BMC image generation without private key

Brad Bishop bradleyb at fuzziesquirrel.com
Wed Jan 18 00:49:31 AEDT 2023


On Mon, 2023-01-16 at 17:53 +0800, Lei Yu wrote:
> The OpenBMC build requires a private key to:
> 1. Generate the public key that is put in the image;
> 2. Sign the image and generate the whole tarball.
> 
> For dev builds, it uses the insecure development key in the tree.
> For release builds, it requires the `SIGNING_KEY` env to point to a
> secure key to sign the image.
> 
> It is considered insecure because it requires the build server to
> access the private key.

It depends.  If you just put the path to they private key in there, then
yes.  But the tools that look at 'SIGNING_KEY' support signing helpers
(socsec) and pkcs11 (mkimage), which can be used to get the image signed
without access to the key.

There is an example of this here:

https://gerrit.openbmc.org/c/openbmc/openbmc/+/50797/5

As you can see it was never fully reviewed and it was not accepted, so
maybe there are problems with it.  But I think the concepts/design
sound.

Thanks,
Brad



More information about the openbmc mailing list