Lines Matching +full:pre +full:- +full:verified
1 U-Boot FIT Signature Verification
5 ------------
11 that it can be verified using a public key later. Provided that the private
12 key is kept secret and the public key is stored in a non-volatile place,
13 any image can be verified in this way.
15 See verified-boot.txt for more general information on verified boot.
19 --------
24 - hash an image in the FIT
25 - sign the hash with a private key to produce a signature
26 - store the resulting signature in the FIT
30 - read the FIT
31 - obtain the public key
32 - extract the signature from the FIT
33 - hash the image from the FIT
34 - verify (with the public key) that the extracted signature matches the
38 image for the device. The verification is normally done in U-Boot on the
43 ----------
46 This works by hashing the image to produce a 20-byte hash.
49 openssl on the host side (e.g. mkimage), it is not desirable for U-Boot.
50 For the run-time verification side, it is important to keep code and data
53 For this reason the RSA image verification uses pre-processed public keys
54 which can be used with a very small amount of code - just some extraction
60 image-sig.c. If another algorithm is needed (such as DSA) then it can be
61 placed alongside rsa.c, and its functions added to the table in image-sig.c
66 ----------------------------------------
69 $ openssl genpkey -algorithm RSA -out keys/dev.key \
70 -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537
74 $ openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt
78 $ openssl rsa -in keys/dev.key -pubout
82 --------------------
86 signature-1, signature-2, etc.
88 - algo: Algorithm name (e.g. "sha1,rsa2048")
90 - key-name-hint: Name of key to use for signing. The keys will normally be in
91 a single directory (parameter -k to mkimage). For a given key <name>, its
97 - value: The signature data (e.g. 256 bytes for 2048-bit RSA)
101 - timestamp: Time when image was signed (standard Unix time_t format)
103 - signer-name: Name of the signer (e.g. "mkimage")
105 - signer-version: Version string of the signer (e.g. "2013.01")
107 - comment: Additional information about the signer or image
109 - padding: The padding algorithm, it may be pkcs-1.5 or pss,
110 if no value is provided we assume pkcs-1.5
115 - sign-images: A list of images to sign, each being a property of the conf
121 - hashed-nodes: A list of nodes which were hashed by the signer. Each is
122 a string - the full path to node. A typical value might be:
124 hashed-nodes = "/", "/configurations/conf-1", "/images/kernel",
125 "/images/kernel/hash-1", "/images/fdt-1",
126 "/images/fdt-1/hash-1";
128 - hashed-strings: The start and size of the string region of the FIT that
131 Example: See sign-images.its for an example image tree source file and
132 sign-configs.its for config signing.
136 ------------------
140 public key in U-Boot's control FDT (using CONFIG_OF_CONTROL).
142 Public keys should be stored as sub-nodes in a /signature node. Required
145 - algo: Algorithm name (e.g. "sha1,rsa2048")
149 - key-name-hint: Name of key used for signing. This is only a hint since it
153 - required: If present this indicates that the key must be verified for the
155 normally verified by the FIT image booting algorithm. Valid values are
164 - rsa,num-bits: Number of key bits (e.g. 2048)
165 - rsa,modulus: Modulus (N) as a big-endian multi-word integer
166 - rsa,exponent: Public exponent (E) as a 64 bit unsigned integer
167 - rsa,r-squared: (2^num-bits)^2 as a big-endian multi-word integer
168 - rsa,n0-inverse: -1 / modulus[0] mod 2^32
172 ---------------------
178 (roll-back attack).
