AW: secure boot, mkimage with external signing server

Rosenschild, Klaus Klaus.Rosenschild at hilti.com
Wed Jan 22 22:13:56 CET 2025 

Hi Rasmus,
thank you for pointing to this solution.
I think this is the best way to do this.

However, our signing server is very well protected and making changes there is a long and complex process.
Right now, it only provides the following two functions:

  1.
generation of a signature of a sha256 hash using the private key
  2.
providing the public key, the pure key, not the certificate

I found a workaround to determine the hash that mkimage uses to create the signature of the configuration without re-implementing the internal algorithm that mkimage uses:

  1.
create a temporary rsa private and public key
  2.
run mkimage to create a FIT image with signature: mkimage -k keys-f fitImage-sign-orig.its -r fitImage-sign
  3.
extract the signature from the FIT image
  4.
re-generate the hash from the signature and the public key: openssl pkeyutl -verifyrecover -in signFile.hash.sign.bin -pubin -inkey ../keys/build.pub -asn1parse
  5.
now, I can send the hash to the signing server, get the correct signature back and re-enter it into the FIT image (e.g. via python libfdt)

However, there is now another problem. I also need to put the public key into the device tree file. So, I have to run a slightly different mkimage command (with  -K option):
mkimage -k keys -f fitImage-sign-orig.its -r -K bcm2711-rpi-4-b.dtb fitImage-sign

However, the -K options requires a certificate and not just the public. But as described above, I only have the public key. For the certificate, I also need to have private key of the signing server (which I do not have).
I also do not see the security gain that a certificate would bring here.

So, my question is. Is there a way to make mkimage access the public key rather than the certification (dumping fdt does not look like it stores certificate data).
Is there is simple way to replace the public key in a device tree file?

Any help is very much appreciated. Thanks a lot in advance.

Best Regards
Klaus



________________________________
Von: Rasmus Villemoes
Gesendet: Dienstag, 21. Januar 2025 10:28
Bis: Rosenschild, Klaus
Cc: u-boot at lists.denx.de
Betreff: Re: secure boot, mkimage with external signing server

CAUTION: This email originated from outside of Hilti. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


On Mon, Jan 20 2025, "Rosenschild, Klaus" <Klaus.Rosenschild at hilti.com> wrote:

> Hello,
> I have a question regarding the signing of a FIT image using mkimage. I already contacted DENX, they referred me to this mailing list.
>
> mkimage supports the creation of a signed FIT image. To do this, we need to have an appropriate .its file and pass the private key as a parameter to the mkimage command:
> mkimage -f fitImage-sign.its -k keys/  fitImage-signed
>
> However, this approach does not work in our setup, as we do not have access to the private key.
> The private key resides on an HSM (Hardware security module) that is not directly accessible for us. We can invoke signing related functions via an external signing server that takes a sha256 hash as input and returns the signed hash.
> Then we need to add the signed hash to the FIT image.
>

You may want to look into using an openssl pkcs11 module interfacing
with that HSM. Then use appropriate openssl configuration (set
OPENSSL_CONF env variable) and pass "-N pkcs11" and "-G <some pkcs11
URI>" to mkimage. This is something we've done in a number of cases with
a Yubi HSM.

Rasmus

More information about the U-Boot mailing list