Commit graph

31 commits

Author SHA1 Message Date
Siva Durga Prasad Paladugu
37e3a36a54 xilinx: zynq: Add support to secure images
This patch basically adds two new commands for loadig secure
images.
1. zynq rsa adds support to load secure image which can be both
   authenticated or encrypted or both authenticated and encrypted
   image in xilinx bootimage(BOOT.bin) format.
2. zynq aes command adds support to decrypt and load encrypted
   image back to DDR as per destination address. The image has
   to be encrypted using xilinx bootgen tool and to get only the
   encrypted image from tool use -split option while invoking
   bootgen.

Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2018-07-19 10:49:54 +02:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Marek Behún
59981e6a3d include: Add a variadic macro to call a callback for all arguments
Add a header variadic-macro.h which defines the CALL_MACRO_FOR_EACH marco.

This macro can be used as follows:
  #define TEST(x)
  CALL_MACRO_FOR_EACH(TEST, a, b, c, d)

This will expand to
  TEST(a) TEST(b) TEST(c) TEST(d)

The nice thing is that CALL_MACRO_FOR_EACH is a variadic macro, thus the
number of arguments can vary (although it has an upper limit - in this
implementation 32 arguments).

Signed-off-by: Marek Behun <marek.behun@nic.cz>

 create mode 100644 include/u-boot/variadic-macro.h
2017-10-02 21:52:16 -04:00
Marek Behún
85d8bf5713 lib: Add CRC32-C
This is needed for BTRFS.

Signed-off-by: Marek Behun <marek.behun@nic.cz>

 create mode 100644 lib/crc32c.c
2017-10-02 20:31:25 -04:00
oliver@schinagl.nl
1d3c539239 tools: Allow crc8 to be used
This patch enables crc8 to be used from within the tools directory using
u-boot/crc.h.

Signed-off-by: Olliver Schinagl <o.schinagl@ultimaker.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2017-02-07 10:54:32 -06:00
Andrew Duda
da29f2991d rsa: Verify RSA padding programatically
Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SHA/RSA pairings. The padding can be easily computed
according to PKCS#1v2.1 as:

  EM = 0x00 || 0x01 || PS || 0x00 || T

where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding
of the hash.

Store DER prefix in checksum_algo and create rsa_verify_padding
function to handle verification of a message for any SHA/RSA pairing.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-21 14:07:30 -05:00
Simon Glass
73223f0e1b Kconfig: Move CONFIG_FIT and related options to Kconfig
There are already two FIT options in Kconfig but the CONFIG options are
still in the header files. We need to do a proper move to fix this.

Move these options to Kconfig and tidy up board configuration:

   CONFIG_FIT
   CONFIG_OF_BOARD_SETUP
   CONFIG_OF_SYSTEM_SETUP
   CONFIG_FIT_SIGNATURE
   CONFIG_FIT_BEST_MATCH
   CONFIG_FIT_VERBOSE
   CONFIG_OF_STDOUT_VIA_ALIAS
   CONFIG_RSA

Unfortunately the first one is a little complicated. We need to make sure
this option is not enabled in SPL by this change. Also this option is
enabled automatically in the host builds by defining CONFIG_FIT in the
image.h file. To solve this, add a new IMAGE_USE_FIT #define which can
be used in files that are built on the host but must also build for U-Boot
and SPL.

Note: Masahiro's moveconfig.py script is amazing.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Add microblaze change, various configs/ re-applies]
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-03-14 19:18:07 -04:00
Tom Rini
5b8031ccb4 Add more SPDX-License-Identifier tags
In a number of places we had wordings of the GPL (or LGPL in a few
cases) license text that were split in such a way that it wasn't caught
previously.  Convert all of these to the correct SPDX-License-Identifier
tag.

