BMC Image Signing Proposal
yupalani at microsoft.com
Sat Feb 10 12:36:16 AEDT 2018
On Thursday, February 8, 2018 12:27 PM, Adriana Kobylak wrote:
> Here are some charts with the image signing flow for comment:
Thanks for putting together a chart.
We should consider both of these requirements for image signing:
1. Update verification
2. Boot Verification
Appending signature to image meets verification during firmware update. To do verification on every boot, we need something like FIT.
As far as actual signing is concerned, we don't have access to private key for security reasons. We should support two models:
Source code has private key and signing is part of build process ("bitbake obmc-phosphor-image")
Source code does not have private key, Signing is done externally and some post-processing is done to add hash to image. (maybe a new task, "bitbake obmc-phosphor-image -c add_hash")
More information about the openbmc