Commit graph

8 commits

Author SHA1 Message Date
Teddy Reed
51c14cd128 verified-boot: Minimal support for booting U-Boot proper from SPL
This allows a board to configure verified boot within the SPL using
a FIT or FIT with external data. It also allows the SPL to perform
signature verification without needing relocation.

The board configuration will need to add the following feature defines:
CONFIG_SPL_CRYPTO_SUPPORT
CONFIG_SPL_HASH_SUPPORT
CONFIG_SPL_SHA256

In this example, SHA256 is the only selected hashing algorithm.

And the following booleans:
CONFIG_SPL=y
CONFIG_SPL_DM=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_SPL_OF_LIBFDT=y
CONFIG_SPL_FIT_SIGNATURE=y

Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Acked-by: Simon Glass <sjg@chromium.org>
Acked-by: Andreas Dannenberg <dannenberg@ti.com>
Acked-by: Sumit Garg <sumit.garg@nxp.com>
2016-06-12 13:14:58 -04:00
gaurav rana
ccf288612f rsa : Compile Modular Exponentiation files based on CONFIG_RSA_SOFTWARE_EXP
Remove dependency of rsa_mod_exp from CONFIG_FIT_SIGNATURE.
As rsa modular exponentiation is an independent module
and can be invoked independently.

Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
Acked-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-03-05 12:04:59 -08:00
Ruchika Gupta
fc2f4246b4 rsa: Split the rsa-verify to separate the modular exponentiation
Public exponentiation which is required in rsa verify functionality is
tightly integrated with verification code in rsa_verify.c. The patch
splits the file into twp separating the modular exponentiation.

1. rsa-verify.c
- The file parses device tree keys node to fill a keyprop structure.
The keyprop structure can then be converted to implementation specific
format.
(struct rsa_pub_key for sw implementation)
- The parsed device tree node is then passed to a generic rsa_mod_exp
function.

2. rsa-mod-exp.c
Move the software specific functions related to modular exponentiation
from rsa-verify.c to this file.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
2015-01-29 17:09:58 -07:00
Heiko Schocher
646257d1f4 rsa: add sha256-rsa2048 algorithm
based on patch from andreas@oetken.name:

http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.

aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: andreas@oetken.name
Cc: Simon Glass <sjg@chromium.org>
2014-03-21 16:39:34 -04:00
Masahiro Yamada
164922bd7c lib: descend into sub directories only when it is necessary
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
2013-11-17 14:11:30 -05:00
Masahiro Yamada
0a1a157558 lib: convert makefiles to Kbuild style
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
2013-10-31 13:26:44 -04:00
Wolfgang Denk
1a4596601f Add GPL-2.0+ SPDX-License-Identifier to source files
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
2013-07-24 09:44:38 -04:00
Simon Glass
19c402afa2 image: Add RSA support for image signing
RSA provides a public key encryption facility which is ideal for image
signing and verification.

Images are signed using a private key by mkimage. Then at run-time, the
images are verified using a private key.

This implementation uses openssl for the host part (mkimage). To avoid
bringing large libraries into the U-Boot binary, the RSA public key
is encoded using a simple numeric representation in the device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00