[U-Boot] AES: Encryption of u-boot.img

All of lore.kernel.org
 help / color / mirror / Atom feed

From: bin4ry <0xbin4ry@gmail.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] AES: Encryption of u-boot.img
Date: Mon, 30 Sep 2013 09:28:16 +0200	[thread overview]
Message-ID: <52492810.5060100@gmail.com> (raw)
In-Reply-To: <CAOf5uwk2Twd=gBZkPnU-G28vtkwuKNXjE_8gWzk+Y76QDJe+ow@mail.gmail.com>

Am 13.09.2013 19:28, schrieb Michael Trimarchi:
> Hi
> I don't understand you can decrypt it after load. Why just verify the signature?
>
> Michael
>

This is a proof-of-concept for a technique, which involves
de-/encrypting the u-boot.img with a key derived from a hardware
fingerprint. This is why I can not just verify the signature.

Yes, I want to decrypt it after load. However, I am not sure about the
correct position in the SPL source code to this, i.e. the position after
loading the u-boot.img and before executing it. I assume after
do_fat_read() the u-boot.img is loaded into internal memory and
jump_to_image_no_args() executes the u-boot.img. Thus, the decryption
routine should be implemented between both functions?

next prev parent reply	other threads:[~2013-09-30  7:28 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-13  6:46 [U-Boot] [PATCH 1/4] powerpc/p1010rdb: remove unused cpld_show Shengzhou Liu
2013-09-13  6:46 ` [U-Boot] [PATCH 2/4] powerpc/eeprom: update MAX_NUM_PORTS to adapt non-256-bytes EEPROM Shengzhou Liu
2013-09-13 15:13   ` York Sun
2013-09-16  9:55     ` Liu Shengzhou-B36685
2013-09-13  6:46 ` [U-Boot] [PATCH 3/4] board/p1010rdb: add pin mux and sdhc support in any boot Shengzhou Liu
2013-09-13  6:46 ` [U-Boot] [PATCH 4/4] powerpc/p1010rdb: add p1010rdb-pb support with updating p1010rdb-pa Shengzhou Liu
2013-09-13 14:57   ` [U-Boot] AES: Encryption of u-boot.img bin4ry
2013-09-13 17:28     ` Michael Trimarchi
2013-09-30  7:28       ` bin4ry [this message]
2013-09-15  6:08     ` Albert ARIBAUD
2013-09-30  7:51       ` bin4ry
2013-10-05 10:03         ` Albert ARIBAUD

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52492810.5060100@gmail.com \
    --to=0xbin4ry@gmail.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.