify a new image after already running.
Is there a way to extract the public key hash from the U-Boot image so that we can compute a hash on an upgrade image and verify a match? Either an existing tool, or some means that is accessibly from a Linux kernel that we could use to grab this information.
I've done a lot of googling, and I have not seen any means to get to this once the image is already booted and running.
Thank you for any guidance you can provide for this.
Jeridiah Welti
More information about the U-Boot
mailing list