Signed-off-by: Tom Rini <trini@konsulko.com>
2016-01-19 08:31:21 -05:00
Ruchika Gupta
057c220055 Correct License and Copyright information on few files
gpio.h - Added missing copyright in few files.
rsa-mod-exp.h - Corrected copyright in the file.
fsl_sec.h - Added missing license in files
drivers/crypto/fsl/Makefile - Removed the incomplete GPLv2 license and replaced it with GPLv2+ license

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
2015-08-12 20:47:46 -04:00
Ruchika Gupta
b37b46f042 rsa: Use checksum algorithms from struct hash_algo
Currently the hash functions used in RSA are called directly from the sha1
and sha256 libraries. Change the RSA checksum library to use the progressive
hash API's registered with struct hash_algo. This will allow the checksum
library to use the hardware accelerated progressive hash API's once available.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
(Fixed build error in am335x_boneblack_vboot due to duplicate CONFIG_DM)

Change-Id: Ic44279432f88d4e8594c6e94feb1cfcae2443a54
2015-01-29 17:09:59 -07:00
Ruchika Gupta
31d2b4fd90 DM: crypto/rsa_mod_exp: Add rsa Modular Exponentiation DM driver
Add a new rsa uclass for performing modular exponentiation and implement
the software driver basing on this uclass.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
2015-01-29 17:09:58 -07:00
Ruchika Gupta
fc2f4246b4 rsa: Split the rsa-verify to separate the modular exponentiation
Public exponentiation which is required in rsa verify functionality is
tightly integrated with verification code in rsa_verify.c. The patch
splits the file into twp separating the modular exponentiation.

1. rsa-verify.c
- The file parses device tree keys node to fill a keyprop structure.
The keyprop structure can then be converted to implementation specific
format.
(struct rsa_pub_key for sw implementation)
- The parsed device tree node is then passed to a generic rsa_mod_exp
function.

2. rsa-mod-exp.c
Move the software specific functions related to modular exponentiation
from rsa-verify.c to this file.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
2015-01-29 17:09:58 -07:00
Michael van der Westhuizen
e0f2f15534 Implement generalised RSA public exponents for verified boot
Remove the verified boot limitation that only allows a single
RSA public exponent of 65537 (F4).  This change allows use with
existing PKI infrastructure and has been tested with HSM-based
PKI.

Change the configuration OF tree format to store the RSA public
exponent as a 64 bit integer and implement backward compatibility
for verified boot configuration trees without this extra field.

Parameterise vboot_test.sh to test different public exponents.

Mathematics and other hard work by Andrew Bott.

Tested with the following public exponents: 3, 5, 17, 257, 39981,
50457, 65537 and 4294967297.

Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com>
Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com>
Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com>
Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Cc: Simon Glass <sjg@chromium.org>
2014-08-09 11:17:01 -04:00
Jeroen Hofstee
2b9912e6a7 includes: move openssl headers to include/u-boot
commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
2014-06-19 11:19:04 -04:00
Wolfgang Denk
1a4596601f Add GPL-2.0+ SPDX-License-Identifier to source files
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
2013-07-24 09:44:38 -04:00
Simon Glass
d20a40de9d Roll crc32 into hash infrastructure
Add the CRC32 algorithm to the list of available hashes, and make
the crc32 command use hash_command(). Add a new crc32_wd_buf() to
make this possible, which puts its result in a buffer rather than
returning it as a 32-bit value.

Note: For some boards the hash command is not enabled, neither
are sha1, sha256 or the verify option. In this case the full
hash implementation adds about 500 bytes of overhead. So as a
special case, we use #ifdef to select very simple bahaviour in
that case. The justification for this is that it is currently
a very common case (virtually all boards enable crc32 but only
some enable more advanced features).

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-02-28 19:09:23 -08:00
Kim Phillips
ee820b5e5b lib/zlib: sparse fixes
define Z_NULL to (void *)0 include/u-boot/zlib.h to get rid of most of
the NULL pointer warnings.

