kboot: don't use crc to verify an application image

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

kboot: don't use crc to verify an application image

1,221 Views
peterruesch
Contributor IV

Hi,

currently crc32 is used to verify the flash content on boot. when building an secure product, this might be a showstopper.

have you considered using a signed hash?

Tags (1)
5 Replies

877 Views
peterruesch
Contributor IV

is my assumption wrong? I'm very new this whole crypto stuff but as far as I understood for now it's really not secure the judge an application valid based on a matching crc32?

I agree that this is better than nothing but it does not address the security aspect of the previous attempts of an aes128 encrypted binary or am I missing something?

0 Kudos

877 Views
jeremyzhou
NXP Employee
NXP Employee

Hi Peter,

Thanks for your reply.

Actually, I was nfused with your question, as the CRC32 check feature is none with the AES-128 key.

I've also contacted with the Kboot team about your question, and they'd like to suggest that you'd better to explain the question again.
Have a great day,
Ping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos

877 Views
bobpaddock
Senior Contributor III

The concern is that when building a secure product a CRC32 is easy to forge compared to a signed hash such as SHA-2/SHA-256/SHA-512.  Note that SHA-1 is no longer recommended to be used by the Security Community.

AES-128 is meaningless as transfer security if what is being transferred has already been compromised.

0 Kudos

877 Views
peterruesch
Contributor IV

that iss exactly what I mean. But as I said: I'm very new to cryptography so you might have thought more far than me.

It seems to depend on how you define your chain of trust.

877 Views
jeremyzhou
NXP Employee
NXP Employee

Hi Peter,

Thanks for your attention and focus the KBOOT, and I think it's a good suggestion.
Have a great day,
Ping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos