Am Mi., 21. Nov. 2018, 15:27 hat Wolfgang Denk <w...@denx.de> geschrieben:
> Dear Stefano, > > In message <7089ef62-ed0f-87f4-e979-8c18a6ae4...@denx.de> you wrote: > > > > > Right, when we sign (and check the signatures) of all other images, > > > then why not do the very same for some environment image? > > > > The weird thing is with "saveenv" - if we just read the env, it is fine, > > but if we want to change it, we need to sign, and this requires a > > private key on target. > > Agreed, but this is a totaly different issue. > > The separate (potentially singed0 environment image is only the > replacement for the current "default environment", which is not > used for "env save". In the same way, there is no need to modfy the > signed image. > > But yes, it might be desirable to protect the working environment > against malicious manipulation - but this should be discussed in a > separate thread. > > > > That would even be _better_ as currently there is no, absolutely no > > > check if the builtin default environment is in any way consistent. > > > > This is not true. If the environment is linked to u-boot, it is signed > > together with u-boot and its consistency is automatically verified. > > Only if you use signed images. With plain U-Boot, there is not even > a checksum for it... > When SPL loads U-Boot from a legacy image, isn't there a CRC involved over the full image including the environment? Simon > _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
