BMC image generation without private key
Brad Bishop
bradleyb at fuzziesquirrel.com
Wed Jan 18 00:49:31 AEDT 2023
On Mon, 2023-01-16 at 17:53 +0800, Lei Yu wrote:
> The OpenBMC build requires a private key to:
> 1. Generate the public key that is put in the image;
> 2. Sign the image and generate the whole tarball.
>
> For dev builds, it uses the insecure development key in the tree.
> For release builds, it requires the `SIGNING_KEY` env to point to a
> secure key to sign the image.
>
> It is considered insecure because it requires the build server to
> access the private key.
It depends. If you just put the path to they private key in there, then
yes. But the tools that look at 'SIGNING_KEY' support signing helpers
(socsec) and pkcs11 (mkimage), which can be used to get the image signed
without access to the key.
There is an example of this here:
https://gerrit.openbmc.org/c/openbmc/openbmc/+/50797/5
As you can see it was never fully reviewed and it was not accepted, so
maybe there are problems with it. But I think the concepts/design
sound.
Thanks,
Brad
More information about the openbmc
mailing list