Hello. We are currently testing U-Boot on a PPC. Beside booting the system we like to use it do some system updates (e.g. Kernel, FDT and Initrd). I've compiled U-Boot with support for AES and RSA-Signatures. We are storing the RSA public keys using a Fit-Image for U-Boot configuration on Flash. Basically both AES and RSA support works as expected,
but: 1) is there a possibility to always be sure that accessing an image from a Fit-container checks the signature? If the signature is wrong, we get an error as expected. But if we generate an image without any signature (which may be generated by anybody) the access is of course possible. Currently I used something like fdt get value algorithm /images/script@1/signature@1/ algo && test "$algorithm" = "sha1,rsa2048" && echo success to check if the image has a signature before proceeding. But this feels wrong. 2) Is there a possibility to check the signature/CRC before copying the image to ram with imxtract? P.s. great project. I'm really impressed by its features! Thanks in advance, Ulf _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