inflate.c:942:1: warning: non-ANSI definition of function 'inflateEnd'
inflate.c:9:1: warning: non-ANSI definition of function 'inflateReset'
inflate.c:12:17: warning: Using plain integer as NULL pointer
inflate.c:12:42: warning: Using plain integer as NULL pointer
inflate.c:15:17: warning: Using plain integer as NULL pointer
inflate.c:21:19: warning: Using plain integer as NULL pointer
inflate.c:35:1: warning: non-ANSI definition of function 'inflateInit2_'
inflate.c:38:20: warning: Using plain integer as NULL pointer
inflate.c:41:17: warning: Using plain integer as NULL pointer
inflate.c:42:17: warning: Using plain integer as NULL pointer
inflate.c:50:18: warning: Using plain integer as NULL pointer
inflate.c:65:23: warning: Using plain integer as NULL pointer
inflate.c:69:21: warning: Using plain integer as NULL pointer
inflate.c:78:1: warning: non-ANSI definition of function 'inflateInit_'
inflate.c:86:1: warning: non-ANSI definition of function 'fixedtables'
inflate.c:108:26: warning: Using plain integer as NULL pointer
inflate.c:109:1: warning: non-ANSI definition of function 'updatewindow'
inflate.c:112:30: warning: Using plain integer as NULL pointer
inflate.c:339:1: warning: non-ANSI definition of function 'inflate'
inflate.c:349:17: warning: Using plain integer as NULL pointer
inflate.c:349:42: warning: Using plain integer as NULL pointer
inflate.c:350:27: warning: Using plain integer as NULL pointer
inflate.c:369:42: warning: Using plain integer as NULL pointer
inflate.c:376:32: warning: Using plain integer as NULL pointer
inflate.c:401:54: warning: Using plain integer as NULL pointer
inflate.c:419:32: warning: Using plain integer as NULL pointer
inflate.c:426:32: warning: Using plain integer as NULL pointer
inflate.c:433:32: warning: Using plain integer as NULL pointer
inflate.c:444:36: warning: Using plain integer as NULL pointer
inflate.c:449:37: warning: Using plain integer as NULL pointer
inflate.c:450:38: warning: Using plain integer as NULL pointer
inflate.c:457:40: warning: Using plain integer as NULL pointer
inflate.c:458:47: warning: Using plain integer as NULL pointer
inflate.c:480:40: warning: Using plain integer as NULL pointer
inflate.c:481:50: warning: Using plain integer as NULL pointer
inflate.c:491:37: warning: Using plain integer as NULL pointer
inflate.c:492:37: warning: Using plain integer as NULL pointer
inflate.c:501:40: warning: Using plain integer as NULL pointer
inflate.c:502:53: warning: Using plain integer as NULL pointer
inflate.c:512:37: warning: Using plain integer as NULL pointer
inflate.c:513:40: warning: Using plain integer as NULL pointer
inflate.c:525:32: warning: Using plain integer as NULL pointer
inflate.c:529:52: warning: Using plain integer as NULL pointer
inflate.c:543:54: warning: Using plain integer as NULL pointer
inflate.c:932:17: warning: Using plain integer as NULL pointer
inflate.c:932:42: warning: Using plain integer as NULL pointer
inflate.c:935:26: warning: Using plain integer as NULL pointer
inflate.c:940:19: warning: Using plain integer as NULL pointer
adler32.c:58:5: warning: non-ANSI definition of function 'adler32'
adler32.c:81:16: warning: Using plain integer as NULL pointer
zutil.c:53:9: warning: non-ANSI definition of function 'zcalloc'
zutil.c:64:9: warning: non-ANSI definition of function 'zcfree'
inffast.c:70:1: warning: non-ANSI definition of function 'inflate_fast'
inftrees.c:33:1: warning: non-ANSI definition of function 'inflate_table'

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
2012-11-04 11:00:36 -07:00
Lei Wen
7a32b98dac lib: zlib: include deflate into zlib build
Add a new config CONFIG_GZIP_ENABLED, if enabled, the uboot bin would
include zlib's deflate method which could be used for compressing.

Signed-off-by: Lei Wen <leiwen@marvell.com>
2012-09-29 07:26:08 -07:00
Mike Frysinger
e3ed0575a7 gunzip: rename z{alloc, free} to gz{alloc, free}
This allows us to add a proper zalloc() func (one that does a zeroing
alloc), and removes duplicate prototypes.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2012-04-30 16:54:51 +02:00
Marek Vasut
b68d63ce4b GCC47: Fix warning in md5.c
md5.c: In function ‘MD5Final’:
md5.c:156:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
md5.c:157:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Wolfgang Denk <wd@denx.de>
Acked-by: Mike Frysinger <vapier@gentoo.org>
2012-04-29 14:14:08 +02:00
Peter Tyser
78acc472d9 Rename lib_generic/ to lib/
Now that the other architecture-specific lib directories have been
moved out of the top-level directory there's not much reason to have the
'_generic' suffix on the common lib directory.

Signed-off-by: Peter Tyser <ptyser@xes-inc.com>
2010-04-13 09:13:04 +02:00
Prafulla Wadaskar
449609f5b1 tools: mkimage: Fixed build warnings
uninitialized retval variable warning fixed
crc32 APIs moved to crc.h (newly added) and build warnings fixed

Signed-off-by: Prafulla Wadaskar <prafulla@marvell.com>
Signed-off-by: Wolfgang Denk <wd@denx.de>
2009-09-10 22:58:47 +02:00
Mike Frysinger
6ac9f47977 start a linker script helper file
Start a common header file for common linker script code (such as
workarounds for older linkers) rather than doing this in the build system.

