Verifying signed firmware with multiple public keys
262 views
Skip to first unread message
Sam Kearney
Jan 5, 2022, 5:31:35 PM1/5/22
to swup...@googlegroups.com
Hello,
I’m wondering if swupdate has a way to support this use case:
Some of our products require the ability to attempt to verify a signed firmware image against multiple public keys. We provision our embedded devices with multiple public keys for signed firmware verification, and the desired behavior is that when a new firmware file is received, each public key is tried in turn; if any of them verify successfully, the firmware is accepted.
When configured for firmware verification with CONFIG_SIGNED_IMAGES, swupdate appears to accept a single public key file using the -k argument. I’m wondering if there’s a way to provide multiple files, or possibly one file with multiple public keys in it, and have swupdate try each of them in turn when receiving a new firmware file? Would this work in the software as-is, or can you think of a workaround to implement this? If not, would you be open to a feature request or patch to implement this functionality?
Thanks,
Sam
Stefano Babic
Jan 5, 2022, 5:46:20 PM1/5/22
to Sam Kearney, swup...@googlegroups.com
Hi Sam,
On 05.01.22 23:31, Sam Kearney wrote:
> Hello,
>
> I’m wondering if swupdate has a way to support this use case:
>
> Some of our products require the ability to attempt to verify a signed
> firmware image against multiple public keys.
This is not supported, or at least not explicitly - see later.
> We provision our embedded
> devices with multiple public keys for signed firmware verification, and
> the desired behavior is that when a new firmware file is received, each
> public key is tried in turn; if any of them verify successfully, the
> firmware is accepted.
>
> When configured for firmware verification with CONFIG_SIGNED_IMAGES,
> swupdate appears to accept a single public key file using the -k
> argument.
Correct.
> I’m wondering if there’s a way to provide multiple files,
No.
> or
> possibly one file with multiple public keys in it, and have swupdate try
> each of them in turn when receiving a new firmware file?
It should work with certificates, because the provided file is read in a
loop until no certificate is found. But it should not work with plain RSA.
> Would this work
> in the software as-is, or can you think of a workaround to implement
> this?
It should work with certificates, as this is the most frequent use case
with multiple verification.
> If not, would you be open to a feature request or patch to
> implement this functionality?
Yes, it can be added.
Best regards,
Stefano Babic
>
> Thanks,
>
> Sam
>
> --
> You received this message because you are subscribed to the Google
> Groups "swupdate" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to swupdate+u...@googlegroups.com
> <mailto:swupdate+u...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/swupdate/DM6PR11MB4105E554068BCD143128E66E874B9%40DM6PR11MB4105.namprd11.prod.outlook.com
> <https://groups.google.com/d/msgid/swupdate/DM6PR11MB4105E554068BCD143128E66E874B9%40DM6PR11MB4105.namprd11.prod.outlook.com?utm_medium=email&utm_source=footer>.
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sba...@denx.de
=====================================================================
On 05.01.22 23:31, Sam Kearney wrote:
> Hello,
>
> I’m wondering if swupdate has a way to support this use case:
>
> Some of our products require the ability to attempt to verify a signed
> firmware image against multiple public keys.
> We provision our embedded
> devices with multiple public keys for signed firmware verification, and
> the desired behavior is that when a new firmware file is received, each
> public key is tried in turn; if any of them verify successfully, the
> firmware is accepted.
>
> When configured for firmware verification with CONFIG_SIGNED_IMAGES,
> swupdate appears to accept a single public key file using the -k
> argument.
> I’m wondering if there’s a way to provide multiple files,
> or
> possibly one file with multiple public keys in it, and have swupdate try
> each of them in turn when receiving a new firmware file?
loop until no certificate is found. But it should not work with plain RSA.
> Would this work
> in the software as-is, or can you think of a workaround to implement
> this?
with multiple verification.
> If not, would you be open to a feature request or patch to
> implement this functionality?
Best regards,
Stefano Babic
>
> Thanks,
>
> Sam
>
> --
> You received this message because you are subscribed to the Google
> Groups "swupdate" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to swupdate+u...@googlegroups.com
> <mailto:swupdate+u...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/swupdate/DM6PR11MB4105E554068BCD143128E66E874B9%40DM6PR11MB4105.namprd11.prod.outlook.com
> <https://groups.google.com/d/msgid/swupdate/DM6PR11MB4105E554068BCD143128E66E874B9%40DM6PR11MB4105.namprd11.prod.outlook.com?utm_medium=email&utm_source=footer>.
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sba...@denx.de
=====================================================================
Sam Kearney
Jan 6, 2022, 7:50:39 PM1/6/22
to Stefano Babic, swup...@googlegroups.com
Hello Stefano,
This is all I need to know, thanks for the response.
Best,
Sam
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgrou
> ps.google.com%2Fd%2Fmsgid%2Fswupdate%2FDM6PR11MB4105E554068BCD143128E6
> 6E874B9%2540DM6PR11MB4105.namprd11.prod.outlook.com&data=04%7C01%7
> CSam.Kearney%40etcconnect.com%7C1fdc8c4e243c4e11c89008d9d09d3140%7C7b4
> bd27c05594011bd2aae82816396f2%7C0%7C0%7C637770196732781021%7CUnknown%7
> CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV
> CI6Mn0%3D%7C3000&sdata=uwRnFLC4L%2F2rWSBjieKnopXEuW33JOYxRvmYzx4rz
> nw%3D&reserved=0
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fswupdate%2FDM6PR11MB4105E554068BCD143128E66E874B9%2540DM6PR11MB4105.namprd11.prod.outlook.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7CSam.Kearney%40etcconnect.com%7C1fdc8c4e243c4e11c89008d9d09d3140%7C7b4bd27c05594011bd2aae82816396f2%7C0%7C0%7C637770196732781021%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=DpkNGe7JOVHTBzmxWOo4cusSVb0%2Fsfg1CQzN8iH36t4%3D&reserved=0>.
This is all I need to know, thanks for the response.
Best,
Sam
> ps.google.com%2Fd%2Fmsgid%2Fswupdate%2FDM6PR11MB4105E554068BCD143128E6
> 6E874B9%2540DM6PR11MB4105.namprd11.prod.outlook.com&data=04%7C01%7
> CSam.Kearney%40etcconnect.com%7C1fdc8c4e243c4e11c89008d9d09d3140%7C7b4
> bd27c05594011bd2aae82816396f2%7C0%7C0%7C637770196732781021%7CUnknown%7
> CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV
> CI6Mn0%3D%7C3000&sdata=uwRnFLC4L%2F2rWSBjieKnopXEuW33JOYxRvmYzx4rz
> nw%3D&reserved=0
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fswupdate%2FDM6PR11MB4105E554068BCD143128E66E874B9%2540DM6PR11MB4105.namprd11.prod.outlook.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7CSam.Kearney%40etcconnect.com%7C1fdc8c4e243c4e11c89008d9d09d3140%7C7b4bd27c05594011bd2aae82816396f2%7C0%7C0%7C637770196732781021%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=DpkNGe7JOVHTBzmxWOo4cusSVb0%2Fsfg1CQzN8iH36t4%3D&reserved=0>.
Reply all
Reply to author
Forward
0 new messages