BMC Image Signing Proposal

Vernon Mauery vernon.mauery at linux.intel.com
Tue Jan 30 08:07:33 AEDT 2018


On 29-Jan-2018 04:26 PM, Andrew Jeffery wrote:
>On Thu, 2018-01-25 at 15:15 -0600, anoo wrote:
>> Hi all,
>>
>> During the hackaton meetup, we touched on BMC image verification and
>> signing and concluded that the community would like to see two
>> verification steps, one prior to writing the image to flash (via digital
>> signature verification), and another one by checking FIT in U-Boot prior
>> to booting from the new image.
>>
>> The proposal would be to implement the digital signature verification
>> first.
>>
>> At a high level, during the build:
>> * A SHA-256 hash would be calculated over tbd files that make up the
>> firmware image.
>> * The hash would be signed by a private key that's part of the
>> repository (community key). Companies could overwrite it with their own
>> private key when building production images.

Can we not store any key in the tree at all, please. If we do, somebody 
will inevitably use that key for production images and be totally 
insecure. Generate a key by default and print a big warning that it is 
being signed by a local (insecure) key and that they should set up keys 
according to some documentation.

Provide a script that can be used to (somewhat) securely store openssl 
keys (with a passphrase) and then request the passphrase for each build. 
This could also be used to securely store keys on an HSM that openssl 
has ENGINE support for.

>> * The encrypted hash (digital signature) and corresponding public key
>> would be added to the firmware image.
>> * Yocto may already provide a way to sign images and generate keys.
>
>I'm starting to look into signing of artefacts as part of the build
>process. Some quick searching suggests Yocto doesn't have support for
>it out of the box, but there is the swupdate project[1] and the
>corresponding meta-swupdate[2] Yocto layer that sound interesting.
>However, it may require a rework of how we manage image updates if we
>were to make use of it. I'll keep poking around, but if anyone has any
>other pointers please let me know.
>
>[1] https://github.com/sbabic/swupdate
>[2] https://github.com/sbabic/meta-swupdate

Whatever mechanism is used to generate the signature should be able to 
be overridden by an environment variable or something. We already do 
something like this for our pre-openbmc generations where a common 
developer key is stored outside the tree, then the image gets re-signed 
with the new key to turn it into a production-signed image. This way, we 
can use different mechanisms for generating the development and 
production signatures (openssl and a remote signing service).

--Vernon


>>
>> On the BMC:
>> * The hash would be calculated on the image files that were uploaded to
>> the BMC.
>> * The signature would be decrypted using an existing public key on the
>> BMC (this validates the new public key delivered with the image is also
>> valid).
>> * Accept image if both values are the same.
>>
>> Any thoughts or comments?
>
>Can you take a look at swupdate and reply with your thoughts?
>
>Cheers,
>
>Andrew




More information about the openbmc mailing list