From mboxrd@z Thu Jan 1 00:00:00 1970 From: bin4ry <0xbin4ry@gmail.com> Date: Mon, 30 Sep 2013 09:28:16 +0200 Subject: [U-Boot] AES: Encryption of u-boot.img In-Reply-To: References: <1379054763-7406-1-git-send-email-Shengzhou.Liu@freescale.com> <1379054763-7406-4-git-send-email-Shengzhou.Liu@freescale.com> <523327D0.6050708@gmail.com> Message-ID: <52492810.5060100@gmail.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Am 13.09.2013 19:28, schrieb Michael Trimarchi: > Hi > I don't understand you can decrypt it after load. Why just verify the signature? > > Michael > This is a proof-of-concept for a technique, which involves de-/encrypting the u-boot.img with a key derived from a hardware fingerprint. This is why I can not just verify the signature. Yes, I want to decrypt it after load. However, I am not sure about the correct position in the SPL source code to this, i.e. the position after loading the u-boot.img and before executing it. I assume after do_fat_read() the u-boot.img is loaded into internal memory and jump_to_image_no_args() executes the u-boot.img. Thus, the decryption routine should be implemented between both functions?