帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

kboot: don't use crc to verify an application image

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

kboot: don't use crc to verify an application image

‎07-07-2016 03:20 AM
2,326 次查看
peterruesch
Contributor IV

Hi,

currently crc32 is used to verify the flash content on boot. when building an secure product, this might be a showstopper.

have you considered using a signed hash?

标记 (1)
回复
5 回复数

‎07-08-2016 02:30 AM
1,982 次查看
peterruesch
Contributor IV

is my assumption wrong? I'm very new this whole crypto stuff but as far as I understood for now it's really not secure the judge an application valid based on a matching crc32?

I agree that this is better than nothing but it does not address the security aspect of the previous attempts of an aes128 encrypted binary or am I missing something?

0 项奖励
回复

‎07-11-2016 02:08 AM
1,982 次查看
jeremyzhou
NXP Employee
NXP Employee

Hi Peter,

Thanks for your reply.

Actually, I was nfused with your question, as the CRC32 check feature is none with the AES-128 key.

I've also contacted with the Kboot team about your question, and they'd like to suggest that you'd better to explain the question again.
Have a great day,
Ping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 项奖励
回复

‎07-11-2016 05:08 AM
1,982 次查看
bobpaddock
Senior Contributor III

The concern is that when building a secure product a CRC32 is easy to forge compared to a signed hash such as SHA-2/SHA-256/SHA-512.  Note that SHA-1 is no longer recommended to be used by the Security Community.

AES-128 is meaningless as transfer security if what is being transferred has already been compromised.

0 项奖励
回复

‎07-12-2016 04:57 AM
1,982 次查看
peterruesch
Contributor IV

that iss exactly what I mean. But as I said: I'm very new to cryptography so you might have thought more far than me.

It seems to depend on how you define your chain of trust.

回复

‎07-07-2016 08:24 PM
1,982 次查看
jeremyzhou
NXP Employee
NXP Employee

Hi Peter,

Thanks for your attention and focus the KBOOT, and I think it's a good suggestion.
Have a great day,
Ping

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 项奖励
回复