- 13 10月, 2020 1 次提交
-
-
Currently FIT image must be signed by all required conf keys. This means Verified Boot fails if there is a signature verification failure using any required key in U-Boot DTB. This patch introduces a new policy in DTB that can be set to any required conf key. This means if verified boot passes with one of the required keys, U-Boot will continue the OS hand off. There were prior attempts to address this: https://lists.denx.de/pipermail/u-boot/2019-April/366047.html The above patch was failing "make tests". https://lists.denx.de/pipermail/u-boot/2020-January/396629.htmlSigned-off-by: NThirupathaiah Annapureddy <thiruan@linux.microsoft.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
- 19 5月, 2020 1 次提交
-
-
由 Simon Glass 提交于
Move this header out of the common header. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
- 01 5月, 2020 1 次提交
-
-
由 Philippe Reynes 提交于
The signature check on config node is broken on fit with padding. To compute the signature for config node, U-Boot compute the signature on all properties of requested node for this config, except for the property "data". But, when padding is used for binary in a fit, there isn't a property "data" but two properties: "data-offset" and "data-size". So to fix the check of signature, we also don't use the properties "data-offset" and "data-size" when checking the signature on config node. Reviewed-by: NSimon Glass <sjg@chromium.org> Signed-off-by: NPhilippe Reynes <philippe.reynes@softathome.com>
-
- 27 4月, 2020 1 次提交
-
-
由 Masahiro Yamada 提交于
fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: NMasahiro Yamada <masahiroy@kernel.org>
-
- 12 3月, 2020 1 次提交
-
-
由 AKASHI Takahiro 提交于
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building RSA functions from FIT verification and allow for adding a RSA-based signature verification for other file formats, in particular PE file for UEFI secure boot. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
- 24 10月, 2019 1 次提交
-
-
由 T Karthik Reddy 提交于
This patch adds manual relocation for struct checksum_algo & struct crypto_algo structures. Signed-off-by: NT Karthik Reddy <t.karthik.reddy@xilinx.com> Signed-off-by: NSiva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com> Signed-off-by: NMichal Simek <michal.simek@xilinx.com>
-
- 21 6月, 2019 1 次提交
-
-
由 Patrick Doyle 提交于
Previously we would store NULL in info->padding and jump to an illegal instruction if an unknown value for "padding" was specified in the device tree. Signed-off-by: NPatrick Doyle <pdoyle@irobot.com>
-
- 03 12月, 2018 2 次提交
-
-
由 Philippe Reynes 提交于
We add the support of the padding pss for rsa signature. This new padding is often recommended instead of pkcs-1.5. Signed-off-by: NPhilippe Reynes <philippe.reynes@softathome.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 Philippe Reynes 提交于
The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: NPhilippe Reynes <philippe.reynes@softathome.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
- 17 11月, 2018 1 次提交
-
-
由 Konrad Beckmann 提交于
A specially crafted FIT image leads to memory corruption in the stack when using the verified boot feature. The function fit_config_check_sig has a logic error that makes it possible to write past the end of the stack allocated array node_inc. This could potentially be used to bypass the signature check when using verified boot. This change ensures that the number of strings is correct when counted. Signed-off-by: NKonrad Beckmann <konrad.beckmann@gmail.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
- 11 7月, 2018 2 次提交
-
-
由 Teddy Reed 提交于
The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: NTeddy Reed <teddy.reed@gmail.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 Teddy Reed 提交于
This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the max size of a FIT header's totalsize field. The field is checked before signature checks are applied to protect from reading past the intended FIT regions. This field is not part of the vboot signature so it should be sanity checked. If the field is corrupted then the structure or string region reads may have unintended behavior, such as reading from device memory. A default value of 256MB is set and intended to support most max storage sizes. Suggested-by: NSimon Glass <sjg@chromium.org> Signed-off-by: NTeddy Reed <teddy.reed@gmail.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
- 07 5月, 2018 1 次提交
-
-
由 Tom Rini 提交于
When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: NTom Rini <trini@konsulko.com>
-
- 16 1月, 2018 1 次提交
-
-
由 Andre Przywara 提交于
The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: NAndre Przywara <andre.przywara@arm.com>
-
- 06 11月, 2017 1 次提交
-
-
由 Masahiro Yamada 提交于
Designated initializers are more readable because we do not have to check the order in the struct definitions. Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
- 22 11月, 2016 3 次提交
-
-
由 Andrew Duda 提交于
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: NAndrew Duda <aduda@meraki.com> Signed-off-by: Naduda <aduda@meraki.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 Andrew Duda 提交于
Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: NAndrew Duda <aduda@meraki.com> Signed-off-by: Naduda <aduda@meraki.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 Andrew Duda 提交于
