AnsweredAssumed Answered

image file (zImage / u-boot ... etc) signing

Question asked by ellie kim on Apr 27, 2020
Latest reply on Apr 28, 2020 by Yuri Muhin

I read the description of HAB here

High Assurance Boot - Variscite Wiki 

But there seems to be a part that is not exactly explained.

 

Taking zImage as an example, it seems that the signing data is added after the image data of the compiled zImage.

Does the added signing data contain only RSA-encrypted data of hash data of a key such as SRK, but not the hash data of the compiled zImage?

 

I know that HAB does not boot if the signing data part of the signed zImage is damaged even if 1 bit. Then, if the image data part of zImage is damaged even if 1 bit, not the signing data part of signed zImage, does HAB not boot even in this case?

 

 

And, when you try to update to a new image file, can compare the signed data of the file you want to update, such as checking the signed image file in HAB, and perform a Hash compare?
In other words, is it possible to implement so that the HAB can do it in the user application area in the same way as checking the signed image?

 

1. Change a single bit in the authentication block of the image, and confirm that this modified image is rejected when loaded into the device.
2. Change a single bit in the firmware block of the image, and confirm that this modified image is rejected when loaded into the device.

 

The above two functions need to be implemented, but when a file that is not booted is to be installed on the device, files with changes in signing data or image data must be rejected by the device.

 

Please help me.

Outcomes