Hello,
Recently I have been thinking about a way to keep the integrity of my file system and how to manage this issue after a file system update in my iMX93 EVK.
To clarify, let's assume the following eMMC partition:
/dev/mmbclk1boot0 -> bootloader
/dev/mmbclk1p1 -> FIT image
/dev/mmcblk1p2 -> rootFS_one
/dev/mmcblk1p3 -> rootFS_two
/dev/mmcblk1p4 -> hash_one
/dev/mmcblk1p5 -> hash_two
The thing is as follows, now I have the bootaloader and the FIT image (with initramfs) secured. So now I am trying to secure the file system. My idea is to use two partitions to store two file systems (/dev/mmcblk1p2 and /dev/mmcblk1p3), in a normal operation one of them is mounted and when an update must be asserted the new content is stored in the other partition. Once the update has been completed the system resets and the updated file system is mounted (and both partitions exchange roles for the next update).
Now, the integrity of both file systems is an issue. The idea is to check the integrity of the file system that is going to be mounted during initramfs.
My idea is as follows, when the filesystem of /dev/mmcblk1p2 is running (initramfs has mounted this partition previously) the /dev/mmcblk1p3 is updated. Then a hash is calculated from /dev/mmcblk1p3 using sha256sum utility from coreutils. This hash is then signed with a private key and the result is stored in /dev/mmcblk1p5. After a reset the initramfs will read the hash stored in /dev/mmcblk1p5, decrypt it with a public key (inmutable since FIT image is secured by bootloader) and compared with the calcualted hash of /dev/mmcblk1p3. If everything is okey then the system boots from /dev/mmcblk1p3.
This process also ocurrs from the second file system to fist one (I won't explain it again, I think that it is clear).
I have two questions regarding my idea.
Is sha256sum utility suitable for this application (to secure file system)? (I plan to use sha256 over dm-verity or ima since it is much easier to implement).
How can I protect the private key that file systems use to sign the hash? Does iMX93 provide some utility to safely store keys? (This question is a little bit rhetoric since I know about the ELE but don't know how to use it).
Regards,
Gorka.
Solved! Go to Solution.
Hello,
Your use case seems doable, so I would say that it looks fine
For the secure ELE, you may request access to the documentation here:
https://www.nxp.com/webapp/Download?colCode=IMX93ELEAPI&appType=moderatedWithoutFAE
Best regards/Saludos,
Aldo.
Hello,
Your use case seems doable, so I would say that it looks fine
For the secure ELE, you may request access to the documentation here:
https://www.nxp.com/webapp/Download?colCode=IMX93ELEAPI&appType=moderatedWithoutFAE
Best regards/Saludos,
Aldo.