BMC Image Signing Proposal

Adriana Kobylak anoo at
Wed Feb 14 09:33:25 AEDT 2018

On 2018-02-09 19:36, Yugi Mani wrote:

> We should consider both of these requirements for image signing:
> 1. Update verification
> 2. Boot Verification
Yes, the boot verification via FIT is being tracked via issue, it's planned to be 
implemented after the update verification.

> Appending signature to image meets verification during firmware
> update. To do verification on every boot, we need something like FIT.
Thanks, I've added the link to the issue 2829 for reference.

> As far as actual signing is concerned, we don't have access to private
> key for security reasons. We should support two models:
> Model 1:
> Source code has private key and signing is part of build process
> ("bitbake obmc-phosphor-image")
> Model 2:
> Source code does not have private key, Signing is done externally and
> some post-processing is done to add hash to image.  (maybe a new task,
> "bitbake obmc-phosphor-image -c add_hash")
Yeah, these are good points, we were thinking also through a build 
environment variable this could be specified. Eddie is implementing this 
piece so he could expand on this.

More information about the openbmc mailing list