qschulz has quit [Read error: Connection reset by peer]
qschulz has joined #u-boot
minimal has quit [Quit: Leaving]
WoC` has quit [*.net *.split]
vagrantc has quit [*.net *.split]
indy has quit [*.net *.split]
hanetzer has quit [*.net *.split]
naoki has quit [*.net *.split]
elafon has quit [*.net *.split]
\dev\ice has quit [*.net *.split]
tom42 has quit [*.net *.split]
ldts has quit [*.net *.split]
robher has quit [*.net *.split]
Epakai has quit [*.net *.split]
ldts_ has joined #u-boot
robher_ has joined #u-boot
vagrantc has joined #u-boot
indy has joined #u-boot
Epakai_ has joined #u-boot
hanetzer has joined #u-boot
hanetzer has quit [Signing in (hanetzer)]
hanetzer has joined #u-boot
Epakai_ is now known as Epakai
tom42 has joined #u-boot
WoC` has joined #u-boot
thopiekar has quit [Ping timeout: 264 seconds]
thopiekar has joined #u-boot
naoki has joined #u-boot
elafon has joined #u-boot
\dev\ice has joined #u-boot
LeSpocky has quit [Ping timeout: 265 seconds]
LeSpocky has joined #u-boot
jclsn has quit [Ping timeout: 246 seconds]
jclsn has joined #u-boot
vagrantc has quit [Quit: leaving]
thopiekar_ has joined #u-boot
thopiekar has quit [Ping timeout: 268 seconds]
grgy has quit [Remote host closed the connection]
grgy has joined #u-boot
zpiro has quit [Ping timeout: 268 seconds]
zpiro has joined #u-boot
ikarso has joined #u-boot
macromorgan_ has joined #u-boot
macromorgan is now known as Guest563
macromorgan_ is now known as macromorgan
Guest563 has quit [Killed (tungsten.libera.chat (Nickname regained by services))]
alpernebbi has quit [Ping timeout: 246 seconds]
alpernebbi has joined #u-boot
guillaume_g has joined #u-boot
xroumegue has quit [Ping timeout: 268 seconds]
mncheck has joined #u-boot
xroumegue has joined #u-boot
mckoan|away is now known as mckoan
tlwoerner has quit [*.net *.split]
mrnuke has quit [*.net *.split]
aggi has quit [*.net *.split]
pgreco has quit [*.net *.split]
tafa has quit [*.net *.split]
rvalue has quit [*.net *.split]
tpw_rules has quit [*.net *.split]
m5zs7k has quit [*.net *.split]
urja has quit [*.net *.split]
Gravis has quit [*.net *.split]
niska has quit [*.net *.split]
PaulePanter has quit [*.net *.split]
mrnuke has joined #u-boot
tlwoerner has joined #u-boot
aggi has joined #u-boot
pgreco has joined #u-boot
niska has joined #u-boot
pgreco has quit [Changing host]
pgreco has joined #u-boot
urja has joined #u-boot
rvalue has joined #u-boot
tpw_rules has joined #u-boot
tafa has joined #u-boot
Gravis has joined #u-boot
m5zs7k has joined #u-boot
PaulePanter has joined #u-boot
sszy has joined #u-boot
WoC` has quit [Remote host closed the connection]
WoC` has joined #u-boot
prabhakarlad has joined #u-boot
persmule has quit [Quit: Leaving]
rfried has joined #u-boot
persmule has joined #u-boot
apritzel has joined #u-boot
WoC` has quit [Ping timeout: 264 seconds]
WoC` has joined #u-boot
indy_ has joined #u-boot
indy has quit [Ping timeout: 268 seconds]
macromorgan has quit [Read error: Connection reset by peer]
<milkylainen>
hramrach: Sorry. Didn't see your reply.
<milkylainen>
hramrach: I know extlinux.conf doesn't carry any signature options or capabilities.
<milkylainen>
hramrach: Just curious about how signatures would be done when using extlinux.conf as a loading mechanism.
<milkylainen>
hramrach: via the u-boot extension for scripts or just loading the image?
<milkylainen>
hramrach: afaiu, sysboot handles the .conf and that command doesn't really return for me to do operations on the loaded kernel image?
sbach has quit [Read error: Connection reset by peer]
sbach has joined #u-boot
mmu_man has joined #u-boot
cbmuser has quit [Quit: WeeChat 3.0]
monstr has joined #u-boot
cbmuser has joined #u-boot
zibolo has quit [Quit: bye]
cambrian_invader has quit [Ping timeout: 255 seconds]
cambrian_invader has joined #u-boot
torez has joined #u-boot
Net147 has quit [Quit: Quit]
Net147 has joined #u-boot
Net147 has quit [Changing host]
Net147 has joined #u-boot
<hays>
I love that you have to run make to get the u-boot changelog. haha
prabhakarlad has quit [Quit: Client closed]
<hramrach>
milkylainen: it uses do_bootm do_booti do_bootz or do_zboot_parent so if these verify the images you get verification - alternatively you could add verification in label_boot
<milkylainen>
hramrach: I don't think any kernel bootstrap procedure has ever verified the kernel with a cryptographic signature?
