BMC Image Signing Proposal
Adriana Kobylak
anoo at linux.vnet.ibm.com
Wed Feb 14 09:33:25 AEDT 2018
On 2018-02-09 19:36, Yugi Mani wrote:
> We should consider both of these requirements for image signing:
> 1. Update verification
> 2. Boot Verification
>
Yes, the boot verification via FIT is being tracked via issue
https://github.com/openbmc/openbmc/issues/2829, it's planned to be
implemented after the update verification.
> Appending signature to image meets verification during firmware
> update. To do verification on every boot, we need something like FIT.
> https://chromium.googlesource.com/chromiumos/third_party/u-boot-next/+/chromeos-v2013.06/doc/uImage.FIT
>
Thanks, I've added the link to the issue 2829 for reference.
> As far as actual signing is concerned, we don't have access to private
> key for security reasons. We should support two models:
> Model 1:
> Source code has private key and signing is part of build process
> ("bitbake obmc-phosphor-image")
>
> Model 2:
> Source code does not have private key, Signing is done externally and
> some post-processing is done to add hash to image. (maybe a new task,
> "bitbake obmc-phosphor-image -c add_hash")
Yeah, these are good points, we were thinking also through a build
environment variable this could be specified. Eddie is implementing this
piece so he could expand on this.
More information about the openbmc
mailing list