[PATCH 2/3] boot: fit: cover the dm-verity roothash with the config signature
Simon Glass
sjg at chromium.org
Tue Jul 14 14:17:05 CEST 2026
Hi Daniel,
On 2026-07-12T00:33:05, Daniel Golle <daniel at makrotopia.org> wrote:
> boot: fit: cover the dm-verity roothash with the config signature
>
> A dm-verity protected filesystem image is not hashed by U-Boot when it
> is loaded; its integrity is delegated to the kernel, which validates the
> filesystem on the fly against the roothash taken from the FIT dm-verity
> subnode. The roothash is therefore the sole integrity anchor for the
> filesystem, yet fit_config_add_hash() only added the image node, its
> hash subnodes and its cipher subnode to the signed region, leaving the
> dm-verity subnode (roothash, salt and block parameters) unsigned.
>
> An attacker able to rewrite the boot medium could then replace both the
> filesystem and the roothash, recompute a matching dm-verity tree and
> keep the configuration signature valid, defeating verified boot for the
> root filesystem.
>
> Add the dm-verity subnode to the list of nodes covered by the
> configuration signature, both when signing (tools/image-host.c) and when
> verifying (boot/image-fit-sig.c), so the roothash and salt are
> authenticated together with the rest of the configuration.
>
> [...]
>
> boot/image-fit-sig.c | 23 +++++++++++++++++++----
> tools/image-host.c | 22 ++++++++++++++++++++++
> 2 files changed, 41 insertions(+), 4 deletions(-)
> A dm-verity protected filesystem image is not hashed by U-Boot when it
> is loaded; its integrity is delegated to the kernel, which validates the
> filesystem on the fly against the roothash taken from the FIT dm-verity
> subnode. The roothash is therefore the sole integrity anchor for the
> filesystem, yet fit_config_add_hash() only added the image node, its
Please use present tense when describing the code before this patch
('only adds ... leaving'), since the code is still in that state when
the commit is applied.
> diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c
> @@ -329,8 +344,8 @@ static int fit_config_add_hash(const void *fit, int image_noffset,
> - * node paths: root + config + all referenced images with their hash and
> - * cipher subnodes.
> + * node paths: root + config + all referenced images with their hash,
> + * cipher and dm-verity subnodes.
You update the comments here, but doc/usage/fit/signature.rst (in the
'Details' section) still says the rebuilt node list "always includes
the root node, the configuration node, each referenced image node and
its hash/cipher subnodes". Please can you update that to mention the
dm-verity subnode as well? It would also be worth a sentence in
doc/usage/fit/dm-verity.rst noting that the roothash and salt are
covered by the configuration signature, since that is the security
property people will rely on.
> diff --git a/tools/image-host.c b/tools/image-host.c
> @@ -1256,6 +1256,28 @@ static int fit_config_add_hash(const void *fit, int image_noffset,
> + noffset = fdt_subnode_offset(fit, image_noffset,
> + FIT_VERITY_NODENAME);
> + if (noffset != -FDT_ERR_NOTFOUND) {
> + if (noffset < 0) {
> + fprintf(stderr,
> + "Failed to get dm-verity node in configuration '%s/%s' image '%s': %s\n",
> + conf_name, sig_name, iname,
> + fdt_strerror(noffset));
> + return -EIO;
> + }
> + ret = fdt_get_path(fit, noffset, path, sizeof(path));
> + if (ret < 0)
> + goto err_path;
> + if (strlist_add(node_inc, path))
> + goto err_mem;
> + }
This follows the existing cipher pattern, but with this addition the
host-side fit_config_add_hash() has three copies of the same
get-path-and-add sequence - exactly the duplication patch 1 removes on
the boot side. Please can you add a similar factoring patch for
tools/image-host.c, or fold it into patch 1? The two implementations
must produce the same node list for verification to succeed, so keeping
them easy to compare seems better.
Regards,
Simon
More information about the U-Boot
mailing list