FIT signature security flay

Fri Oct 25 23:14:16 CEST 2024

Hi Lev,

On 10/14/24 13:15, Lev R. Oshvang wrote:
> [You don't often get email from levonshe at gmail.com. Learn why this is important at https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2faka.ms%2fLearnAboutSenderIdentification&umid=d3086c41-4950-4369-b35b-dfbad134e05e&auth=d807158c60b7d2502abde8a2fc01f40662980862-da2f573d80b6a54ab9f8699b0376fb4e503517ea ]
> 
> Hi Sean,
> Thanks for replying.
> Of course, I have public key embedded into u-boot dtb.
> I see it with dtdiff utility clearly., that it has rsa components and
> mention required property, but there are no means  :
> -       signature {
> -
> -               key-dev_key {
> -                       algo = "sha1,rsa2048";
> -                       key-name-hint = "dev_key";
> -                       required = "conf";
> -                       rsa,exponent = <0x00 0x10001>;
> -                       rsa,modulus = <0xca0facd8 0xc8a49486
> 0x9785b0a8 0xd8560eae 0xffaefc34 0xd958e8d9 0xba5b1623 0x197b8ae
> 0x216b0699 0xb5f048ab 0x1167f69a 0x3d02f44b 0xe1bdc8f3 0x533eaa9c
> 0xd2ce119d 0xf34d90e7 0x9f470b92 0xa672fc84 0x25ce9a70 0x1ba0422f
> 0xa92f1dc2 0x8a6026e9 0xc06c080 0x23d300b0 0xe1c325aa 0x9c229a84
> 0x40a59d7 0x3f59c482 0x7eb27b44 0x9e6d300 0xbd36a4c4 0x5cc65b1
> 0xb5708d8a 0xfc19f30 0x11ce5b3 0xed2c646b 0x77492129 0x4b0382ab
> 0xcf7ac83d 0x93ca0078 0x6f4db3f7 0xd9934ef1 0x2bdb929c 0x4e0726fd
> 0x56568874 0xf0950b02 0x1b2c51ae 0x94d685a4 0x6edd9044 0xb62bb692
> 0x3b131cc8 0xce8c1649 0x41726a8 0x34282ad7 0x7c978b86 0xf970b5cc
> 0xc0505052 0x392a0a39 0xf9b25e93 0x5f32ff98 0x38b8ceda 0xda3a2855
> 0x2bbcb269 0x61db7b91>;
> -                       rsa,n0-inverse = <0xc1255a8f>;
> -                       rsa,num-bits = <0x800>;
> -                       rsa,r-squared = <0x50fdcf54 0x76c283ab
> 0x897a6a96 0x5011d310 0xc70c897 0x638fdc61 0xbde79c4c 0x5a66d6a5
> 0x7747e613 0xcac6b564 0x62456d6c 0x73d3f181 0xfd1d48ae 0xf8159021
> 0xa5c7cadf 0xf3ea3aee 0x3a801e43 0xc4d573cd 0x2c7e8dc 0x44030a5d
> 0xa679da1f 0xad11fad2 0x93fc1da4 0xb3ca4d43 0x30cb4202 0xab21f661
> 0x57041882 0xa63b5c94 0x89c38732 0x8f2b191 0xe9e4a99 0x8292fc7f
> 0x6e7cf63a 0x9eef2fab 0xa1414bfc 0xfdea67c0 0x713fe78d 0xaf176725
> 0x72168246 0x7ab0706d 0xac7f19b4 0x500118c8 0x5915e449 0xaf2cf688
> 0xb70d5fbb 0x8740ba88 0xc89fde6a 0x91931a8d 0x915b76b5 0x5dfcb2e9
> 0x7fe48d92 0xfec26649 0x541dd9c7 0x82c4957 0xb1a7b46 0x1b29c87d
> 0xbb76c881 0x8da006a5 0xeaacff4 0xf39c1d12 0x82cc7dfa 0xc8de4237
> 0xf03ee80d 0xb060a204>;
> -               };
> -       };
> -
> 
> 
> But u-boot control dtb does not impose any requirement that FIT image
> structure MUST have.
> I think this is a reason for behaviour I observe.
> It would be better to add FIT nodes structure to uboot dtb for the
> case like mine
> 
> I am attaching my  2 its files, one that do requires signature and
> second that requires only a hash
> Both flawlessly boot kernel.
> 
> There is also script I use for signage and CTRL_FDT file my-iuboot.dtb

I compared your images to some examples I have and they seem correct.

It may seem silly, but do you have CONFIG_FIT_SIGNATURE set?

Also: note that `iminfo` will only report if *image* (not conf) signatures
are correct. The conf signatures will be verified, but only when you boot
(or source) the image using a particular config.

--Sean

> On Mon, Oct 14, 2024 at 5:24 PM Sean Anderson <sean.anderson at seco.com> wrote:
>>
>> Hi Lev,
>>
>> On 10/14/24 04:42, Lev R. Oshvang wrote:
>> > Hi Sean,
>> >
>> > I am looking for help with Uboot FIT  signatures problem
>> >
>> >
>> >
>> > I  started to work with FIT image (u-boot 2024)  and managed to sign
>> > kernel and load this image with Uboot using 'required' property in
>> > signature as  :
>> >
>> > signature-1 {
>> >
>> >                                 algo = "sha1,rsa2048";
>> >
>> >                                 key-name-hint = "dev_key";
>> >
>> >                                 sign-images="kernel";
>> >
>> >                                 required="conf";
>> >
>> >                          {
>> >
>> > Iminfo reports"
>> >
>> > ## Checking hash(es) for FIT Image at 01000000 ...
>> >
>> >    Hash(es) for Image 0 (kernel-1): sha256+ sha256,rsa2048:dev_key-
>> >
>> >
>> >
>> > To test the procedure, I generated another private key and signed
>> > another kernel with this new key on another Linux host.
>> >
>> >
>> >
>> >
>> >
>> > I expected bootm to fail, but it just happily loads this image!!!
>> >
>> > Even an image without a signature but with a valid hash is not
>> > rejected against my expectations.
>> >
>> > In this case iminfo report only hash is OK
>>
>> Did you embed the public key into your U-Boot devicetree with `mkimage -K` ?
>>
>> --Sean