FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

sha256sum to secure file system update

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

sha256sum to secure file system update

Jump to solution
‎04-24-2024 03:37 AM
191 Views
Gorka_3
Contributor II

Hello,

Recently I have been thinking about a way to keep the integrity of my file system and how to manage this issue after a file system update in my iMX93 EVK.

To clarify, let's assume the following eMMC partition:

/dev/mmbclk1boot0 -> bootloader

/dev/mmbclk1p1 -> FIT image

/dev/mmcblk1p2 -> rootFS_one

/dev/mmcblk1p3 -> rootFS_two

/dev/mmcblk1p4 -> hash_one

/dev/mmcblk1p5 -> hash_two

The thing is as follows, now I have the bootaloader and the FIT image (with initramfs) secured. So now I am trying to secure the file system. My idea is to use two partitions to store two file systems (/dev/mmcblk1p2 and /dev/mmcblk1p3), in a normal operation one of them is mounted and when an update must be asserted the new content is stored in the other partition. Once the update has been completed the system resets and the updated file system is mounted (and both partitions exchange roles for the next update).

Now, the integrity of both file systems is an issue. The idea is to check the integrity of the file system that is going to be mounted during initramfs.

My idea is as follows, when the filesystem of /dev/mmcblk1p2 is running (initramfs has mounted this partition previously) the /dev/mmcblk1p3 is updated. Then a hash is calculated from /dev/mmcblk1p3 using sha256sum utility from coreutils. This hash is then signed with a private key and the result is stored in /dev/mmcblk1p5. After a reset the initramfs will read the hash stored in /dev/mmcblk1p5, decrypt it with a public key (inmutable since FIT image is secured by bootloader) and compared with the calcualted hash of /dev/mmcblk1p3. If everything is okey then the system boots from /dev/mmcblk1p3.

This process also ocurrs from the second file system to fist one (I won't explain it again, I think that it is clear).

I have two questions regarding my idea.

Is sha256sum utility suitable for this application (to secure file system)? (I plan to use sha256 over dm-verity or ima since it is much easier to implement).

How can I protect the private key that file systems use to sign the hash? Does iMX93 provide some utility to safely store keys? (This question is a little bit rhetoric since I know about the ELE but don't know how to use it).

Regards,

Gorka.

0 Kudos
Reply
1 Solution

Jump to solution
‎04-30-2024 01:18 PM
147 Views
AldoG
NXP TechSupport
NXP TechSupport

Hello,

Your use case seems doable, so I would say that it looks fine

For the secure ELE, you may request access to the documentation here:
https://www.nxp.com/webapp/Download?colCode=IMX93ELEAPI&appType=moderatedWithoutFAE

Best regards/Saludos,
Aldo.

View solution in original post

0 Kudos
Reply
1 Reply

Jump to solution
‎04-30-2024 01:18 PM
148 Views
AldoG
NXP TechSupport
NXP TechSupport

Hello,

Your use case seems doable, so I would say that it looks fine

For the secure ELE, you may request access to the documentation here:
https://www.nxp.com/webapp/Download?colCode=IMX93ELEAPI&appType=moderatedWithoutFAE

Best regards/Saludos,
Aldo.

0 Kudos
Reply