Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OS
U-Boot.Mirror
提交
e43f74ac
U
U-Boot.Mirror
项目概览
OS
/
U-Boot.Mirror
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
U
U-Boot.Mirror
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
e43f74ac
编写于
8月 22, 2017
作者:
M
Masahiro Yamada
提交者:
Tom Rini
8月 26, 2017
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
doc: verified-boot: fix typos
Signed-off-by:
N
Masahiro Yamada
<
yamada.masahiro@socionext.com
>
上级
10b078d8
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
6 addition
and
6 deletion
+6
-6
doc/uImage.FIT/signature.txt
doc/uImage.FIT/signature.txt
+5
-5
doc/uImage.FIT/verified-boot.txt
doc/uImage.FIT/verified-boot.txt
+1
-1
未找到文件。
doc/uImage.FIT/signature.txt
浏览文件 @
e43f74ac
...
...
@@ -81,7 +81,7 @@ $ openssl rsa -in keys/dev.key -pubout
Device Tree Bindings
--------------------
The following properties are required in the FIT's signature node(s) to
allow the
s
signer to operate. These should be added to the .its file.
allow the signer to operate. These should be added to the .its file.
Signature nodes sit at the same level as hash nodes and are called
signature@1, signature@2, etc.
...
...
@@ -150,7 +150,7 @@ all available signing keys until one matches.
- required: If present this indicates that the key must be verified for the
image / configuration to be considered valid. Only required keys are
normally verified by the FIT image booting algorithm. Valid values are
"image" to force verification of all images, and "conf" to force verfication
"image" to force verification of all images, and "conf" to force ver
i
fication
of the selected configuration (which then relies on hashes in the images to
verify those).
...
...
@@ -242,7 +242,7 @@ configuration 3 with kernel 1 and fdt 2:
With signed images, nothing protects against this. Whether it gains an
advantage for the attacker is debatable, but it is not secure.
To solve
d
this problem, we support signed configurations. In this case it
To solve this problem, we support signed configurations. In this case it
is the configurations that are signed, not the image. Each image has its
own hash, and we include the hash in the configuration signature.
...
...
@@ -327,7 +327,7 @@ Enabling FIT Verification
In addition to the options to enable FIT itself, the following CONFIGs must
be enabled:
CONFIG_FIT_SIGNATURE - enable signing and verfication in FITs
CONFIG_FIT_SIGNATURE - enable signing and ver
i
fication in FITs
CONFIG_RSA - enable RSA algorithm for signing
WARNING: When relying on signed FIT images with required signature check
...
...
@@ -336,7 +336,7 @@ CONFIG_IMAGE_FORMAT_LEGACY
Testing
-------
An easy way to test signing and verfication is to use the test script
An easy way to test signing and ver
i
fication is to use the test script
provided in test/vboot/vboot_test.sh. This uses sandbox (a special version
of U-Boot which runs under Linux) to show the operation of a 'bootm'
command loading and verifying images.
...
...
doc/uImage.FIT/verified-boot.txt
浏览文件 @
e43f74ac
...
...
@@ -93,7 +93,7 @@ include hashes to verify images, so it is relatively straightforward to
add signatures as well.
The public key can be stored in U-Boot's CONFIG_OF_CONTROL device tree in
a standard place. Then when a FIT i
t
loaded it can be verified using that
a standard place. Then when a FIT i
s
loaded it can be verified using that
public key. Multiple keys and multiple signatures are supported.
See signature.txt for more information.
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录