[PATCH v6 07/16] boot: image: add a stage pre-load

[Simon Glass]

Hi Philippe,

On Fri, 25 Feb 2022 at 07:58, Philippe Reynes
<philippe.reynes at softathome.com> wrote:
>
> Add a stage pre-load that could
> check or modify an image.
>
> For the moment, only a header with a signature is
> supported. This header has the following format:
> - magic : 4 bytes
> - version : 4 bytes
> - header size : 4 bytes
> - image size : 4 bytes
> - offset image signature : 4 bytes
> - flags : 4 bytes
> - reserved0 : 4 bytes
> - reserved1 : 4 bytes
> - sha256 of the image signature : 32 bytes
> - signature of the first 64 bytes : n bytes

It is a bit hard to understand without docs, but what is the point of
taking the sha256 of the signature?

Also, why is the signature only of the first 64 bytes? Normally we
hash the whole image and then sign that.

> - image signature : n bytes
> - padding : up to header size
>
> The stage uses a node /image/pre-load/sig to
> get some informations:
> - algo-name (mandatory) : name of the algo used to sign
> - padding-name : name of padding used to sign
> - signature-size : size of the signature (in the header)
> - mandatory : set to yes if this sig is mandatory
> - public-key (madatory) : value of the public key

Does this mean you read the DT properties to find out the sig info? I
thought the point of this series was to have a signature check that
did not rely on the devicetree, i.e. another layer of security?

>
> Before running the image, the stage pre-load checks
> the signature provided in the header.
>
> This is an initial support, later we could add the
> support of:
> - ciphering
> - uncompressing
> - ...
>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
> ---
>  boot/Kconfig          |  55 ++++++
>  boot/Makefile         |   1 +
>  boot/image-pre-load.c | 416 ++++++++++++++++++++++++++++++++++++++++++
>  include/image.h       |  14 ++
>  4 files changed, 486 insertions(+)
>  create mode 100644 boot/image-pre-load.c

Regards,
Simon