Dear Simon, In message <caah8qszhqarkshgqkumk_qeya8j6s7p_gnncgqbzfai_sk0...@mail.gmail.com> you wrote: > > > > Right, when we sign (and check the signatures) of all other images, > > then why not do the very same for some environment image? > > You normally cannot sign the environment in the target when saving it > when using private/public keys.
You mix things here. I was never talking about the currently used (and modified) envrionment "when saving it". Discussion was about the default environment, and I suggested to replace this with a (signed) image used to initialize the normal environment. ther ehas never been a request or suggestion to create this signature on the target - do it in the very same way as you sign all other images for the system. > We are using a signed U-Boot image that apart from the default > environment only needs to load MAC addresses. I cannot do this via a > loaded environment (signed or unsigned) as the MAC addresses are > stored in production and I cannot rely on production always having an > up-to-date environment to embed their MAC addresses when programming. Yes you can. If you like, you can have the U-Boot image and the environment image separate and signed separately, or you can create some form of metaimage (say, as FIT) with individual signatures, or you can simly concatelante both and use a common signature. There is a zillion of ways to do it. > To use environment loading here, I would have to implement a whitelist > that only loads the MAC addresses from the saved environment. That > sounds a bit hacked, too. Why are you making things so complicated? You can always do just "env import ethaddr". No need to imeplement enything. > So when it comes to secure boot, I do think there's a use case for not > loading an environment. But you are loading it in any case. Whether from a binary object placed by the linker somewhwere in your data segment or from a [signed or at least checksummed] image somewhere else does not make any difference security-wise. It is only a minimal technical difference, i. e. using a different loading mechanism. > I don't currently mind how this environment is > initialized. And maybe I don't yet get what you are talking about when > trying to get rid of the default environment. I do need U-Boot to run > with a predefined environment without loading it. See my previous explantion about the 3 copies of the environment. All I suggest is to replace the binary blob by somethin gthat is not statically linked into the U-Boot image, so it can be shared for example with the fw_env tools. Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de Philosophy is a game with objectives and no rules. Mathematics is a game with rules and no objectives. _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
