BMC Image Signing Proposal

[Avi Fishman]

Hi Anoo and all,

Regarding "The encrypted hash (digital signature) and corresponding
public key would be added to the firmware image":
If both the decrypted signature and the public key are in flash, if
flash was replaced (by hacking or physicaly) a malicious public key
can be used with a  signature that was decrypted by the paired
malicious private key of the stored public key.

To overcome that the public key should be stored in OTP.
We use this method on our Nuvoton Poleg BMC.

Does this sound reasonable?

Regards,
Avi


On Thu, Jan 25, 2018 at 11:15 PM, anoo <anoo at linux.vnet.ibm.com> wrote:
> Hi all,
>
> During the hackaton meetup, we touched on BMC image verification and signing
> and concluded that the community would like to see two verification steps,
> one prior to writing the image to flash (via digital signature
> verification), and another one by checking FIT in U-Boot prior to booting
> from the new image.
>
> The proposal would be to implement the digital signature verification first.
>
> At a high level, during the build:
> * A SHA-256 hash would be calculated over tbd files that make up the
> firmware image.
> * The hash would be signed by a private key that's part of the repository
> (community key). Companies could overwrite it with their own private key
> when building production images.
> * The encrypted hash (digital signature) and corresponding public key would
> be added to the firmware image.
> * Yocto may already provide a way to sign images and generate keys.
>
> On the BMC:
> * The hash would be calculated on the image files that were uploaded to the
> BMC.
> * The signature would be decrypted using an existing public key on the BMC
> (this validates the new public key delivered with the image is also valid).
> * Accept image if both values are the same.
>
> Any thoughts or comments?
>