From mboxrd@z Thu Jan 1 00:00:00 1970 From: AKASHI, Takahiro Date: Thu, 25 Apr 2019 11:12:24 +0900 Subject: [U-Boot] RSA in U-Boot In-Reply-To: <20190318021712.GC9937@linaro.org> References: <20190318021712.GC9937@linaro.org> Message-ID: <20190425021223.GH7158@linaro.org> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Update and reminder. On Mon, Mar 18, 2019 at 11:17:14AM +0900, AKASHI, Takahiro wrote: > Hi, > > I'd like to discuss this topic in public. > I will appreciate your comments here. > # FYI, I now started to experimentally port linux's pkcs7/x509 > # parser. I've done porting linux's pkcs7/x509 parsers and they work well with my UEFI secure boot patch, but I'm still looking for other options as well. * openssl Most of existing components linked to UEFI secure boot, including EDK2, shim and grub, reply on this library. Why not for U-Boot? The size of U-Boot UEFI code in U-Boot is already quite big, and so the size of openssl won't be a big issue. * mbedTLS which is maintained by ARM and used with Zephyr, I guess it should have small footprint. But it currently lacks pkcs7 parser. Any thoughts? Thanks, -Takahiro Akashi > Thanks, > -Takahiro Akashi > > ----- Forwarded message from Simon Glass ----- > > Date: Thu, 7 Mar 2019 19:56:10 -0700 > From: Simon Glass > To: "AKASHI, Takahiro" > Subject: Re: RSA in U-Boot > > Hi Takahiro, > > On Thu, 7 Mar 2019 at 17:27, AKASHI, Takahiro > wrote: > > > > Hi Simon, > > > > Before I start discussions publicly, I'd like to hear > > your opinion first. > > I do think it is better to discuss this in public since there will be > other opinions. > > > > > I'm now working on implementing "secure boot" > > for UEFI U-Boot. > > > > As you might know, there are a couple of features > > required to achieve "secure boot": > > (I won't discuss about secure storage here though.) > > - x509 certificate decoder > > - pkcs7 decoder (for PE file's signature) > > - RSA verification > > - (hash digest, sha256) > > > > The original code, which was written by some other guy, > > Patrick, uses BearSSL for x509 and RSA and > > I'm now wondering what is the best solution. > > Obviously, I can think of several options here: > > 1. use BearSSL > > 1.a just import minimum set of files akin lib/libfdt > > 1.b link whole BearSSL as a library, merging the code > > as git submodule > > 2. use openssl > > 3. import linux kernel code, particularly x509 & pkcs7 parser > > 4. write our own code > > > > I suppose that you weighed similar choices when you implemented > > "FIT image signing". > > Can you share your opinion with me? > > I think if you can do 3 then it keeps U-Boot self-contained and > perhaps provides for simple code. That said, if the amount of code is > large and has an upstream there is clear precident for 1a, as you say. > > I am not sure about 4. If it is a relatively small amount of code, > then maybe, but surely it makes sense to use the linux code where > possible. That is what I did with the U-Boot livetree code. > > 1b sounds painful to me. > > > > > Regarding your lib/rsa code, you intentionally avoided to > > add formula of inverse-mod and power-mod of R. Do you still > > believe that the assumption is appropriate? > > (BearSSL implements its own montgomery. > > If you look at a talk I gave on this, you can see that one of the > goals was to implement it efficiently, with minimal extra code at > run-time, and minimal memory usage. So unpacking complex key > structures did not seem like a good idea. From memory you can do > verified boot in about 7KB of extra code in U-Boot and it runs in a > small number of milliseconds. > > UEFI is obviously pretty big, so perhaps efficiency concerns are less > important. More important probably is wide compatibility, supporting > all possible options, etc. > > I hope this is helpful. > > Regards, > Simon > > ----- End forwarded message -----