Hi all,
Yesterday, I successfully built the u-boot master branch with
CONFIG_FIT_SIGNATURE=y and CONFIG_RSA=y and got the signature
verification working with sha256,rsa2048.
Today, I wanted to try out CONFIG_ECDSA=y, but I am facing some trouble.
I am generating the key and trying to add its public part to the device
tree blob as with fdt_add_pubkey as follows:
openssl ecparam -name secp521r1 -genkey -noout -out dev-private.pem
openssl ec -in dev-private.pem -pubout -out dev.pem
cd u-boot
make ...
cp u-boot.dtb u-pubkey.dtb
tools/fdt_add_pubkey -a sha512,secp521r1 -n dev -k .. -r conf u-pubkey.dtb
The next step would be to run make EXT_DTB=u-pubkey.dtb ... so that the
public key will be embedded and the signature verification will be
enabled in the final u-boot.img.
Alas, the fdt_add_pubkey command would crash in SIGSEGV in alloc_ctx().
I figured out that the hash algorithm is not being looked up and
assigned. Maybe this is not necessary for the -a sha256,rsa2048 which I
was successfully using previously. The following patch fixes the
SIGSEGV:
diff --git a/tools/fdt_add_pubkey.c b/tools/fdt_add_pubkey.c
index 5582d7a8efe..4f7028cc15c 100644
--- a/tools/fdt_add_pubkey.c
+++ b/tools/fdt_add_pubkey.c
@@ -73,9 +73,10 @@ static void reset_info(struct image_sign_info *info)
info->keyname = keyname;
info->name = algo_name;
info->require_keys = require_keys;
+ info->checksum = image_get_checksum_algo(algo_name);
info->crypto = image_get_crypto_algo(algo_name);
- if (!info->crypto) {
+ if (!info->checksum || !info->crypto) {
fprintf(stderr, "Unsupported signature algorithm '%s'\n",
algo_name);
exit(EXIT_FAILURE);
However, with the above patch applied, I am facing the next trouble:
tools/fdt_add_pubkey -a sha512,secp521r1 -n dev -k .. -r conf u-boot-key.dtb
Can not read key from '../dev.pem'
tools/fdt_add_pubkey: Cannot add public key to FIT blob: Unknown error -5
In GDB, I can see that read_key() in lib/ecdsa/ecdsa-libcrypto.c would
invoke PEM_read_PrivateKey(), which I assume will fail, because
../dev.pem only contains a public key. In the planned deployment, the
private key would be private to a HSM or an external service. Moreover,
I do not understand why fdt_add_pubkey would attempt to access a private
key in the first place; that should only be needed for signing the
fitImage. Both prepare_ctx() and ecdsa_add_verify_data() would return
-5, which main() is reporting to stderr.
Has some way of using ECDSA based signature verification been tested?
The reason why I would like to avoid RSA is that it is not thought to be
quantum-secure, or secure against a cryptalalytic attack by a quantum
computer.
With best regards,
Marko Mäkelä
