Re: [RFC 3/4] FIT: add FIT image support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Do, 2015-03-12 at 19:19 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> please do not send a new version except for fix
> 
> I'm going to re-integrate it with the keystore & co

Could you describe your keystore design?

> and sha1,rsa2048 is considered weak in term of security
> and worse md4/md5
> 
> for barebox I would only use
> at least sha256 with rs2048 or sha512 with rsa4096

Yes, of course. These were only used as an example and it's trivial to
switch to other hash algos or RSA key sizes. Also, the FIT format can
easily be extended to support ECC/Curve25519.

In some cases, where the SoC's ROM code only supports RSA2048 with SHA1,
using stronger settings in Barebox doesn't increase security. So there
we want to use the same settings as the ROM code.

Regards,
Jan
-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |


_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox




[Index of Archives]     [Linux Embedded]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux