[Celinux-dev] RFC - Secure Bootloader patch
Matt Mackall
mpm at selenic.com
Tue Aug 22 13:34:14 PDT 2006
On Tue, Aug 22, 2006 at 03:57:27PM -0400, Stephen Johnson wrote:
> At OLS last month I demoed a Secure Boot Loader that was based on a
> u-boot that had been modified to verify an image signature using a
> SHA1 digest and RSA encryption/decryption. Because I could find the
> information fairly easily about SHA1 and RSA from the OpenSSL package,
> that's what I used. Hence, the modified u-boot ran quite quickly, but
> was rather large. I'm including the u-boot patch in this message so
> that others can look at it for ways to cut the size. The eventual
> goal is to release this patch to the community.
>
> Notes:
> - The u-boot was downloaded from the u-boot git tree on August 1, but
> the patch also applied cleanly with a u-boot version from June.
> - I'm linking against openssl-0.9.8b.
Bad news: I'm afraid this isn't allowed. The OpenSSL license is
notorious for not being GPL-compatible and u-boot doesn't have an
exception clause for linking with OpenSSL (the usual way to deal with
this).
Also note the GPL's library exception for libraries shipped with an
operating system can't be made to apply here.
Possible alternatives are GNU TLS and MatrixSSL.
--
Mathematics is the supreme nostalgia of our time.
More information about the Celinux-dev
mailing list