On Fri, 18 Apr 2008 12:01:38 -0500 <[EMAIL PROTECTED]> wrote: > Goal: > > U-Boot will run only software that has been > authenticated to be from the system's producer. > > --- A Potential Authentication Method --- > > The producer of the system generates a cryptographic > [private-key, public-key] pair, storing the public-key > on the same media as U-Boot (i.e. NOR flash; perhaps > as a read-only environment variable) on all systems > and keeping the private-key hidden at a secure site. > A hash of the software is generated, encrypted > with the private key and shipped with the software. > > U-Boot reads the private-key encrypted hash and decodes > it with its public-key. U-Boot loads the software and > generates the hash. If both hashes match, the software > is authenticated and U-Boot executes the authenticated > software. > > --- Comment --- > > U-Boot obviously supports loading and verification of > the generated hash, but I haven't been able to locate > public-key cryptographic or other authentication support > in U-Boot. Perhaps, it is available as a loadable > (stand-alone) module? > > Any comments or suggestions? > this patch taps into openssl:
http://thread.gmane.org/gmane.comp.boot-loaders.u-boot/23977 or you might want to reuse some of linux' crypto library code. Kim ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ U-Boot-Users mailing list U-Boot-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/u-boot-users
