How would I do signature verification of standalone binary?

Koch, Fabian Fabian.Koch at hima.com
Thu Dec 5 12:14:26 CET 2024 

Hey all,

I have a SoC which does secure boot in a multi staged process.
(ROM loads a signed SPL to an aux core, which loads another signed SPL to main core, which loads a signed u-boot.img)

But the thing I want u-boot to load, verify signature and then run/boot is a standalone binary app, not a Linux Kernel.
(It does work fine when I load that and run it with the "go" command, but no signature verification is done as of now)

All the research I did pointed towards using signed FIT images and then "bootm" to do the verification and loading.
But I cannot get "bootm" to load a FIT containing only my raw binary standalone app.

Is that road a dead-end and I need to do something completely else?

I would love to stay as close to vanilla u-boot (or at least the SDK vanilla version) and not implement a fully custom signature verification.

Any pointers would be highly appreciated.

kind regards
Fabian

Informationspflicht nach Art. 13 und 14 DS-GVO: https://www.hima.com/de/informationen-DSGVO Information obligation according to Art. 13 and 14 DS-GVO: https://www.hima.com/en/information-GDPR

HIMA Paul Hildebrandt GmbH, Albert-Bassermann-Str. 28, 68782 Bruehl bei Mannheim
Gesellschaft mit beschraenkter Haftung, Sitz Bruehl, Deutschland - Registergericht Mannheim HRB 720409
USt-ID: DE 144286400
WEEE-Reg.-Nr.: DE87326515

Geschaeftsfuehrender Gesellschafter: Steffen Philipp, Geschaeftsfuehrer: Joerg de la Motte (Vorsitz), Dr. Michael Loebig

Diese Nachricht und saemtliche Anhaenge sind vertraulich und duerfen nicht an Dritte weitergeleitet oder sonst veroeffentlicht werden, soweit nicht ausdruecklich etwas anderes bestimmt ist. Falls Sie nicht der beabsichtigte Empfaenger sind, bitten wir Sie, mit dem Absender Kontakt aufzunehmen und diese Nachricht und saemtliche Anhaenge von Ihrem System zu loeschen. Auch in diesem Fall sind Sie weder berechtigt, diese Nachricht oder etwaige Anhaenge zu kopieren noch deren Inhalt einem Dritten zugaenglich zu machen.

This message and its attachments are confidential and can contain privileged information which may not be distributed or published, unless expressly stated otherwise. If you are not the intended recipient, please notify us immediately and delete this email and its attachments. If you have received this communication in error, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.

More information about the U-Boot mailing list