Hi bin4ry, Sorry for the delay in answering.
On Mon, 30 Sep 2013 09:51:54 +0200, bin4ry <0xbin...@gmail.com> wrote: > Hi Albert, > > so if I get you right the workflow for payload authentication is the > following: > > Encryption process: (you really should not talk about "encryption process" if your goal is authentication rather than encryption. The correct term would be somehting like "signature process" and "signature verification process") > 1. Create hash value H for u-boot.img > 2. Encrypt the hash value H with secret K to get encrypted hash values H_enc > 3. Store H_enc > > Decryption process: > > 1. Read H_enc > 2. Decrypt H_enc using secret K to get plain hash values H > 3. Create Hash values H' of u-boot.img > 4. Compare H and H' > > Did I get you right? Almost, but not quite. The most important problem is that you seem to assume use of symmetric encryption , since your 'K' seems to be both the encryption and decryption key. That is not good, because K is needed on the target for the verification phase, and thus, could then be used by an attacker to encrypt the hash of a malicious payload that would then pass verification. You need asymetric encryption, with a pair of public and private keys. The private key is used in the signing process, for encrypting the hash. The public key is on the device and is used in the verification process, for decrypting the encrypted hash. But then, of course, you can't simply have the public key in Flash, because the attacker could generate a new pair of keys, then sign the malicious payload hash with the new private key and flash the new public key. Therefore, you need a way to secure the public key. One way is to have it in ROM, but this could be against silicon or manufacter budget. Fuses are usually not big enough, but you could fuse a hash of the key. Note that, in any case, authentication only makes senses if you can trust the piece of software on the arget that will check the key and verify the payload hash... Which means you need some secure mode on the device to boot (pun intended). And that mode will probably already include a way of signing the payloads. > Thanks and best regards, You're welcome. > -b Amicalement, -- Albert. _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot