Commit graph

75 commits

Author SHA1 Message Date
Michael van der Westhuizen
e0f2f15534 Implement generalised RSA public exponents for verified boot
Remove the verified boot limitation that only allows a single
RSA public exponent of 65537 (F4).  This change allows use with
existing PKI infrastructure and has been tested with HSM-based
PKI.

Change the configuration OF tree format to store the RSA public
exponent as a 64 bit integer and implement backward compatibility
for verified boot configuration trees without this extra field.

Parameterise vboot_test.sh to test different public exponents.

Mathematics and other hard work by Andrew Bott.

Tested with the following public exponents: 3, 5, 17, 257, 39981,
50457, 65537 and 4294967297.

Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com>
Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com>
Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com>
Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Cc: Simon Glass <sjg@chromium.org>
2014-08-09 11:17:01 -04:00
Simon Glass
c7320ed52f Add documentation for verified boot on Beaglebone Black
As an example of an end-to-end process for using verified boot in U-Boot,
add a detailed description of the steps to be used for a Beaglebone
Black.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-19 11:19:03 -04:00
Simon Glass
ce1400f694 Enhance fit_check_sign to check all images
At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)
2014-06-19 11:19:02 -04:00
Heiko Schocher
21d29f7f9f bootm: make use of legacy image format configurable
make the use of legacy image format configurable through
the config define CONFIG_IMAGE_FORMAT_LEGACY.

When relying on signed FIT images with required signature check
the legacy image format should be disabled. Therefore introduce
this new define and enable legacy image format if CONFIG_FIT_SIGNATURE
is not set. If CONFIG_FIT_SIGNATURE is set disable per default
the legacy image format.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Lars Steubesand <lars.steubesand@philips.com>
Cc: Mike Pearce <mike@kaew.be>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Tom Rini <trini@ti.com>
Cc: Michal Simek <monstr@monstr.eu>
Acked-by: Simon Glass <sjg@chromium.org>
2014-06-05 14:44:56 -04:00
Jon Loeliger
5f65826b1b FDT: Fix DTC repository references
The Device Tree Compiler (DTC) used to have its master
repository located on jdl.com.  While it is still there,
its official, new, shiny location is on kernel.org here:

    git://git.kernel.org/pub/scm/utils/dtc/dtc.git

Update a few references to point there instead.

Signed-off-by: Jon Loeliger <jdl@jdl.com>
Acked-by: Simon Glass <sjg@chromium.org>
2014-06-05 14:44:56 -04:00
Heiko Schocher
29a23f9d6c tools, fit_check_sign: verify a signed fit image
add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
2014-03-21 16:40:38 -04:00
Heiko Schocher
646257d1f4 rsa: add sha256-rsa2048 algorithm
based on patch from andreas@oetken.name:

http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.

aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: andreas@oetken.name
Cc: Simon Glass <sjg@chromium.org>
2014-03-21 16:39:34 -04:00
Masahiro Yamada
09b72d692f cosmetic: uImage.FIT: fix documents
- Fix the path to source_file_format.txt
  - Fix a minor typo
  - Fix the type for FIT blob: it must be "flat_dt"

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
2014-01-17 08:04:32 -05:00
Masahiro Yamada
61ffc17aeb cosmetic: doc: uImage.FIT: fix typos
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Simon Glass <sjg@chromium.org>
2013-09-20 10:30:53 -04:00
Simon Glass
041bca5ba3 Add verified boot information and test
Add a description of how to implement verified boot using signed FIT images,
and a simple test which verifies operation on sandbox.

The test signs a FIT image and verifies it, then signs a FIT configuration
and verifies it. Then it corrupts the signature to check that this is
detected.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:57 -04:00
Simon Glass
4d0985295b image: Add support for signing of FIT configurations
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).

Add support for signing of FIT configurations using the libfdt's region
support.

Please see doc/uImage.FIT/signature.txt for more information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
56518e7104 image: Support signing of images
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
3e569a6b1e image: Add signing infrastructure
Add a structure to describe an algorithm which can sign and (later) verify
images.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Heiko Schocher
48690d8024 net ppc: fix ethernet device names with spaces
since commit 1384f3bb8a ethernet names
with spaces drop a

Warning: eth device name has a space!

message. This patch fix it for:

- "FEC ETHERNET" devices found on
  mpc512x, mpc5xxx, mpc8xx and mpc8220 boards.
  renamed to "FEC".
- "SCC ETHERNET" devices found on
  mpc8xx, mpc82xx based boards. Renamed to "SCC".
- "HDLC ETHERNET" devices found on mpc8xx boards
  Renamed to "HDLC"
- "FCC ETHERNET" devices found on mpc8260 and mpc85xx based
  boards. Renamed to "FCC"

Tested on the kup4k board.

