Dear Stefano, In message <7089ef62-ed0f-87f4-e979-8c18a6ae4...@denx.de> you wrote: > > > Right, when we sign (and check the signatures) of all other images, > > then why not do the very same for some environment image? > > The weird thing is with "saveenv" - if we just read the env, it is fine, > but if we want to change it, we need to sign, and this requires a > private key on target.
Agreed, but this is a totaly different issue. The separate (potentially singed0 environment image is only the replacement for the current "default environment", which is not used for "env save". In the same way, there is no need to modfy the signed image. But yes, it might be desirable to protect the working environment against malicious manipulation - but this should be discussed in a separate thread. > > That would even be _better_ as currently there is no, absolutely no > > check if the builtin default environment is in any way consistent. > > This is not true. If the environment is linked to u-boot, it is signed > together with u-boot and its consistency is automatically verified. Only if you use signed images. With plain U-Boot, there is not even a checksum for it... Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de If all you have is a hammer, everything looks like a nail. _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