As fallout, we no longer execute the linker every time config.mk is
included by a build file (which can easily be 70+ times), but rather only
execute it once.

This also fixes a bug in the major version checking by creating a macro to
easily compare versions and keep people from making the same common
mistake (forgetting to check major and minor together).

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2009-08-23 22:33:33 +02:00
Giuseppe CONDORELLI
dce3d79710 zlib: updated to v.1.2.3
This patch updates zlib to the latest stable version.
Only relevant zlib parts were ported to u-boot tree, as already did for the
current zlib (0.95). New zlib guarantees a faster inflate performances
other then others improvements as explained at www.zlib.net.
It also includes Alessandro Rubini's patches to allow 0 as destination pointer
and to call watchdog reset if required by architecture.

Signed-off-by: Giuseppe Condorelli <giuseppe.condorelli@st.com>
Reviewed-by: Angelo Castello <angelo.castello@st.com>
Reviewed-by: Alessandro Rubini <rubini-list@gnudd.com>
2009-08-11 22:14:29 +02:00
Wolfgang Denk
f33b325af6 Revert "zlib: updated to v.1.2.3"
This reverts commit b201171f2b.

The commit caused problems for example when unpacking kernel images:

	   Uncompressing Kernel Image ... Error: inflate() returned -2
	   GUNZIP: uncompress, out-of-mem or overwrite error - must
	   RESET board to recover

Conflicts:

	include/u-boot/zlib.h
	lib_generic/zlib.c

Signed-off-by: Wolfgang Denk <wd@denx.de>
2009-07-24 14:24:07 +02:00
Wolfgang Denk
28958b8bea Coding Style cleanup; update CHANGELOG.
Signed-off-by: Wolfgang Denk <wd@denx.de>
2009-07-23 22:23:23 +02:00
Giuseppe CONDORELLI
b201171f2b zlib: updated to v.1.2.3
This patch updates zlib to the latest stable version.

Only relevant zlib parts were ported to u-boot tree, as was done for
the previously used version of zlib (0.95). New zlib gives faster
inflate performance and other improvements, see www.zlib.net

Signed-off-by: Giuseppe Condorelli <giuseppe.condorelli@st.com>
Reviewed-by: Angelo Castello <angelo.castello@st.com>

Edited commit message

Signed-off-by: Wolfgang Denk <wd@denx.de>
2009-07-23 19:12:55 +02:00
Mike Frysinger
3756609076 compiler.h: unify system ifdef cruft here
Shove a lot of the HOSTCC and related #ifdef checking crap into the new
compiler.h header so that we can keep all other headers nice and clean.

Also introduce custom uswap functions so we don't have to rely on the non
standard implementations that a host may (or may not in the case of OS X)
provide.  This allows mkimage to finally build cleanly on an OS X system.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2009-07-19 21:41:46 +02:00
Jean-Christophe PLAGNIOL-VILLARD
a31e091ad7 rename include/zlib.h to include/u-boot/zlib.h
Some systems have zlib.h installed in /usr/include/. This isn't the
desired file for u-boot code - we want the one in include/zlib.h.
This rename will avoid the conflict.

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2009-04-04 15:37:54 +02:00
Bartlomiej Sieka
215b01bba8 Add support for calculating hashes with watchdog triggering
Implement watchodg-aware variants of hash calculation functions:
- crc32_wd()
- md5_wd()
- sha1_csum_wd()
The above functions calculate the hash of the input buffer in chunks,
triggering the watchdog after processing each chunk. The chunk size
is given as a function call parameter.

Signed-off-by: Bartlomiej Sieka <tur@semihalf.com>
2008-04-25 00:01:06 +02:00
Andy Fleming
20a14a42a2 Rename include/md5.h to include/u-boot/md5.h
Some systems have md5.h installed in /usr/include/. This isn't the
desired file (we want the one in include/md5.h). This will avoid the
conflict. This fixes the host tools building problem by creating a new
directory for U-Boot specific header files.

[Patch by Andy Fleming, modified to use separate directory by Wolfgang
Denk]

Signed-off-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Andy Fleming <afleming@freescale.com>
Acked-by: Timur Tabi <timur@freescale.com>
2008-04-13 17:02:51 -07:00