<hramrach>
how is the secure boot done then?
<milkylainen>
afaiu fit images.
<milkylainen>
But I can't use that. So the question is more generic.
<milkylainen>
Signature verification of a data blob, preferrably one that extlinux.conf points out.
<milkylainen>
I'm looking at a vendor tree right now though. 2020.10. So some reservations for older stuff.
<hramrach>
so you would need to do the verification for non-fit, and that might be appended signature or PE or both
<hramrach>
there is aprser for either in the kernel, that's the only one I know of
<milkylainen>
hramrach: yes. Something generic, like a cmdline based one.
<milkylainen>
hramrach: I can see the lib functions there. If that's what you meant?
<hramrach>
never needed to delve into the detail, only used the high level verification interface
<hramrach>
and you need to ask yourself the question if you want a separate verification command, or if you want the boot* commands to verify whatever you pass to them and fail if not signed
<milkylainen>
I don't think it matters to me. Both cases could be handled with some scripting?
<hramrach>
it's more like the UX - if you want to make loading unsigned images difficult when secure boot is enabled, of if you just add an optional verification step and make loding unverified images easy and prone to happening
<hramrach>
yes, and scripting does not work with sysboot, you would have to rewrite that
<milkylainen>
I usually have my bootloader rather fixed function and immutable. In this case, no console, almost no output, no stored env and the whole lot is protected/verified and encrypted. All debug methods are disabled.
<milkylainen>
Boot mechanism is my own n-redundant u-boot cmd.
<milkylainen>
Which uses the common denominator platform format though
filipm has joined #u-boot
<milkylainen>
hramrach: I guess the equivalent would be parts of the innards of fit-image-sig.c exposed as a regular cmd.
<filipm>
Hi! Has anyone observed slow FIT fat mmc read on SPL? (The uboot.itb image I try to read is 9MB and takes around 2 mins; log: https://controlc.com/eb1b50d8;)
<hramrach>
milkylainen: but you have not place to plug that dmc in the syslinux boot
<hramrach>
*cmd
<milkylainen>
hramrach: I'll have to hack it, somehow. But a generic "verify blob signature" would be a nice addition.
<milkylainen>
I was actually a bit surprised when looking around, I know U-boot could do signature validation. Presumably rsa/x509.. so the crypto code is there. But no cmdline variant. I was thinking "somebody probably had a cmd going to test validity of things before doing FIT images". :)
<hramrach>
the usual idea with secure boot is that whatever loads/executes the blob also verifies it, no separate command for verification
monstr has quit [Remote host closed the connection]
<hramrach>
because when you do secure boot you want everyhing that is loaded also verified
<milkylainen>
Sure. But I don't see a contradiction? Or maybe I'm missunderstanding you? To me, FIT images are not more secure than an immutable hardcoded procedure? If you can modify the fit image procedure you can modify other things?
<milkylainen>
Simpler and more portable, yes.
<hramrach>
that 'immutable hardcoded procedure' is a script, you have to write that, and ensure that no unsigned image can be loaded, anew for each use case
<hramrach>
on the other hand if you enable a config option and the boot commands now refuse to execute anything that's not signed, and that's tested by CI it does not matter what your scritp does, only singed kernel can be executed
ikarso has quit [Quit: Connection closed for inactivity]
<milkylainen>
Umm. The entire boot is stacked on env and scripts? If I can modify anything then it really doesn't matter. Yes. It might lessen the chance that I screwed up something mundane.
<hramrach>
if you cannot execute anything that is not signed it does not matter that much what you do to env and scripts
<hramrach>
but we have memory write commands and stuff, and that would have to get disabled then
<hramrach>
in any case your scritps are not tested by qemu CI, the commands can - that has potential for realiability improvement
prabhakarlad has joined #u-boot
vagrantc has joined #u-boot
minimal has joined #u-boot
mmu_man has quit [Ping timeout: 268 seconds]
<hays>
so ive got build instructions that use a linaro cross-compiling toolchain from amd64->arm64
<hays>
The linaro GCC is pretty old... If I am ON an arm64 machine.. can I just use gcc10 or whatever?
<hramrach>
yes, it should work
<hramrach>
with recent u-boot at least
mmu_man has joined #u-boot
<hays>
i think its a 2018 u-boot that's been patched
<hays>
i don't know if patches went upstream
mckoan is now known as mckoan|away
sukbeom has quit [Ping timeout: 248 seconds]
rvalue has quit [Read error: Connection reset by peer]