[U-Boot] Confusion about "u-boot/doc/uImage.FIT/signature.txt"

[Lang Yu]

Hi, sjg,



    I'm YuLang, a software engineer in Hesai Tech. I really appreciate your contribution to secure boot. But I'm confused with your explanation about signature with FIT image in "u-boot/doc/uImage.FIT/signature.txt".  As following，


/ {
images {
kernel at 1 {
data = <data for kernel1>
hash at 1 {
algo = "sha1";
value = <...kernel hash 1...>
};
};
kernel at 2 {
data = <data for kernel2>
hash at 1 {
algo = "sha1";
value = <...kernel hash 2...>
};
};
fdt at 1 {
data = <data for fdt1>;
hash at 1 {
algo = "sha1";
value = <...fdt hash 1...>
};
};
fdt at 2 {
data = <data for fdt2>;
hash at 1 {
algo = "sha1";
value = <...fdt hash 2...>
};
};
};
configurations {
default = "conf at 1";
conf at 1 {
kernel = "kernel at 1";
fdt = "fdt at 1";
signature at 1 {
algo = "sha1,rsa2048";
value = <...conf 1 signature...>;
};
};
conf at 2 {
kernel = "kernel at 2";
fdt = "fdt at 2";
signature at 1 {
algo = "sha1,rsa2048";
value = <...conf 1 signature...>;
};
};
};
};


You can see that we have added hashes for all images (since they are no
longer signed), and a signature to each configuration. In the above example,
mkimage will sign configurations/conf at 1, the kernel and fdt that are
pointed to by the configuration (/images/kernel at 1, /images/kernel at 1/hash at 1,
/images/fdt at 1, /images/fdt at 1/hash at 1) and the root structure of the image
(so that it isn't possible to add or remove root nodes). The signature is
written into /configurations/conf at 1/signature at 1/value. It can easily be
verified later even if the FIT has been signed with other keys in the
meantime.




But what a signature to each configuration really means ?


1. rsa2048-privatekey(sha1(kernel data + fdt data))


2. rsa2048-privatekey(sha1(kernel hash+kernel hash))


3....


Could you give a clear  explanation? Many thanks




Best wishes!

YuLang

Software Engineer

Heai Tech