Commit graph

62 commits

Author SHA1 Message Date
Simon Glass
ce1400f694 Enhance fit_check_sign to check all images
At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)
2014-06-19 11:19:02 -04:00
Simon Glass
597a8b2c68 mkimage: Automatically expand FDT in more cases
The original code did not cover every case and there was a missing negative
sign in one case. Expand the coverage and fix the bug.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-19 11:18:56 -04:00
Simon Glass
a946811569 mkimage: Automatically make space in FDT when full
When adding hashes or signatures, the target FDT may be full. Detect this
and automatically try again after making 1KB of space.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-11 16:25:46 -04:00
Heiko Schocher
29a23f9d6c tools, fit_check_sign: verify a signed fit image
add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
2014-03-21 16:40:38 -04:00
Heiko Schocher
66b36f833a tools/image-host: fix sign-images bug
property "sign-images" is never found, fix this.

Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
2014-03-21 16:39:31 -04:00
Wolfgang Denk
1a4596601f Add GPL-2.0+ SPDX-License-Identifier to source files
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
2013-07-24 09:44:38 -04:00
Simon Glass
4d0985295b image: Add support for signing of FIT configurations
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).

Add support for signing of FIT configurations using the libfdt's region
support.

Please see doc/uImage.FIT/signature.txt for more information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
56518e7104 image: Support signing of images
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
bbb467dc3c image: Rename fit_add_hashes() to fit_add_verification_data()
We intend to add signatures to FITs also, so rename this function so that
it is not specific to hashing. Also rename fit_image_set_hashes() and
make it static since it is not used outside this file.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
b7260910dc image: Convert fit_image_hash_set_value() to static, and rename
This function doesn't need to be exported, and with verification
we want to use it for setting the 'value' property in any node,
so rename it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
94e5fa46a0 image: Split hash node processing into its own function
This function has become quite long and much of the body is indented quite
a bit. Move it into a separate function to make it easier to work with.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
604f23dde0 image: Move HOSTCC image code to tools/
This code is never compiled into U-Boot, so move it into a separate
file in tools/ to avoid the large #ifdef.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00