No worries and I think I have grasped what you are saying and believe you may be right. I'm not entirely convinced a signature couldn't be faked but I'm no cryptography expert and I believe that's how the theory goes.I'm sorry I made a mistake earlier. With the PUBLIC KEY in hand, we can verify that a signature is valid or not. What we can't do is generate a signature for a fw bianry (lack of PRIVATE KEY).
One small beacon of light is that it isn't necessary to be able to fake a signature for all and any arbitrary firmware; just for one which can permanently side-step the verification check in the BHDL bootloader in Flash.
But it's likely simpler to have anyone who really wants a 'load anything BHDL' to solder jump the SWD pins to the GPIO header, OpenOCD force that firmware into the RP2040.
Statistics: Posted by hippy — Tue Dec 10, 2024 7:23 pm