Change parameter type to avoid compilation error:
In file included from ./tools/../lib/rsa/rsa-verify.c:23:0,
from tools/lib/rsa/rsa-verify.c:1:
include/u-boot/rsa-mod-exp.h:69:18: error: unknown type name ‘u32’; did you mean ‘__u32’?
int zynq_pow_mod(u32 *keyptr, u32 *inout);
^~~
__u32
include/u-boot/rsa-mod-exp.h:69:31: error: unknown type name ‘u32’; did you mean ‘__u32’?
int zynq_pow_mod(u32 *keyptr, u32 *inout);
^~~
__u32
Fixes: 37e3a36a54 ("xilinx: zynq: Add support to secure images")
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Binaries may be encrypted in a FIT image with AES. This
algo needs a key and an IV (Initialization Vector). The
IV is provided in a file (pointer by iv-name-hint in the
ITS file) when building the ITB file.
This commits adds provide an alternative way to manage
the IV. If the property iv-name-hint is not provided in
the ITS file, the tool mkimage will generate an random
IV and store it in the FIT image.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Add zlib (v1.2.11) uncompr() function to U-Boot. SquashFS depends on
this function to decompress data from a raw disk image. The actual
support for zlib into SquashFS sources will be added in a follow-up
commit.
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
This function will be used to implement public_key_verify_signature()
in a later patch. rsa_verify() is not suitable here because calculation
of message digest is not necessary.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
rsa_verify() expects a memory region and wants to do the hashing itself,
but there may be cases where the hashing is done via other means,
like hashing a squashfs rootfs.
So add rsa_verify_hash() to allow verifiying a signature against
an existing hash. As this entails the same verification routines
we can just move the relevant code over from rsa_verify() and also
call rsa_verify_hash() from there.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].
This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX
The SHA implementation is adapted from the linux kernel implementation.
[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm
Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
In the current implementation of FIT_SIGNATURE, five parameters for
a RSA public key are required while only two of them are essential.
(See rsa-mod-exp.h and uImage.FIT/signature.txt)
This is a result of considering relatively limited computer power
and resources on embedded systems, while such a assumption may not
be quite practical for other use cases.
In this patch, added is a function, rsa_gen_key_prop(), which will
generate additional parameters for other uses, in particular
UEFI secure boot, on the fly.
Note: the current code uses some "big number" routines from BearSSL
for the calculation.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This commit add to u-boot the support to decrypt
fit image encrypted with aes. The FIT image contains
the key name and the IV name. Then u-boot look for
the key and IV in his device tree and decrypt images
before moving to the next stage.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
This commit add the support of encrypting image with aes
in mkimage. To enable the ciphering, a node cipher with
a reference to a key and IV (Initialization Vector) must
be added to the its file. Then mkimage add the encrypted
image to the FIT and add the key and IV to the u-boot
device tree.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
The build failure was originally reported on arm64-musl
target at https://bugs.gentoo.org/703132. Here is the amd64-musl
variant:
```
$ LANG=C make CROSS_COMPILE=x86_64-gentoo-linux-musl- tools-only_defconfig -j$(nproc)
$ LANG=C make CROSS_COMPILE=x86_64-gentoo-linux-musl- tools-all -j$(nproc)
...
include/u-boot/crc.h:37:44: error: unknown type name 'uint'; did you mean 'int'?
37 | void crc16_ccitt_wd_buf(const uint8_t *in, uint len,
| ^~~~
| int
```
Note: 'uint' is not defined there.
On glibc 'uint' comes from <sys/types.h> and happens to work on most .c files.
The change imports 'uint' declaration from '<compiler.h>'.
Bug: https://bugs.gentoo.org/703132
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Some of these have a space before the bracket. Drop it to fix the style.
Add some missing function comments while here.
Note that u32 and u8 cannot be used here since crc.h is included on the
host side.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
We have an existing U-Boot header for the one function that this defines.
Use that instead of the linux/ one. Move over the nice comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
The CRC16-CCITT checksum function is useful for space-constrained
applications (such as obtaining a checksum across a 2KBit or 4KBit
EEPROM) in boot applications. It has not been accessible from boot
scripts until now (due to not having a dedicated command and not being
supported by the hash infrstructure) limiting its applicability
outside of custom commands.
