BMC Image Signing Proposal
anoo
anoo at linux.vnet.ibm.com
Fri Jan 26 08:15:19 AEDT 2018
Hi all,
During the hackaton meetup, we touched on BMC image verification and
signing and concluded that the community would like to see two
verification steps, one prior to writing the image to flash (via digital
signature verification), and another one by checking FIT in U-Boot prior
to booting from the new image.
The proposal would be to implement the digital signature verification
first.
At a high level, during the build:
* A SHA-256 hash would be calculated over tbd files that make up the
firmware image.
* The hash would be signed by a private key that's part of the
repository (community key). Companies could overwrite it with their own
private key when building production images.
* The encrypted hash (digital signature) and corresponding public key
would be added to the firmware image.
* Yocto may already provide a way to sign images and generate keys.
On the BMC:
* The hash would be calculated on the image files that were uploaded to
the BMC.
* The signature would be decrypted using an existing public key on the
BMC (this validates the new public key delivered with the image is also
valid).
* Accept image if both values are the same.
Any thoughts or comments?
More information about the openbmc
mailing list