https://community.nxp.com/t5/Kinetis-Microcontrollers/kboot-don-t-use-crc-to-verify-an-application-image/m-p/549037#M33450 <HTML><HEAD></HEAD><BODY><P>Hi Peter,</P><P>Thanks for your attention and focus the KBOOT, and I think it's a good suggestion.<BR />Have a great day,<BR />Ping</P><P></P><P>-----------------------------------------------------------------------------------------------------------------------<BR />Note: If this post answers your question, please click the Correct Answer button. Thank you!<BR />-----------------------------------------------------------------------------------------------------------------------</P></BODY></HTML> Fri, 08 Jul 2016 03:24:47 GMT jeremyzhou 2016-07-08T03:24:47Z https://community.nxp.com/t5/Kinetis-Microcontrollers/kboot-don-t-use-crc-to-verify-an-application-image/m-p/549036#M33449 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>currently crc32 is used to verify the flash content on boot. when building an secure product, this might be a showstopper.</P><P></P><P>have you considered using a signed hash?</P></BODY></HTML> Thu, 07 Jul 2016 10:20:31 GMT https://community.nxp.com/t5/Kinetis-Microcontrollers/kboot-don-t-use-crc-to-verify-an-application-image/m-p/549036#M33449 peterruesch 2016-07-07T10:20:31Z https://community.nxp.com/t5/Kinetis-Microcontrollers/kboot-don-t-use-crc-to-verify-an-application-image/m-p/549037#M33450 <HTML><HEAD></HEAD><BODY><P>Hi Peter,</P><P>Thanks for your attention and focus the KBOOT, and I think it's a good suggestion.<BR />Have a great day,<BR />Ping</P><P></P><P>-----------------------------------------------------------------------------------------------------------------------<BR />Note: If this post answers your question, please click the Correct Answer button. Thank you!<BR />-----------------------------------------------------------------------------------------------------------------------</P></BODY></HTML> Fri, 08 Jul 2016 03:24:47 GMT https://community.nxp.com/t5/Kinetis-Microcontrollers/kboot-don-t-use-crc-to-verify-an-application-image/m-p/549037#M33450 jeremyzhou 2016-07-08T03:24:47Z https://community.nxp.com/t5/Kinetis-Microcontrollers/kboot-don-t-use-crc-to-verify-an-application-image/m-p/549038#M33451 <HTML><HEAD></HEAD><BODY><P>is my assumption wrong? I'm very new this whole crypto stuff but as far as I understood for now it's really not secure the judge an application valid based on a matching crc32?</P><P></P><P>I agree that this is better than nothing but it does not address the security aspect of the previous attempts of an aes128 encrypted binary or am I missing something?</P></BODY></HTML> Fri, 08 Jul 2016 09:30:02 GMT https://community.nxp.com/t5/Kinetis-Microcontrollers/kboot-don-t-use-crc-to-verify-an-application-image/m-p/549038#M33451 peterruesch 2016-07-08T09:30:02Z https://community.nxp.com/t5/Kinetis-Microcontrollers/kboot-don-t-use-crc-to-verify-an-application-image/m-p/549039#M33452 <HTML><HEAD></HEAD><BODY><P>Hi Peter,</P><P>Thanks for your reply.</P><P>Actually, I was nfused with your question, as the CRC32 check feature is none with the AES-128 key.</P><P>I've also contacted with the Kboot team about your question, and they'd like to suggest that you'd better to explain the question again.<BR />Have a great day,<BR />Ping</P><P></P><P>-----------------------------------------------------------------------------------------------------------------------<BR />Note: If this post answers your question, please click the Correct Answer button. Thank you!<BR />-----------------------------------------------------------------------------------------------------------------------</P></BODY></HTML> Mon, 11 Jul 2016 09:08:14 GMT https://community.nxp.com/t5/Kinetis-Microcontrollers/kboot-don-t-use-crc-to-verify-an-application-image/m-p/549039#M33452 jeremyzhou 2016-07-11T09:08:14Z https://community.nxp.com/t5/Kinetis-Microcontrollers/kboot-don-t-use-crc-to-verify-an-application-image/m-p/549040#M33453 <HTML><HEAD></HEAD><BODY><P>The concern is that when building a secure product a CRC32 is easy to forge compared to a signed hash such as SHA-2/SHA-256/SHA-512.&nbsp; Note that SHA-1 is no longer recommended to be used by the Security Community.</P><P></P><P>AES-128 is meaningless as transfer security if what is being transferred has already been compromised.</P></BODY></HTML> Mon, 11 Jul 2016 12:08:02 GMT https://community.nxp.com/t5/Kinetis-Microcontrollers/kboot-don-t-use-crc-to-verify-an-application-image/m-p/549040#M33453 bobpaddock 2016-07-11T12:08:02Z https://community.nxp.com/t5/Kinetis-Microcontrollers/kboot-don-t-use-crc-to-verify-an-application-image/m-p/549041#M33454 <HTML><HEAD></HEAD><BODY><P>that iss exactly what I mean. But as I said: I'm very new to cryptography so you might have thought more far than me.</P><P></P><P>It seems to depend on how you define your chain of trust.</P></BODY></HTML> Tue, 12 Jul 2016 11:57:47 GMT https://community.nxp.com/t5/Kinetis-Microcontrollers/kboot-don-t-use-crc-to-verify-an-application-image/m-p/549041#M33454 peterruesch 2016-07-12T11:57:47Z