ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

kboot: don't use crc to verify an application image

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

kboot: don't use crc to verify an application image

‎07-07-2016 03:20 AM
2,392件の閲覧回数
peterruesch
Contributor IV

Hi,

currently crc32 is used to verify the flash content on boot. when building an secure product, this might be a showstopper.

have you considered using a signed hash?

タグ(1)
返信
5 返答(返信)

‎07-08-2016 02:30 AM
2,048件の閲覧回数
peterruesch
Contributor IV

is my assumption wrong? I'm very new this whole crypto stuff but as far as I understood for now it's really not secure the judge an application valid based on a matching crc32?

I agree that this is better than nothing but it does not address the security aspect of the previous attempts of an aes128 encrypted binary or am I missing something?

0 件の賞賛
返信

‎07-11-2016 02:08 AM
2,048件の閲覧回数
jeremyzhou
NXP Employee
NXP Employee

Hi Peter,

Thanks for your reply.

Actually, I was nfused with your question, as the CRC32 check feature is none with the AES-128 key.

I've also contacted with the Kboot team about your question, and they'd like to suggest that you'd better to explain the question again.
Have a great day,
Ping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 件の賞賛
返信

‎07-11-2016 05:08 AM
2,048件の閲覧回数
bobpaddock
Senior Contributor III

The concern is that when building a secure product a CRC32 is easy to forge compared to a signed hash such as SHA-2/SHA-256/SHA-512.  Note that SHA-1 is no longer recommended to be used by the Security Community.

AES-128 is meaningless as transfer security if what is being transferred has already been compromised.

0 件の賞賛
返信

‎07-12-2016 04:57 AM
2,048件の閲覧回数
peterruesch
Contributor IV

that iss exactly what I mean. But as I said: I'm very new to cryptography so you might have thought more far than me.

It seems to depend on how you define your chain of trust.

返信

‎07-07-2016 08:24 PM
2,048件の閲覧回数
jeremyzhou
NXP Employee
NXP Employee

Hi Peter,

Thanks for your attention and focus the KBOOT, and I think it's a good suggestion.
Have a great day,
Ping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 件の賞賛
返信