Padding verification was done against static SHA/RSA pair arrays which take up a lot of static memory, are mostly 0xff, and cannot be reused for additional SHA/RSA pairings. The padding can be easily computed according to PKCS#1v2.1 as: EM = 0x00 || 0x01 || PS || 0x00 || T where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding of the hash. Store DER prefix in checksum_algo and create rsa_verify_padding function to handle verification of a message for any SHA/RSA pairing. Signed-off-by: NAndrew Duda <aduda@meraki.com> Signed-off-by: Naduda <aduda@meraki.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
- 14 10月, 2016 1 次提交
-
-
由 Simon Glass 提交于
The signature for this macro has changed. Bring in the upstream version and adjust U-Boot's usages to suit. Signed-off-by: NSimon Glass <sjg@chromium.org> Update to drivers/power/pmic/palmas.c: Signed-off-by: NKeerthy <j-keerthy@ti.com> Change-Id: I6cc9021339bfe686f9df21d61a1095ca2b3776e8
-
- 17 2月, 2015 1 次提交
-
-
由 Axel Lin 提交于
Use fdt_for_each_subnode macro to simplify the code a bit. Signed-off-by: NAxel Lin <axel.lin@ingics.com> Acked-by: NSimon Glass <sjg@chromium.org>
-
- 30 1月, 2015 1 次提交
-
-
由 Ruchika Gupta 提交于
Currently the hash functions used in RSA are called directly from the sha1 and sha256 libraries. Change the RSA checksum library to use the progressive hash API's registered with struct hash_algo. This will allow the checksum library to use the hardware accelerated progressive hash API's once available. Signed-off-by: NRuchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: NSimon Glass <sjg@chromium.org> Signed-off-by: NSimon Glass <sjg@chromium.org> (Fixed build error in am335x_boneblack_vboot due to duplicate CONFIG_DM) Change-Id: Ic44279432f88d4e8594c6e94feb1cfcae2443a54
-
- 19 6月, 2014 2 次提交
-
-
由 Jeroen Hofstee 提交于
commit 18b06652 "tools: include u-boot version of sha256.h" unconditionally forced the sha256.h from u-boot to be used for tools instead of the host version. This is fragile though as it will also include the host version. Therefore move it to include/u-boot to join u-boot/md5.h etc which were renamed for the same reason. cc: Simon Glass <sjg@chromium.org> Signed-off-by: NJeroen Hofstee <jeroen@myspectrum.nl>
-
由 Simon Glass 提交于
It is more common to have 0 mean OK, and -ve mean error. Change this function to work the same way to avoid confusion. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
- 22 3月, 2014 3 次提交
-
-
由 Heiko Schocher 提交于
add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: NHeiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org>
-
由 Heiko Schocher 提交于
Add support for sha256,rsa4096 signatures in u-boot. Signed-off-by: NHeiko Schocher <hs@denx.de> Acked-by: NSimon Glass <sjg@chromium.org> Cc: andreas@oetken.name
-
由 Heiko Schocher 提交于
based on patch from andreas@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: NHeiko Schocher <hs@denx.de> Cc: andreas@oetken.name Cc: Simon Glass <sjg@chromium.org>
-
- 24 7月, 2013 1 次提交
-
-
由 Wolfgang Denk 提交于
Signed-off-by: NWolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: NTom Rini <trini@ti.com>
-
- 26 6月, 2013 4 次提交
-
-
由 Simon Glass 提交于
While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
由 Simon Glass 提交于
RSA provides a public key encryption facility which is ideal for image signing and verification. Images are signed using a private key by mkimage. Then at run-time, the images are verified using a private key. This implementation uses openssl for the host part (mkimage). To avoid bringing large libraries into the U-Boot binary, the RSA public key is encoded using a simple numeric representation in the device tree. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
由 Simon Glass 提交于
Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
由 Simon Glass 提交于
Add a structure to describe an algorithm which can sign and (later) verify images. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
- 27 10月, 2012 1 次提交
-
-
由 Marek Vasut 提交于
This stuff has been rotting in the tree for a while now. Remove it. Signed-off-by: NMarek Vasut <marex@denx.de>
-
- 08 9月, 2011 2 次提交
-
-
由 Wolfgang Denk 提交于
Signed-off-by: NWolfgang Denk <wd@denx.de> Cc: Albert ARIBAUD <albert.u.boot@aribaud.net> Cc: Marius Gröger <mag@sysgo.de>
-
由 Wolfgang Denk 提交于
Signed-off-by: NWolfgang Denk <wd@denx.de> Cc: Albert ARIBAUD <albert.u.boot@aribaud.net> Cc: Marius Gröger <mag@sysgo.de>
-
- 13 4月, 2010 2 次提交
-
-
由 Peter Tyser 提交于
This helps to clean up the include/ directory so that it only contains non-architecture-specific headers and also matches Linux's directory layout which many U-Boot developers are already familiar with. Signed-off-by: NPeter Tyser <ptyser@xes-inc.com>
-
由 Peter Tyser 提交于
The appropriate include/asm-$ARCH directory should already by symlinked to include/asm so using the whole "asm-$ARCH" path is unnecessary. This change should also allow us to move the include/asm-$ARCH directories into their appropriate lib/$ARCH/ directories. Signed-off-by: NPeter Tyser <ptyser@xes-inc.com>
-
- 30 3月, 2009 1 次提交
-
-
Signed-off-by: NJean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
-
- 09 5月, 2007 1 次提交
-
-
由 Peter Pearse 提交于
-
- 24 1月, 2007 1 次提交
-
-
由 Gary Jennejohn 提交于
-
- 06 10月, 2005 1 次提交
-
-
由 Wolfgang Denk 提交于
Use lowlevel_init() instead of platformsetup() [rename]. Patch by Peter Pearse, 06 Oct 2005
-