Mirrors/u-boot
2
0
Fork 0
mirror of https://github.com/AsahiLinux/u-boot synced 2024-11-28 07:31:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

doc: Replace examples of MD5 and SHA1 with SHA256

Browse source 
Both SHA1 and (especially) MD5 are no longer as safe as they once were for
cryptographic use. Replaces examples which use them with examples using
SHA256 instead. This will provide more-secure defaults for users who use
documentation examples as a base for their own use. This is not too
necessary for non-verified-boot scenarios (since someone could just replace
the checksum), but I wanted to be complete.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Peter Robinson <pbrobinson@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
This commit is contained in:
Sean Anderson 2023-12-02 14:33:14 -05:00 committed by Heinrich Schuchardt
parent 7017fc54a5
commit 291ab91935
17 changed files with 109 additions and 109 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/chromium/files/chromebook_jerry.its
View file

@ -15,7 +15,7 @@
load = <0>;
entry = <0>;
hash-2 {
algo = "sha1";
algo = "sha256";
};
};
@ -26,7 +26,7 @@
arch = "arm";
compression = "none";
hash-1{
algo = "sha1";
algo = "sha256";
};
};
};

4
doc/chromium/files/nyan-big.its
View file

@ -15,7 +15,7 @@
load = <0>;
entry = <0>;
hash-2 {
algo = "sha1";
algo = "sha256";
};
};
@ -26,7 +26,7 @@
arch = "arm";
compression = "none";
hash-1{
algo = "sha1";
algo = "sha256";
};
};
};

6
doc/usage/cmd/imxtract.rst
View file

@ -45,14 +45,14 @@ Examples
With verify=no incorrect hashes, signatures, or check sums don't stop the
extraction. But correct hashes are still indicated in the output
(here: md5, sha1).
(here: sha256, sha512).
.. code-block:: console
=> setenv verify no
=> imxtract $loadaddr kernel-1 $kernel_addr_r
## Copying 'kernel-1' subimage from FIT image at 40200000 ...
md5+ sha1+ Loading part 0 ... OK
sha256+ sha512+ Loading part 0 ... OK
=>
With verify=yes incorrect hashes, signatures, or check sums stop the extraction.
@ -62,7 +62,7 @@ With verify=yes incorrect hashes, signatures, or check sums stop the extraction.
=> setenv verify yes
=> imxtract $loadaddr kernel-1 $kernel_addr_r
## Copying 'kernel-1' subimage from FIT image at 40200000 ...
md5 error!
sha256 error!
Bad hash value for 'hash-1' hash node in 'kernel-1' image node
Bad Data Hash
=>

