How to validate integrity of a singed+encrypted image before rebooting? #2007
Unanswered
rretanubun
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello
I am referencing these docs and have a question on image
integrity
check before rebooting.For unencrypted image
I am able to take a binary with MCUBoot information added via
imgtool
and if I trim the binary to just these sections(as shown by
imgtool dumpinfo
)I am able to compute the sha256 sum that matches the data in TLV type
IMAGE_TLV_SHA256
(0x10).For encrypted image
ref: https://docs.mcuboot.com/encrypted_images.html#design
So an encrypted image need to be
decrypted
first and then have its SHA256 computed and comparedto the over in the TLV, over the same region of data, correct?
Question
For example, when using FOTA based transfer, it is advantageous to be able to validate the encrypted image as received before rebooting.
Maybe a
IMAGE_TLV_SHA256_ENCRYPTED
TLV Type? /* SHA256 of image ihdr + encrypted-body */encrypted
image before reboot?Thanks for everyone's time
Beta Was this translation helpful? Give feedback.
All reactions