184 kernel-1 {
186 signature-1 {
191 kernel-2 {
193 signature-1 {
198 fdt-1 {
200 signature-1 {
205 fdt-2 {
207 signature-1 {
214 default = "conf-1";
215 conf-1 {
216 kernel = "kernel-1";
217 fdt = "fdt-1";
219 conf-1 {
220 kernel = "kernel-2";
221 fdt = "fdt-2";
230 default = "conf-1";
231 conf-1 {
232 kernel = "kernel-1";
233 fdt = "fdt-1";
235 conf-1 {
236 kernel = "kernel-2";
237 fdt = "fdt-2";
239 conf-3 {
240 kernel = "kernel-1";
241 fdt = "fdt-2";
256 kernel-1 {
258 hash-1 {
263 kernel-2 {
265 hash-1 {
270 fdt-1 {
272 hash-1 {
277 fdt-2 {
279 hash-1 {
286 default = "conf-1";
287 conf-1 {
288 kernel = "kernel-1";
289 fdt = "fdt-1";
290 signature-1 {
295 conf-2 {
296 kernel = "kernel-2";
297 fdt = "fdt-2";
298 signature-1 {
309 mkimage will sign configurations/conf-1, the kernel and fdt that are
310 pointed to by the configuration (/images/kernel-1, /images/kernel-1/hash-1,
311 /images/fdt-1, /images/fdt-1/hash-1) and the root structure of the image
313 written into /configurations/conf-1/signature-1/value. It can easily be
314 verified later even if the FIT has been signed with other keys in the
319 ------------
320 FITs are verified when loaded. After the configuration is selected a list
322 each image must be verified against those keys. This means that every image
329 -------------------------
333 CONFIG_FIT_SIGNATURE - enable signing and verification in FITs
334 CONFIG_RSA - enable RSA algorithm for signing
341 -------
344 of U-Boot which runs under Linux) to show the operation of a 'bootm'
352 Simple Verified Boot Test
355 Please see doc/uImage.FIT/verified-boot.txt for more information
357 /home/hs/ids/u-boot/sandbox/tools/mkimage -D -I dts -O dtb -p 2000
361 Test Verified Boot Run: unsigned signatures:: OK
363 Test Verified Boot Run: signed images: OK
365 Test Verified Boot Run: unsigned config: OK
367 Test Verified Boot Run: signed config: OK
371 Test Verified Boot Run: signed config: OK
372 Test Verified Boot Run: signed config with bad hash: OK
375 Test Verified Boot Run: unsigned signatures:: OK
377 Test Verified Boot Run: signed images: OK
379 Test Verified Boot Run: unsigned config: OK
381 Test Verified Boot Run: signed config: OK
385 Test Verified Boot Run: signed config: OK
386 Test Verified Boot Run: signed config with bad hash: OK
392 -----------------------------
408 p11-kit (recommended to simplify setup)
416 Make sure p11-kit, opensc are installed and that p11-kit is setup to use opensc.
417 /usr/share/p11-kit/modules/opensc.module should be present on your system.
422 $ gpg --card-edit
445 Make off-card backup of encryption key? (Y/n) n
449 You should change them using the command --change-pin
452 The card will now be re-configured to generate a key of 4096 bits
457 The card will now be re-configured to generate a key of 4096 bits
459 The card will now be re-configured to generate a key of 4096 bits
475 You selected this USER-ID:
483 Depending on system configuration, gpg-agent may need to be killed first.
485 $ p11tool --provider /usr/lib/opensc-pkcs11.so --list-tokens
505 Use the portion of the signature token URL after "pkcs11:" as the keydir argument (-k) to mkimage b…
510 $ p11tool --login --provider /usr/lib/opensc-pkcs11.so --list-privkeys \
521 Use the label, in this case "Signature key" as the key-name-hint in your FIT.
524 $ ./tools/mkimage -f fit-image.its fitImage
529 $ ./tools/mkimage -F -k \
531 -K u-boot.dtb -N pkcs11 -r fitImage
535 -----------
536 - Roll-back protection using a TPM is done using the tpm command. This can
542 --------------------
543 - Add support for other RSA/SHA variants, such as rsa4096,sha512.
544 - Other algorithms besides RSA
545 - More sandbox tests for failure modes
546 - Passwords for keys/certificates
547 - Perhaps implement OAEP
548 - Enhance bootm to permit scripted signature verification (so that a script
554 1-1-13