Signed-off-by: Heiko Schocher <hs@denx.de>
Signed-off-by: Ben Warren <biggerbadderben@gmail.com>
2010-08-09 11:52:28 -07:00
Thomas Chou
1117cbf2ad nios: remove nios-32 arch
The nios-32 arch is obsolete and broken. So it is removed.

Signed-off-by: Thomas Chou <thomas@wytron.com.tw>
2010-05-28 10:56:04 -04:00
Felix Radensky
d5a64237d5 doc: Fix ramdisk examples in doc/uImage.FIT/multi.its
The ramdisk sections in doc/uImage.FIT/multi.its lack
load address and entry point properties. Using examples
from this file will result in unbootable image, u-boot
will issue the following error messages:

Can't get ramdisk subimage load address!
Ramdisk image is corrupt or invalid

This patch adds missing properties to ramdisk sections.

Signed-off-by: Felix Radensky <felix@embedded-sol.com>
2010-03-31 15:13:31 +02:00
Ira W. Snyder
824d82997f Fix example FIT image source files
The example FIT image source files do not compile with the latest dtc and
mkimage. The following error message is produced:

DTC: dts->dtb  on file "kernel.its"
Error: kernel.its 7:0 - 1:0 syntax error
FATAL ERROR: Unable to parse input tree
./mkimage: Can't read kernel.itb.tmp: Invalid argument

The FIT image source files are missing the "/dts-v1/;" directive at the
beginning of the file. Add the directive to the examples.

Signed-off-by: Ira W. Snyder <iws@ovro.caltech.edu>
2009-11-24 23:44:16 +01:00
Jean-Christophe PLAGNIOL-VILLARD
6d0f6bcf33 rename CFG_ macros to CONFIG_SYS
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
2008-10-18 21:54:03 +02:00
Bartlomiej Sieka
4bae90904b Automatic software update from TFTP server
The auto-update feature allows to automatically download software updates
from a TFTP server and store them in Flash memory during boot. Updates are
contained in a FIT file and protected with SHA-1 checksum.

More detailed description can be found in doc/README.update.

Signed-off-by: Rafal Czubak <rcz@semihalf.com>
Signed-off-by: Bartlomiej Sieka <tur@semihalf.com>
2008-10-18 21:54:00 +02:00
Jean-Christophe PLAGNIOL-VILLARD
747f316cca update uImage FIT multi documentation
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
2008-10-08 18:59:05 +02:00
Peter Tyser
f5ed9e3908 Add support for booting of INTEGRITY operating system uImages
Signed-off-by: Peter Tyser <ptyser@xes-inc.com>
2008-09-09 15:54:10 +02:00
Kumar Gala
9ba2e2c819 Remove support for booting ARTOS images
Pantelis Antoniou stated:
	AFAIK, it is still used but the products using PPC are long gone.
	Nuke it plz (from orbit).

So remove it since it cleans up a usage of env_get_char outside of
the environment code.

Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
2008-09-09 15:52:35 +02:00
Wolfgang Denk
438a4c1126 Cleanup coding style, update CHANGELOG
Signed-off-by: Wolfgang Denk <wd@denx.de>
2008-03-26 11:48:46 +01:00
Bartlomiej Sieka
43142e817f [new uImage] Fix *.its files location in documentation
Signed-off-by: Bartlomiej Sieka <tur@semihalf.com>
2008-03-20 23:10:19 +01:00
Marian Balakowicz
3310c549a7 [new uImage] Add new uImage format documentation and examples
Create doc/uImage.FIT documentation directory with the following files:
- command_syntax_extensions.txt : extended command syntax description
- howto.txt                     : short usage howto
- source_file_format.txt        : internal new uImage format description

Add example image source files:
- kernel.its
- kernel_fdt.its
- multi.its

Update README appropriately.

Signed-off-by: Marian Balakowicz <m8@semihalf.com>
Signed-off-by: Bartlomiej Sieka <tur@semihalf.com>
2008-03-12 12:13:13 +01:00