Remove the verified boot limitation that only allows a single
RSA public exponent of 65537 (F4). This change allows use with
existing PKI infrastructure and has been tested with HSM-based
PKI.
Change the configuration OF tree format to store the RSA public
exponent as a 64 bit integer and implement backward compatibility
for verified boot configuration trees without this extra field.
Parameterise vboot_test.sh to test different public exponents.
Mathematics and other hard work by Andrew Bott.
Tested with the following public exponents: 3, 5, 17, 257, 39981,
50457, 65537 and 4294967297.
Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com>
Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com>
Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com>
Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Cc: Simon Glass <sjg@chromium.org>
As an example of an end-to-end process for using verified boot in U-Boot,
add a detailed description of the steps to be used for a Beaglebone
Black.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)
make the use of legacy image format configurable through
the config define CONFIG_IMAGE_FORMAT_LEGACY.
When relying on signed FIT images with required signature check
the legacy image format should be disabled. Therefore introduce
this new define and enable legacy image format if CONFIG_FIT_SIGNATURE
is not set. If CONFIG_FIT_SIGNATURE is set disable per default
the legacy image format.
Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Lars Steubesand <lars.steubesand@philips.com>
Cc: Mike Pearce <mike@kaew.be>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Tom Rini <trini@ti.com>
Cc: Michal Simek <monstr@monstr.eu>
Acked-by: Simon Glass <sjg@chromium.org>
The Device Tree Compiler (DTC) used to have its master
repository located on jdl.com. While it is still there,
its official, new, shiny location is on kernel.org here:
git://git.kernel.org/pub/scm/utils/dtc/dtc.git
Update a few references to point there instead.
Signed-off-by: Jon Loeliger <jdl@jdl.com>
Acked-by: Simon Glass <sjg@chromium.org>
add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.
Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
based on patch from andreas@oetken.name:
http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.
aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head
Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: andreas@oetken.name
Cc: Simon Glass <sjg@chromium.org>
- Fix the path to source_file_format.txt
- Fix a minor typo
- Fix the type for FIT blob: it must be "flat_dt"
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Add a description of how to implement verified boot using signed FIT images,
and a simple test which verifies operation on sandbox.
The test signs a FIT image and verifies it, then signs a FIT configuration
and verifies it. Then it corrupts the signature to check that this is
detected.
Signed-off-by: Simon Glass <sjg@chromium.org>
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).
Add support for signing of FIT configurations using the libfdt's region
support.
Please see doc/uImage.FIT/signature.txt for more information.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.
Signed-off-by: Simon Glass <sjg@chromium.org>
since commit 1384f3bb8a ethernet names
with spaces drop a
Warning: eth device name has a space!
message. This patch fix it for:
- "FEC ETHERNET" devices found on
mpc512x, mpc5xxx, mpc8xx and mpc8220 boards.
renamed to "FEC".
- "SCC ETHERNET" devices found on
mpc8xx, mpc82xx based boards. Renamed to "SCC".
- "HDLC ETHERNET" devices found on mpc8xx boards
Renamed to "HDLC"
- "FCC ETHERNET" devices found on mpc8260 and mpc85xx based
boards. Renamed to "FCC"
Tested on the kup4k board.
Signed-off-by: Heiko Schocher <hs@denx.de>
Signed-off-by: Ben Warren <biggerbadderben@gmail.com>
The ramdisk sections in doc/uImage.FIT/multi.its lack
load address and entry point properties. Using examples
from this file will result in unbootable image, u-boot
will issue the following error messages:
Can't get ramdisk subimage load address!
Ramdisk image is corrupt or invalid
This patch adds missing properties to ramdisk sections.
Signed-off-by: Felix Radensky <felix@embedded-sol.com>
The example FIT image source files do not compile with the latest dtc and
mkimage. The following error message is produced:
DTC: dts->dtb on file "kernel.its"
Error: kernel.its 7:0 - 1:0 syntax error
FATAL ERROR: Unable to parse input tree
./mkimage: Can't read kernel.itb.tmp: Invalid argument
The FIT image source files are missing the "/dts-v1/;" directive at the
beginning of the file. Add the directive to the examples.
Signed-off-by: Ira W. Snyder <iws@ovro.caltech.edu>
The auto-update feature allows to automatically download software updates
from a TFTP server and store them in Flash memory during boot. Updates are
contained in a FIT file and protected with SHA-1 checksum.
More detailed description can be found in doc/README.update.
Signed-off-by: Rafal Czubak <rcz@semihalf.com>
Signed-off-by: Bartlomiej Sieka <tur@semihalf.com>
Pantelis Antoniou stated:
AFAIK, it is still used but the products using PPC are long gone.
Nuke it plz (from orbit).
So remove it since it cleans up a usage of env_get_char outside of
the environment code.
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>