BMC Image Signing Proposal

Eugene.Cho at dell.com Eugene.Cho at dell.com
Tue Jan 30 01:40:44 AEDT 2018


Dell - Internal Use - Confidential  

The "firmware update" public key in flash (and firmware update code itself) would be authenticated by BMC secure boot.

Also - has anybody mentioned using the FIT as a firmware update install image, in addition to using to boot the kernel? (i.e. FIT within a FIT). Think the native DFU command in u-boot supports this method. Just a thought
 

-----Original Message-----
From: openbmc [mailto:openbmc-bounces+eugene.cho=dell.com at lists.ozlabs.org] On Behalf Of Avi Fishman
Sent: Monday, January 29, 2018 4:45 AM
To: anoo <anoo at linux.vnet.ibm.com>
Cc: eyal.cohen at nuvoton.com; OpenBMC Maillist <openbmc at lists.ozlabs.org>; yoel.hayon at nuvoton.com; uri.trichter at nuvoton.com
Subject: Re: BMC Image Signing Proposal

Hi Anoo and all,

Regarding "The encrypted hash (digital signature) and corresponding public key would be added to the firmware image":
If both the decrypted signature and the public key are in flash, if flash was replaced (by hacking or physicaly) a malicious public key can be used with a  signature that was decrypted by the paired malicious private key of the stored public key.

To overcome that the public key should be stored in OTP.
We use this method on our Nuvoton Poleg BMC.

Does this sound reasonable?

Regards,
Avi


On Thu, Jan 25, 2018 at 11:15 PM, anoo <anoo at linux.vnet.ibm.com> wrote:
> Hi all,
>
> During the hackaton meetup, we touched on BMC image verification and 
> signing and concluded that the community would like to see two 
> verification steps, one prior to writing the image to flash (via 
> digital signature verification), and another one by checking FIT in 
> U-Boot prior to booting from the new image.
>
> The proposal would be to implement the digital signature verification first.
>
> At a high level, during the build:
> * A SHA-256 hash would be calculated over tbd files that make up the 
> firmware image.
> * The hash would be signed by a private key that's part of the 
> repository (community key). Companies could overwrite it with their 
> own private key when building production images.
> * The encrypted hash (digital signature) and corresponding public key 
> would be added to the firmware image.
> * Yocto may already provide a way to sign images and generate keys.
>
> On the BMC:
> * The hash would be calculated on the image files that were uploaded 
> to the BMC.
> * The signature would be decrypted using an existing public key on the 
> BMC (this validates the new public key delivered with the image is also valid).
> * Accept image if both values are the same.
>
> Any thoughts or comments?
>


More information about the openbmc mailing list