74
doc/usage/fit/beaglebone_vboot.rst
View file

@ -145,7 +145,7 @@ Put this into a file in that directory called sign.its::
load = <0x80008000>;
entry = <0x80008000>;
hash-1 {
algo = "sha1";
algo = "sha256";
};
};
fdt-1 {
@ -155,7 +155,7 @@ Put this into a file in that directory called sign.its::
arch = "arm";
compression = "none";
hash-1 {
algo = "sha1";
algo = "sha256";
};
};
};
@ -165,7 +165,7 @@ Put this into a file in that directory called sign.its::
kernel = "kernel";
fdt = "fdt-1";
signature-1 {
algo = "sha1,rsa2048";
algo = "sha256,rsa2048";
key-name-hint = "dev";
sign-images = "fdt", "kernel";
};
@ -227,8 +227,8 @@ You should see something like this::
OS: Linux
Load Address: 0x80008000
Entry Point: 0x80008000
Hash algo: sha1
Hash value: c94364646427e10f423837e559898ef02c97b988
Hash algo: sha256
Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1
Image 1 (fdt-1)
Description: beaglebone-black
Created: Sun Jun 1 12:50:30 2014
@ -236,8 +236,8 @@ You should see something like this::
Compression: uncompressed
Data Size: 31547 Bytes = 30.81 kB = 0.03 MB
Architecture: ARM
Hash algo: sha1
Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d
Hash algo: sha256
Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd
Default Configuration: 'conf-1'
Configuration 0 (conf-1)
Description: unavailable
@ -255,11 +255,11 @@ You can also run fit_check_sign to check it::
which results in::
Verifying Hash Integrity ... sha1,rsa2048:dev+
Verifying Hash Integrity ... sha256,rsa2048:dev+
## Loading kernel from FIT Image at 7fc6ee469000 ...
Using 'conf-1' configuration
Verifying Hash Integrity ...
sha1,rsa2048:dev+
sha256,rsa2048:dev+
OK
Trying 'kernel' kernel subimage
@ -272,10 +272,10 @@ which results in::
OS: Linux
Load Address: 0x80008000
Entry Point: 0x80008000
Hash algo: sha1
Hash value: c94364646427e10f423837e559898ef02c97b988
Hash algo: sha256
Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1
Verifying Hash Integrity ...
sha1+
sha256+
OK
Unimplemented compression type 4
@ -288,10 +288,10 @@ which results in::
Compression: uncompressed
Data Size: 31547 Bytes = 30.81 kB = 0.03 MB
Architecture: ARM
Hash algo: sha1
Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d
Hash algo: sha256
Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd
Verifying Hash Integrity ...
sha1+
sha256+
OK
Loading Flat Device Tree ... OK
@ -303,14 +303,14 @@ which results in::
Signature check OK
At the top, you see "sha1,rsa2048:dev+". This means that it checked an RSA key
of size 2048 bits using SHA1 as the hash algorithm. The key name checked was
At the top, you see "sha256,rsa2048:dev+". This means that it checked an RSA key
of size 2048 bits using SHA256 as the hash algorithm. The key name checked was
'dev' and the '+' means that it verified. If it showed '-' that would be bad.
Once the configuration is verified it is then possible to rely on the hashes
in each image referenced by that configuration. So fit_check_sign goes on to
load each of the images. We have a kernel and an FDT but no ramkdisk. In each
case fit_check_sign checks the hash and prints sha1+ meaning that the SHA1
case fit_check_sign checks the hash and prints sha256+ meaning that the SHA256
hash verified. This means that none of the images has been tampered with.
There is a test in test/vboot which uses U-Boot's sandbox build to verify that
@ -328,11 +328,11 @@ This tells us that the kernel starts at byte offset 168 (decimal) in image.fit
and extends for about 7MB. Try changing a byte at 0x2000 (say) and run
fit_check_sign again. You should see something like::
Verifying Hash Integrity ... sha1,rsa2048:dev+
Verifying Hash Integrity ... sha256,rsa2048:dev+
## Loading kernel from FIT Image at 7f5a39571000 ...
Using 'conf-1' configuration
Verifying Hash Integrity ...
sha1,rsa2048:dev+
sha256,rsa2048:dev+
OK
Trying 'kernel' kernel subimage
@ -345,10 +345,10 @@ fit_check_sign again. You should see something like::
OS: Linux
Load Address: 0x80008000
Entry Point: 0x80008000
Hash algo: sha1
Hash value: c94364646427e10f423837e559898ef02c97b988
Hash algo: sha256
Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1
Verifying Hash Integrity ...
sha1 error
sha256 error
Bad hash value for 'hash-1' hash node in 'kernel' image node
Bad Data Hash
@ -361,10 +361,10 @@ fit_check_sign again. You should see something like::
Compression: uncompressed
Data Size: 31547 Bytes = 30.81 kB = 0.03 MB
Architecture: ARM
Hash algo: sha1
Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d
Hash algo: sha256
Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd
Verifying Hash Integrity ...
sha1+
sha256+
OK
Loading Flat Device Tree ... OK
@ -419,13 +419,13 @@ need to change the hash to match. Let's simulate that by changing a byte of
the hash::
fdtget -tx image.fit /images/kernel/hash-1 value
c9436464 6427e10f 423837e5 59898ef0 2c97b988
fdtput -tx image.fit /images/kernel/hash-1 value c9436464 6427e10f 423837e5 59898ef0 2c97b981
51b2adf9 c1016ed4 6f424d85 dcc6c34c 46a20b9b ee7227e0 6a6b6320 ca5d35c1
fdtput -tx image.fit /images/kernel/hash-1 value 51b2adf9 c1016ed4 6f424d85 dcc6c34c 46a20b9b ee7227e0 6a6b6320 ca5d35c8
Now check it again::
$UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb
Verifying Hash Integrity ... sha1,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
Verifying Hash Integrity ... sha256,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
rsa_verify_with_keynode: RSA failed to verify: -13
-
Failed to verify required signature 'key-dev'
@ -446,7 +446,7 @@ running the mkimage link again. Then::
fdtput -p image.fit /configurations/conf-1/signature-1 value fred
$UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb
Verifying Hash Integrity ... -
sha1,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
sha256,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
rsa_verify_with_keynode: RSA failed to verify: -13
-
Failed to verify required signature 'key-dev'
@ -528,7 +528,7 @@ You should then see something like this::
U-Boot# bootm 82000000
## Loading kernel from FIT Image at 82000000 ...
Using 'conf-1' configuration
Verifying Hash Integrity ... sha1,rsa2048:dev+ OK
Verifying Hash Integrity ... sha256,rsa2048:dev+ OK
Trying 'kernel' kernel subimage
Description: unavailable
Created: 2014-06-01 19:32:54 UTC
@ -540,9 +540,9 @@ You should then see something like this::
OS: Linux
Load Address: 0x80008000
Entry Point: 0x80008000
Hash algo: sha1
Hash value: c94364646427e10f423837e559898ef02c97b988
Verifying Hash Integrity ... sha1+ OK
Hash algo: sha256
Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1
Verifying Hash Integrity ... sha256+ OK
## Loading fdt from FIT Image at 82000000 ...
Using 'conf-1' configuration
Trying 'fdt-1' fdt subimage
@ -553,9 +553,9 @@ You should then see something like this::
Data Start: 0x8276e2ec
Data Size: 31547 Bytes = 30.8 KiB
Architecture: ARM
Hash algo: sha1
Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d
Verifying Hash Integrity ... sha1+ OK
Hash algo: sha256
Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd
Verifying Hash Integrity ... sha256+ OK
Booting using the fdt blob at 0x8276e2ec
Uncompressing Kernel Image ... OK
Loading Device Tree to 8fff5000, end 8ffffb3a ... OK

