Hi Leonard,
I've tested your patch and I wanted to let you know it worked fine for me both
when FIT_SIGN_INDIVIDUAL="1" or "0". I've checked the contents of the u-boot
dtb (for the presence of the required pubkeys) and the fitImage (for the
signatures) and the results match what we had before commit d7bd9c62766
("u-boot: kernel-fitimage: Fix dependency loop if UBOOT_SIGN_ENABLE and
UBOOT_ENV enabled").
As for the patch, since the understanding is that when FIT_SIGN_INDIVIDUAL="1"
the individual images will be signed besides the signing of the configurations
then I'd say that sentence in the comment "Signing individual images is not
recommended as that makes fitImage susceptible to mix-and-match attack" seems
unnecessary/misleading to me since it gives the impression that one would get
either images or configurations signed.
As for the check performed at build time by the "fit_check_sign" tool, the fact
that now the check is done only on the configuration doesn't seem like a big
loss to me. Though I imagine the ideal solution would be to have that check on
the final fitImage rather than on a temporary one (unused.itb) in order to
provide stronger guarantees that the image is correctly signed. However, this
would likely complicate things which may make it not worth the effort...
Regards
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#211775):
https://lists.openembedded.org/g/openembedded-core/message/211775
Mute This Topic: https://lists.openembedded.org/mt/111289801/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
