You're right. The Python library on the PI side sends BOTH the fw binary AND the signature to the BHBL when it's first run, and BHBL will use the PUBLIC KEY to verify the validity of the signature. I'm sorry I made a mistake earlier. With the PUBLIC KEY in hand, we can verify that a signature is valid or not. What we can't do is generate a signature for a fw bianry (lack of PRIVATE KEY).I thought that was done in the BHBL firmware but either way it seems it must be taking that signature, processing it, and comparing it with something to decide if it's valid or not.
Statistics: Posted by muzkr — Tue Dec 10, 2024 6:27 pm