[PATCH v4 0/6] Add support for ECDSA image signing (with test)
Alex G.
mr.nuke.me at gmail.com
Thu Jan 28 18:54:40 CET 2021
On 1/28/21 10:40 AM, Patrick DELAUNAY wrote:
> Hi Alexandru,
Hi Patrick
> I found in doc/uImage.FIT/signature.txt the description
>
> - key-name-hint: Name of key to use for signing. The keys will
> normally be in a single directory (parameter -k to mkimage).
[snip]
You are correct that the ECDSA path does not use the "key-name-hint".
And this deviates from what RSA does. This is intentional.
[snip]> so today the RSA features seens more compete based on openssl (with
> ENGINE and pkcs11 support for exmaple)
>
> and keydir / keyname seens clear enought...
The the common case with image signing is that one wants to sign an
image with a key. keyname comes from the console, and keydir comes from
the FIT image, which contradicts this simplicity.
Another issue is incorporating this into a bigger build system like
yocto. Now mkimage would impose a specific directory structure for
signing keys. This would not be ideal.
> PS: I think the engine part could be shared between RSA and EDCSA part.
I don't see the benefit of using the engine, and it seems highly
libcrypto specific. It would be a lot more code, with no useful
functionality -- we can ecdsa sign with the simpler code.
[snip]
> This new option -K with full path will be permanent added to mkimage
>
> or it is a temporarily solution (for initial ECDSA implementation).
>
>
> If it is permanent it should be also supported in RSA mode ?
>
> => for example: -K allow to override the "key-name-hint" value
Yes and no. It is temporary in that we'd like to update the RSA path to
be consistent with the ECDSA path. It's permanent in that we want to
have the -'k' option to specify the key filename instead of the key dir.
At least that's my understanding given the previous discussion with Simon.
[snip]
> Sorry to open debate.
> I propose to change the test with previous proposal.
>
[snip]
> with test/py/tests/vboot/sign-images-sha256.its
> fdt at 1 {
> ....
> signature at 1 {
> algo = "sha1,rsa2048";
> - key-name-hint = "dev";
> + key-name-hint = "ecdsa-test-key.pem";
This would go against us wanting to decouple the key filename from the
key name. Consider haing several keys:
dev-key-frobnozzle.pem
prov-key-frobnozzle-r1.pem
prov-key-frobnozzle-r2.pem
prov-key-frobnozzle-r3-after-hack-mitigation.pem
One might not want to expose those key names in the .its. The issue is,
when the fit-image is created, the key filename must be known. But when
the signing happens on a separate machine, the filename really isn't known.
So we should really use the "key-name-hint" as a hint rather than a
filename or part of a filename.
Alex
More information about the U-Boot
mailing list