BMC Image Signing Proposal
Vernon Mauery
vernon.mauery at linux.intel.com
Tue Jan 30 08:07:33 AEDT 2018
On 29-Jan-2018 04:26 PM, Andrew Jeffery wrote:
>On Thu, 2018-01-25 at 15:15 -0600, anoo wrote:
>> Hi all,
>>
>> During the hackaton meetup, we touched on BMC image verification and
>> signing and concluded that the community would like to see two
>> verification steps, one prior to writing the image to flash (via digital
>> signature verification), and another one by checking FIT in U-Boot prior
>> to booting from the new image.
>>
>> The proposal would be to implement the digital signature verification
>> first.
>>
>> At a high level, during the build:
>> * A SHA-256 hash would be calculated over tbd files that make up the
>> firmware image.
>> * The hash would be signed by a private key that's part of the
>> repository (community key). Companies could overwrite it with their own
>> private key when building production images.
Can we not store any key in the tree at all, please. If we do, somebody
will inevitably use that key for production images and be totally
insecure. Generate a key by default and print a big warning that it is
being signed by a local (insecure) key and that they should set up keys
according to some documentation.
Provide a script that can be used to (somewhat) securely store openssl
keys (with a passphrase) and then request the passphrase for each build.
This could also be used to securely store keys on an HSM that openssl
has ENGINE support for.
>> * The encrypted hash (digital signature) and corresponding public key
>> would be added to the firmware image.
>> * Yocto may already provide a way to sign images and generate keys.
>
>I'm starting to look into signing of artefacts as part of the build
>process. Some quick searching suggests Yocto doesn't have support for
>it out of the box, but there is the swupdate project[1] and the
>corresponding meta-swupdate[2] Yocto layer that sound interesting.
>However, it may require a rework of how we manage image updates if we
>were to make use of it. I'll keep poking around, but if anyone has any
>other pointers please let me know.
>
>[1] https://github.com/sbabic/swupdate
>[2] https://github.com/sbabic/meta-swupdate
Whatever mechanism is used to generate the signature should be able to
be overridden by an environment variable or something. We already do
something like this for our pre-openbmc generations where a common
developer key is stored outside the tree, then the image gets re-signed
with the new key to turn it into a production-signed image. This way, we
can use different mechanisms for generating the development and
production signatures (openssl and a remote signing service).
--Vernon
>>
>> On the BMC:
>> * The hash would be calculated on the image files that were uploaded to
>> the BMC.
>> * The signature would be decrypted using an existing public key on the
>> BMC (this validates the new public key delivered with the image is also
>> valid).
>> * Accept image if both values are the same.
>>
>> Any thoughts or comments?
>
>Can you take a look at swupdate and reply with your thoughts?
>
>Cheers,
>
>Andrew
More information about the openbmc
mailing list