From: Albert ARIBAUD <albert.u.boot@aribaud.net>
To: u-boot@lists.denx.de
Subject: [U-Boot] AES: Encryption of u-boot.img
Date: Sat, 5 Oct 2013 12:03:30 +0200 [thread overview]
Message-ID: <20131005120330.3d9da03d@lilith> (raw)
In-Reply-To: <52492D9A.3050503@gmail.com>
Hi bin4ry,
Sorry for the delay in answering.
On Mon, 30 Sep 2013 09:51:54 +0200, bin4ry <0xbin4ry@gmail.com> wrote:
> Hi Albert,
>
> so if I get you right the workflow for payload authentication is the
> following:
>
> Encryption process:
(you really should not talk about "encryption process" if your goal is
authentication rather than encryption. The correct term would be
somehting like "signature process" and "signature verification process")
> 1. Create hash value H for u-boot.img
> 2. Encrypt the hash value H with secret K to get encrypted hash values H_enc
> 3. Store H_enc
>
> Decryption process:
>
> 1. Read H_enc
> 2. Decrypt H_enc using secret K to get plain hash values H
> 3. Create Hash values H' of u-boot.img
> 4. Compare H and H'
>
> Did I get you right?
Almost, but not quite.
The most important problem is that you seem to assume use of symmetric
encryption , since your 'K' seems to be both the encryption and
decryption key. That is not good, because K is needed on the target for
the verification phase, and thus, could then be used by an attacker to
encrypt the hash of a malicious payload that would then pass
verification. You need asymetric encryption, with a pair of public and
private keys. The private key is used in the signing process, for
encrypting the hash. The public key is on the device and is used in the
verification process, for decrypting the encrypted hash.
But then, of course, you can't simply have the public key in Flash,
because the attacker could generate a new pair of keys, then sign the
malicious payload hash with the new private key and flash the new
public key. Therefore, you need a way to secure the public key. One way
is to have it in ROM, but this could be against silicon or manufacter
budget. Fuses are usually not big enough, but you could fuse a hash of
the key.
Note that, in any case, authentication only makes senses if you can
trust the piece of software on the arget that will check the key and
verify the payload hash... Which means you need some secure mode on the
device to boot (pun intended). And that mode will probably already
include a way of signing the payloads.
> Thanks and best regards,
You're welcome.
> -b
Amicalement,
--
Albert.
prev parent reply other threads:[~2013-10-05 10:03 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-13 6:46 [U-Boot] [PATCH 1/4] powerpc/p1010rdb: remove unused cpld_show Shengzhou Liu
2013-09-13 6:46 ` [U-Boot] [PATCH 2/4] powerpc/eeprom: update MAX_NUM_PORTS to adapt non-256-bytes EEPROM Shengzhou Liu
2013-09-13 15:13 ` York Sun
2013-09-16 9:55 ` Liu Shengzhou-B36685
2013-09-13 6:46 ` [U-Boot] [PATCH 3/4] board/p1010rdb: add pin mux and sdhc support in any boot Shengzhou Liu
2013-09-13 6:46 ` [U-Boot] [PATCH 4/4] powerpc/p1010rdb: add p1010rdb-pb support with updating p1010rdb-pa Shengzhou Liu
2013-09-13 14:57 ` [U-Boot] AES: Encryption of u-boot.img bin4ry
2013-09-13 17:28 ` Michael Trimarchi
2013-09-30 7:28 ` bin4ry
2013-09-15 6:08 ` Albert ARIBAUD
2013-09-30 7:51 ` bin4ry
2013-10-05 10:03 ` Albert ARIBAUD [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131005120330.3d9da03d@lilith \
--to=albert.u.boot@aribaud.net \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox