For some applications like signing software, we need to disable validity check. the case here is, the boot software is going to have trusted root ca cert. And this will be used to verify application binary.
Also, it is difficult to re-install the boot code on site after expiry of root-cert(basically new root-ca with new boot code.). As this given boot code will be verified for integrity by the hardware. Any modification on Boot code would simply stop the device from booting normally would not boot.
Thinking of disabling validity check.
THe question is
- Is it advisable to disable data/time validation?
- Alternatively, we can have public key(instead of root-ca) as part of boot code?
2.a. The problem I am seeing here is, the we need to backup the private key in secure manner - is there any recommended way?
If we opt for PKI, it is handled by 3rd party vendor, So I don’t worry about backups. If we use public key & privvate key directly, we need to handle the backup process. Need your suggestion.
As mentioned in this post, Mbed TLS is now maintained under open governance at TrustedFirmware.org
Please post your questions in their mailing list next time.
As for your questions, I wouldn’t advise disabling date\time validity checks. There are reasons they exist.
As for your question, you can use public key instead of root ca certificate, but:
- you will lose the authentication part of the verification.
- You will need to implement your own custom bootloading scheme, as current bootloader scheme uses the x509 certificates, with a root CA.
I don’t understand your question about the private key. also in the X509 scheme you will need your own key pair for the device \ server certificate, and you will need to store in in a secure site. If you are referring to storing it in a secure location on the device, there is no need in either scheme, as only the public key participates in the verification.
I am having trouble understanding why certificat eexpiration requires you to reinstall the boot code on site. Don’t you have some secure persistent storage for storing the root ca file ? Only this part should be replaced when certificate expiration, and this non volatile memory should be accessible by boot code. Are you embedding the certificate as part of the boot code? If so, then this is not recommended.