Hi,
currently crc32 is used to verify the flash content on boot. when building an secure product, this might be a showstopper.
have you considered using a signed hash?
is my assumption wrong? I'm very new this whole crypto stuff but as far as I understood for now it's really not secure the judge an application valid based on a matching crc32?
I agree that this is better than nothing but it does not address the security aspect of the previous attempts of an aes128 encrypted binary or am I missing something?
 
					
				
		
 jeremyzhou
		
			jeremyzhou
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi Peter,
Thanks for your reply.
Actually, I was nfused with your question, as the CRC32 check feature is none with the AES-128 key.
I've also contacted with the Kboot team about your question, and they'd like to suggest that you'd better to explain the question again.
Have a great day,
Ping
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
The concern is that when building a secure product a CRC32 is easy to forge compared to a signed hash such as SHA-2/SHA-256/SHA-512. Note that SHA-1 is no longer recommended to be used by the Security Community.
AES-128 is meaningless as transfer security if what is being transferred has already been compromised.
that iss exactly what I mean. But as I said: I'm very new to cryptography so you might have thought more far than me.
It seems to depend on how you define your chain of trust.
 
					
				
		
 jeremyzhou
		
			jeremyzhou
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi Peter,
Thanks for your attention and focus the KBOOT, and I think it's a good suggestion.
Have a great day,
Ping
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
