Re: [RFC] uboot-sign: Fix u-boot dtb signatures

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Rogerio Guerra Borin" <rogerio.borin@toradex.com>
To: openembedded-core@lists.openembedded.org
Subject: Re: [RFC] uboot-sign: Fix u-boot dtb signatures
Date: Thu, 20 Feb 2025 11:22:04 -0800	[thread overview]
Message-ID: <16618.1740079324041661447@lists.openembedded.org> (raw)
In-Reply-To: <20250220144012.27057-1-l.anderweit@phytec.de>

[-- Attachment #1: Type: text/plain, Size: 1319 bytes --]

Hi Leonard,

I've tested your patch and I wanted to let you know it worked fine for me both when FIT_SIGN_INDIVIDUAL="1" or "0". I've checked the contents of the u-boot dtb (for the presence of the required pubkeys) and the fitImage (for the signatures) and the results match what we had before commit d7bd9c62766 ("u-boot: kernel-fitimage: Fix dependency loop if UBOOT_SIGN_ENABLE and UBOOT_ENV enabled").

As for the patch, since the understanding is that when FIT_SIGN_INDIVIDUAL="1" the individual images will be signed besides the signing of the configurations then I'd say that sentence in the comment "Signing individual images is not recommended as that makes fitImage susceptible to mix-and-match attack" seems unnecessary/misleading to me since it gives the impression that one would get either images or configurations signed.

As for the check performed at build time by the "fit_check_sign" tool, the fact that now the check is done only on the configuration doesn't seem like a big loss to me. Though I imagine the ideal solution would be to have that check on the final fitImage rather than on a temporary one (unused.itb) in order to provide stronger guarantees that the image is correctly signed. However, this would likely complicate things which may make it not worth the effort...

Regards

[-- Attachment #2: Type: text/html, Size: 1442 bytes --]

next prev parent reply	other threads:[~2025-02-20 19:22 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-02-20 14:40 [RFC] uboot-sign: Fix u-boot dtb signatures Leonard Anderweit
2025-02-20 19:22 ` Rogerio Guerra Borin [this message]
2025-02-20 20:58   ` [OE-core] " Jose Quaresma

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=16618.1740079324041661447@lists.openembedded.org \
    --to=rogerio.borin@toradex.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.