Fit Signature booting without public key

Tom Rini trini at konsulko.com
Thu May 25 16:05:28 CEST 2023


On Thu, May 25, 2023 at 11:21:44AM +0530, Manorit Chawdhry wrote:
> Hi Tom,
> 
> On 11:30-20230516, Tom Rini wrote:
> > On Tue, May 16, 2023 at 12:11:24PM +0530, Manorit Chawdhry wrote:
> > 
> > > Hi All,
> > > 
> > > I recently came upon a discussion that had happened a while back [0].
> > > I want to continue the discussion as I believe the issue still persists
> > > and the checks around fit signature booting are still the same, that
> > > allows booting the fit without changing the uboot dtb.
> > > 
> > > Allowing the signed fit image without this seems to be a bypass that is
> > > available and should not be allowed without any gate to it for people
> > > who'd like to enforce these signing checks. Let me know if there is a
> > > config already available for it and if not, are there any plans to
> > > enable such a config in future. Would like to hear your opinions on
> > > this as I believe this should be fixed as soon as possible.
> > > 
> > > [0]: https://u-boot.denx.narkive.com/dEClg9dW/signed-fit-image-boots-without-public-key
> > 
> > Yes, can you please reproduce the issue in question on the current tree,
> > with a supported platform and provide the defconfig and steps you used
> > for this issue? Thanks.
> > 
> > -- 
> 
> I've created a branch with some custom patches to make the fitimage
> booting currently, please try with the branch and the fitimage that are
> also committed [0].
> 
> The devices that I've tested this with is j721e-hs-evm, the defconfig to
> use for the builds are j721e_evm_r5_defconfig and
> j721e_evm_a72_defconfig. Although not synced up with the latest changes
> but for reference the SDK documentation can help if required [1].
> 
> Attached the logs for reference with the signed fitimage and an unsigned
> uboot without any modifications[2].
> 
> [0]: https://github.com/manorit2001/u-boot/tree/fit-image-poc
> [1]: https://software-dl.ti.com/jacinto7/esd/processor-sdk-linux-jacinto7/08_06_00_11/exports/docs/linux/Foundational_Components/U-Boot/UG-General-Info.html
> [2]: https://gist.github.com/manorit2001/3c49cfc19bf937783efb75fd4cddc58f

I don't see the problem there, but please go and investigate what
problem you're seeing.  The intention is that yes, with the appropriate
CONFIG settings, you can set U-Boot to only boot signed FIT
configurations and unsigned ones should not boot.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20230525/6ccfb330/attachment.sig>


More information about the U-Boot mailing list