40
doc/usage/fit/howto.rst
View file

@ -8,7 +8,7 @@ Overview
The new uImage format allows more flexibility in handling images of various
types (kernel, ramdisk, etc.), it also enhances integrity protection of images
with sha1 and md5 checksums.
with cryptographic checksums.
Two auxiliary tools are needed on the development host system in order to
create an uImage in the new format: mkimage and dtc, although only one
@ -99,7 +99,7 @@ started by ATF where SPL is loading U-Boot (as loadables) and ATF (as firmware).
load = <0x8 0x8000000>;
entry = <0x8 0x8000000>;
hash {
algo = "md5";
algo = "sha256";
};
};
atf {
@ -112,7 +112,7 @@ started by ATF where SPL is loading U-Boot (as loadables) and ATF (as firmware).
load = <0xfffea000>;
entry = <0xfffea000>;
hash {
algo = "md5";
algo = "sha256";
};
};
fdt_1 {
@ -123,7 +123,7 @@ started by ATF where SPL is loading U-Boot (as loadables) and ATF (as firmware).
compression = "none";
load = <0x100000>;
hash {
algo = "md5";
algo = "sha256";
};
};
};
@ -190,8 +190,8 @@ its contents:
Entry Point: 0x00000000
Hash algo: crc32
Hash value: 2ae2bb40
Hash algo: sha1
Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4
Hash algo: sha256
Hash value: c22f6bb5a3f96942507a37e7d6a9333ebdc7da57971bc4c082113fe082fdc40f
Default Configuration: 'config-1'
Configuration 0 (config-1)
Description: Boot Linux kernel
@ -236,8 +236,8 @@ specific to the new image format).
Entry Point: 0x00000000
Hash algo: crc32
Hash value: 2ae2bb40
Hash algo: sha1
Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4
Hash algo: sha256
Hash value: c22f6bb5a3f96942507a37e7d6a9333ebdc7da57971bc4c082113fe082fdc40f
Default Configuration: 'config-1'
Configuration 0 (config-1)
Description: Boot Linux kernel
@ -258,8 +258,8 @@ specific to the new image format).
Entry Point: 0x00000000
Hash algo: crc32
Hash value: 2ae2bb40
Hash algo: sha1
Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4
Hash algo: sha256
Hash value: c22f6bb5a3f96942507a37e7d6a9333ebdc7da57971bc4c082113fe082fdc40f
Verifying Hash Integrity ... crc32+ sha1+ OK
Uncompressing Kernel Image ... OK
Memory BAT mapping: BAT2=256Mb, BAT3=0Mb, residual: 0Mb
@ -302,8 +302,8 @@ modified to take the files from some other location if needed):
Entry Point: 0x00000000
Hash algo: crc32
Hash value: 2c0cc807
Hash algo: sha1
Hash value: 264b59935470e42c418744f83935d44cdf59a3bb
Hash algo: sha256
Hash value: a3e9e18b793873827d27c97edfbca67c404a1972d9f36cf48e73ff85d69a422c
Image 1 (fdt-1)
Description: Flattened Device Tree blob
Type: Flat Device Tree
@ -312,8 +312,8 @@ modified to take the files from some other location if needed):
Architecture: PowerPC
Hash algo: crc32
Hash value: 0d655d71
Hash algo: sha1
Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def
Hash algo: sha256
Hash value: e9b9a40c5e2e12213ac819e7ccad7271ef43eb5edf9b421f0fa0b4b51bfdb214
Default Configuration: 'conf-1'
Configuration 0 (conf-1)
Description: Boot Linux kernel with FDT blob
@ -353,8 +353,8 @@ inspected and booted:
Entry Point: 0x00000000
Hash algo: crc32
Hash value: 2c0cc807
Hash algo: sha1
Hash value: 264b59935470e42c418744f83935d44cdf59a3bb
Hash algo: sha256
Hash value: a3e9e18b793873827d27c97edfbca67c404a1972d9f36cf48e73ff85d69a422c
Image 1 (fdt-1)
Description: Flattened Device Tree blob
Type: Flat Device Tree
@ -364,8 +364,8 @@ inspected and booted:
Architecture: PowerPC
Hash algo: crc32
Hash value: 0d655d71
Hash algo: sha1
Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def
Hash algo: sha256
Hash value: e9b9a40c5e2e12213ac819e7ccad7271ef43eb5edf9b421f0fa0b4b51bfdb214
Default Configuration: 'conf-1'
Configuration 0 (conf-1)
Description: Boot Linux kernel with FDT blob
@ -387,7 +387,7 @@ inspected and booted:
Hash algo: crc32
Hash value: 2c0cc807
Hash algo: sha1
Hash value: 264b59935470e42c418744f83935d44cdf59a3bb
Hash value: a3e9e18b793873827d27c97edfbca67c404a1972d9f36cf48e73ff85d69a422c
Verifying Hash Integrity ... crc32+ sha1+ OK
Uncompressing Kernel Image ... OK
## Flattened Device Tree from FIT Image at 00900000
@ -402,7 +402,7 @@ inspected and booted:
Hash algo: crc32
Hash value: 0d655d71
Hash algo: sha1
Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def
Hash value: e9b9a40c5e2e12213ac819e7ccad7271ef43eb5edf9b421f0fa0b4b51bfdb214
Verifying Hash Integrity ... crc32+ sha1+ OK
Booting using the fdt blob at 0xa0abdc
Loading Device Tree to 007fc000, end 007fffff ... OK

6
doc/usage/fit/kernel.rst
View file

@ -25,7 +25,7 @@ Single kernel
algo = "crc32";
};
hash-2 {
algo = "sha1";
algo = "sha256";
};
};
};
@ -59,7 +59,7 @@ For x86 a setup node is also required: see x86-fit-boot::
load = <0x01000000>;
entry = <0x00000000>;
hash-2 {
algo = "sha1";
algo = "sha256";
};
};
@ -73,7 +73,7 @@ For x86 a setup node is also required: see x86-fit-boot::
load = <0x00090000>;
entry = <0x00090000>;
hash-2 {
algo = "sha1";
algo = "sha256";
};
};
};

4
doc/usage/fit/kernel_fdt.rst
View file

@ -25,7 +25,7 @@ Single kernel and FDT blob
algo = "crc32";
};
hash-2 {
algo = "sha1";
algo = "sha256";
};
};
fdt-1 {
@ -38,7 +38,7 @@ Single kernel and FDT blob
algo = "crc32";
};
hash-2 {
algo = "sha1";
algo = "sha256";
};
};
};

6
doc/usage/fit/kernel_fdts_compressed.rst
View file

@ -28,7 +28,7 @@ string to match directly.
algo = "crc32";
};
hash-2 {
algo = "sha1";
algo = "sha256";
};
};
fdt@1 {
@ -41,7 +41,7 @@ string to match directly.
algo = "crc32";
};
hash-2 {
algo = "sha1";
algo = "sha256";
};
};
fdt@2 {
@ -54,7 +54,7 @@ string to match directly.
algo = "crc32";
};
hash-2 {
algo = "sha1";
algo = "sha256";
};
};
};

