From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from metis.ext.pengutronix.de ([2001:6f8:1178:4:290:27ff:fe1d:cc33]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1YXr4T-00042r-ED for barebox@lists.infradead.org; Tue, 17 Mar 2015 12:58:10 +0000 Message-ID: <1426597066.3330.177.camel@pengutronix.de> From: Jan =?ISO-8859-1?Q?L=FCbbe?= Date: Tue, 17 Mar 2015 13:57:46 +0100 In-Reply-To: <20150317123955.GR26127@ns203013.ovh.net> References: <20150313102543.GA23879@ns203013.ovh.net> <1426243382.13791.121.camel@pengutronix.de> <20150313154928.GA24510@ns203013.ovh.net> <1426500022.3330.12.camel@pengutronix.de> <20150316102713.GB26127@ns203013.ovh.net> <1426505135.3330.55.camel@pengutronix.de> <20150316113306.GH26127@ns203013.ovh.net> <1426520527.3330.139.camel@pengutronix.de> <20150317104803.GP26127@ns203013.ovh.net> <1426594190.3330.173.camel@pengutronix.de> <20150317123955.GR26127@ns203013.ovh.net> Mime-Version: 1.0 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "barebox" Errors-To: barebox-bounces+u.kleine-koenig=pengutronix.de@lists.infradead.org Subject: Re: [RFC 2/4] Add rsa support To: Jean-Christophe PLAGNIOL-VILLARD Cc: barebox@lists.infradead.org On Di, 2015-03-17 at 13:39 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote: > > I want to understand how your image formats would be used in the larger > > context of a BSP or distribution. Please describe which image formats > > you want to support (in addition to FIT). How are they structured? How > > are they generated? Are they already supported by other software? > Today we use a bpk formoat > > in bpk format you can store different data for each hw_id, each data have a > specific type. > > we add a new type for the signature. > > we do a sha512 of the other data of one hw_id and signed it with a rsa4096 > we use 1 unique rsa key per HW_ID > > as soon as one of the file of a specific hw_id is open we check the signature > > The code is no public yet but this is handled at FS level > > and we allow only to open data that have been verified or decrypted if we use > AES Thanks for the explanation, it's clearer now. Regards, Jan -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox