[PATCH v4 09/10] rockchip: binman: Support use of crc32 for SPL_FIT_SIGNATURE
Quentin Schulz
quentin.schulz at cherry.de
Wed Apr 9 13:06:01 CEST 2025
Hi Jonas,
On 3/29/25 4:06 PM, Jonas Karlman wrote:
> Use of SHA256 checksum validation on ARMv7 SoCs can be very time
> consuming compared to ARMv8 SoCs with Crypto Extensions.
>
> Add support for use of the crc32 hash algo when SHA256 is not supported.
> Also use a HAS_HASH to simplify the ifdefs when no known hash algo is
> compiled.
>
> Signed-off-by: Jonas Karlman <jonas at kwiboo.se>
I don't know enough about general security but this very much looks like
a bad idea to me.
https://web.archive.org/web/20170210173741/http://www.derkeiler.com/Newsgroups/sci.crypt/2003-07/1451.html
"""
While properly designed CRC's are good at detecting random errors in
the data (due to e.g. line noise), the CRC is useless as a secure
indicator of intentional manipulation of the data. And this is
because it's not hard at all to modify the data to produce any CRC
you desire (e.g. the same CRC as the original data, to try to
disguise your data manipulation).
"""
(yes I took the "first" link my web search engine returned me, thanks
confirmation bias!).
I don't want to give people a false sense of security. If it really
comes down to it, I'd rather have an explicit Kconfig symbol to set this
value (maybe have a `choice` even) and be very clear about security
implications.
Cheers,
Quentin
More information about the U-Boot
mailing list