6
doc/usage/fit/multi-with-fpga.rst
View file

@ -20,7 +20,7 @@ This example makes use of the 'loadables' field::
compression = "none";
load = <0x10000000>;
hash-1 {
algo = "md5";
algo = "sha256";
};
};
@ -33,7 +33,7 @@ This example makes use of the 'loadables' field::
load = <0x30000000>;
compatible = "u-boot,fpga-legacy"
hash-1 {
algo = "md5";
algo = "sha256";
};
};
@ -47,7 +47,7 @@ This example makes use of the 'loadables' field::
load = <0x8000>;
entry = <0x8000>;
hash-1 {
algo = "md5";
algo = "sha256";
};
};
};

8
doc/usage/fit/multi-with-loadables.rst
View file

@ -22,7 +22,7 @@ This example makes use of the 'loadables' field::
load = <0xa0000000>;
entry = <0xa0000000>;
hash-1 {
algo = "md5";
algo = "sha256";
};
};
@ -34,7 +34,7 @@ This example makes use of the 'loadables' field::
compression = "none";
load = <0xb0000000>;
hash-1 {
algo = "md5";
algo = "sha256";
};
};
@ -46,7 +46,7 @@ This example makes use of the 'loadables' field::
compression = "none";
load = <0xb0400000>;
hash-1 {
algo = "md5";
algo = "sha256";
};
};
@ -60,7 +60,7 @@ This example makes use of the 'loadables' field::
load = <0xa0000000>;
entry = <0xa0000000>;
hash-1 {
algo = "md5";
algo = "sha256";
};
};
};

12
doc/usage/fit/multi.rst
View file

@ -22,10 +22,10 @@ Multiple kernels, ramdisks and FDT blobs
load = <00000000>;
entry = <00000000>;
hash-1 {
algo = "md5";
algo = "sha256";
};
hash-2 {
algo = "sha1";
algo = "sha512";
};
};
@ -39,7 +39,7 @@ Multiple kernels, ramdisks and FDT blobs
load = <00000000>;
entry = <00000000>;
hash-1 {
algo = "sha1";
algo = "sha256";
};
};
@ -53,7 +53,7 @@ Multiple kernels, ramdisks and FDT blobs
load = <00000000>;
entry = <00000000>;
hash-1 {
algo = "md5";
algo = "sha256";
};
};
@ -67,7 +67,7 @@ Multiple kernels, ramdisks and FDT blobs
load = <00000000>;
entry = <00000000>;
hash-1 {
algo = "sha1";
algo = "sha256";
};
};
@ -104,7 +104,7 @@ Multiple kernels, ramdisks and FDT blobs
compression = "none";
load = <00700000>;
hash-1 {
algo = "sha1";
algo = "sha256";
};
};

6
doc/usage/fit/sign-configs.rst
View file

@ -22,7 +22,7 @@ Signed configurations
entry = <0x8>;
kernel-version = <1>;
hash-1 {
algo = "sha1";
algo = "sha256";
};
};
fdt-1 {
@ -33,7 +33,7 @@ Signed configurations
compression = "none";
fdt-version = <1>;
hash-1 {
algo = "sha1";
algo = "sha256";
};
};
};
@ -43,7 +43,7 @@ Signed configurations
kernel = "kernel";
fdt = "fdt-1";
signature {
algo = "sha1,rsa2048";
algo = "sha256,rsa2048";
key-name-hint = "dev";
sign-images = "fdt", "kernel";
};

4
doc/usage/fit/sign-images.rst
View file

@ -22,7 +22,7 @@ Signed Images
entry = <0x8>;
kernel-version = <1>;
signature {
algo = "sha1,rsa2048";
algo = "sha256,rsa2048";
key-name-hint = "dev";
};
};
@ -34,7 +34,7 @@ Signed Images
compression = "none";
fdt-version = <1>;
signature {
algo = "sha1,rsa2048";
algo = "sha256,rsa2048";
key-name-hint = "dev";
};
};

