Early boot, activation, upgrades
Mitch Bradley
wmb at laptop.org
Tue Jul 10 13:17:43 EDT 2007
Ivan Krstić wrote:
> On Jul 10, 2007, at 8:46 AM, C. Scott Ananian wrote:
>> Can't we just SHA1 the kernel+initrd bundle and sign the hash? SHA1
>> should be fast enough...
>
> The hashes we have available in OFW through the LTC code are Whirlpool
> and SHA-512. It's non-trivial to amend the list at this time. The
> current crypto code uses a slow(ish) and paranoid combination of the
> two hashes with two signature systems because it was designed to
> verify BIOS updates, where maximal paranoia is justified. We will want
> to adjust the system to drop down to a single hash algorithm and
> signature system for the normal boot integrity verification, which
> should make it quite a bit faster.
In particular, the current code does:
Hashes file data with whirlpool
Hashes file data with SHA-512
Verifies RSA signature against whirlpool hash
Verifies RSA signature against SHA-512 hash
Verifies ECC signature against whirlpool hash
Verifies ECC signature against SHA-512 hash
If we want to use an abbreviated test for the kernel, I will need to
change the packaging of the crypto code so the firmware has
finer-grained access to the piece-parts.
More information about the Devel
mailing list