22
doc/usage/fit/signature.rst
View file

@ -93,7 +93,7 @@ Public keys should be stored as sub-nodes in a /signature node. Required
properties are:
algo
Algorithm name (e.g. "sha1,rsa2048" or "sha256,ecdsa256")
Algorithm name (e.g. "sha256,rsa2048" or "sha512,ecdsa256")
Optional properties are:
@ -219,28 +219,28 @@ As an example, consider this FIT::
kernel-1 {
data = <data for kernel1>
signature-1 {
algo = "sha1,rsa2048";
algo = "sha256,rsa2048";
value = <...kernel signature 1...>
};
};
kernel-2 {
data = <data for kernel2>
signature-1 {
algo = "sha1,rsa2048";
algo = "sha256,rsa2048";
value = <...kernel signature 2...>
};
};
fdt-1 {
data = <data for fdt1>;
signature-1 {
algo = "sha1,rsa2048";
algo = "sha256,rsa2048";
value = <...fdt signature 1...>
};
};
fdt-2 {
data = <data for fdt2>;
signature-1 {
algo = "sha1,rsa2048";
algo = "sha256,rsa2048";
value = <...fdt signature 2...>
};
};
@ -291,28 +291,28 @@ So the above example is adjusted to look like this::
kernel-1 {
data = <data for kernel1>
hash-1 {
algo = "sha1";
algo = "sha256";
value = <...kernel hash 1...>
};
};
kernel-2 {
data = <data for kernel2>
hash-1 {
algo = "sha1";
algo = "sha256";
value = <...kernel hash 2...>
};
};
fdt-1 {
data = <data for fdt1>;
hash-1 {
algo = "sha1";
algo = "sha256";
value = <...fdt hash 1...>
};
};
fdt-2 {
data = <data for fdt2>;
hash-1 {
algo = "sha1";
algo = "sha256";
value = <...fdt hash 2...>
};
};
@ -323,7 +323,7 @@ So the above example is adjusted to look like this::
kernel = "kernel-1";
fdt = "fdt-1";
signature-1 {
algo = "sha1,rsa2048";
algo = "sha256,rsa2048";
value = <...conf 1 signature...>;
};
};
@ -331,7 +331,7 @@ So the above example is adjusted to look like this::
kernel = "kernel-2";
fdt = "fdt-2";
signature-1 {
algo = "sha1,rsa2048";
algo = "sha256,rsa2048";
value = <...conf 1 signature...>;
};
};

6
doc/usage/fit/update3.rst
View file

@ -19,7 +19,7 @@ Automatic software update: multiple files
type = "firmware";
load = <FF700000>;
hash-1 {
algo = "sha1";
algo = "sha256";
};
};
update-2 {
@ -29,7 +29,7 @@ Automatic software update: multiple files
type = "firmware";
load = <FF8E0000>;
hash-1 {
algo = "sha1";
algo = "sha256";
};
};
@ -40,7 +40,7 @@ Automatic software update: multiple files
type = "firmware";
load = <FFAC0000>;
hash-1 {
algo = "sha1";
algo = "sha256";
};
};
};

2
doc/usage/fit/update_uboot.rst
View file

@ -21,7 +21,7 @@ Make sure the flashing addresses ('load' prop) is correct for your board!
type = "firmware";
load = <0xFFFC0000>;
hash-1 {
algo = "sha1";
algo = "sha256";
};
};
};

8
doc/usage/fit/x86-fit-boot.rst
View file

@ -207,16 +207,16 @@ You can take a look at the resulting fit file if you like::
OS: Linux
Load Address: 0x01000000
Entry Point: 0x00000000
Hash algo: sha1
Hash value: 446b5163ebfe0fb6ee20cbb7a8501b263cd92392
Hash algo: sha256
Hash value: 4bbf49981ade163ed089f8525236fedfe44508e9b02a21a48294a96a1518107b
Image 1 (setup)
Description: Linux setup.bin
Created: Tue Oct 7 10:57:24 2014
Type: x86 setup.bin
Compression: uncompressed
Data Size: 12912 Bytes = 12.61 kB = 0.01 MB
Hash algo: sha1
Hash value: a1f2099cf47ff9816236cd534c77af86e713faad
Hash algo: sha256
Hash value: 6aa50c2e0392cb119cdf0971dce8339f100608ed3757c8200b0e39e889e432d2
Default Configuration: 'config-1'
Configuration 0 (config-1)
Description: Boot Linux kernel