This adds the CRC16-CCITT (poly 0x1021, init 0x0) algorithm to the
list of available hashes and adds a new crc16_ccitt_wd_buf() to make
this possible.
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
[trini: Fix building crc16.o for SPL/TPL]
Signed-off-by: Tom Rini <trini@konsulko.com>
This merges the CRC16-CCITT headers into u-boot/crc.h to prepare for
rolling CRC16 into the hash infrastructure. Given that CRC8, CRC32
and CRC32-C already have their prototypes in a single header file, it
seems a good idea to also include CRC16-CCITT in the same.
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
We add the support of the padding pss for rsa signature.
This new padding is often recommended instead of pkcs-1.5.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to manage several padding algorithm.
The choice of the padding is done in the file .its.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This patch basically adds two new commands for loadig secure
images.
1. zynq rsa adds support to load secure image which can be both
authenticated or encrypted or both authenticated and encrypted
image in xilinx bootimage(BOOT.bin) format.
2. zynq aes command adds support to decrypt and load encrypted
image back to DDR as per destination address. The image has
to be encrypted using xilinx bootgen tool and to get only the
encrypted image from tool use -split option while invoking
bootgen.
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
Add a header variadic-macro.h which defines the CALL_MACRO_FOR_EACH marco.
This macro can be used as follows:
#define TEST(x)
CALL_MACRO_FOR_EACH(TEST, a, b, c, d)
This will expand to
TEST(a) TEST(b) TEST(c) TEST(d)
The nice thing is that CALL_MACRO_FOR_EACH is a variadic macro, thus the
number of arguments can vary (although it has an upper limit - in this
implementation 32 arguments).
Signed-off-by: Marek Behun <marek.behun@nic.cz>
create mode 100644 include/u-boot/variadic-macro.h
This patch enables crc8 to be used from within the tools directory using
u-boot/crc.h.
Signed-off-by: Olliver Schinagl <o.schinagl@ultimaker.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SHA/RSA pairings. The padding can be easily computed
according to PKCS#1v2.1 as:
EM = 0x00 || 0x01 || PS || 0x00 || T
where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding
of the hash.
Store DER prefix in checksum_algo and create rsa_verify_padding
function to handle verification of a message for any SHA/RSA pairing.
Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
There are already two FIT options in Kconfig but the CONFIG options are
still in the header files. We need to do a proper move to fix this.
Move these options to Kconfig and tidy up board configuration:
CONFIG_FIT
CONFIG_OF_BOARD_SETUP
CONFIG_OF_SYSTEM_SETUP
CONFIG_FIT_SIGNATURE
CONFIG_FIT_BEST_MATCH
CONFIG_FIT_VERBOSE
CONFIG_OF_STDOUT_VIA_ALIAS
CONFIG_RSA
Unfortunately the first one is a little complicated. We need to make sure
this option is not enabled in SPL by this change. Also this option is
enabled automatically in the host builds by defining CONFIG_FIT in the
image.h file. To solve this, add a new IMAGE_USE_FIT #define which can
be used in files that are built on the host but must also build for U-Boot
and SPL.
Note: Masahiro's moveconfig.py script is amazing.
Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Add microblaze change, various configs/ re-applies]
Signed-off-by: Tom Rini <trini@konsulko.com>
In a number of places we had wordings of the GPL (or LGPL in a few
cases) license text that were split in such a way that it wasn't caught
previously. Convert all of these to the correct SPDX-License-Identifier
tag.
Signed-off-by: Tom Rini <trini@konsulko.com>
gpio.h - Added missing copyright in few files.
rsa-mod-exp.h - Corrected copyright in the file.
fsl_sec.h - Added missing license in files
drivers/crypto/fsl/Makefile - Removed the incomplete GPLv2 license and replaced it with GPLv2+ license
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Currently the hash functions used in RSA are called directly from the sha1
and sha256 libraries. Change the RSA checksum library to use the progressive
hash API's registered with struct hash_algo. This will allow the checksum
library to use the hardware accelerated progressive hash API's once available.
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
(Fixed build error in am335x_boneblack_vboot due to duplicate CONFIG_DM)
Change-Id: Ic44279432f88d4e8594c6e94feb1cfcae2443a54
Add a new rsa uclass for performing modular exponentiation and implement
the software driver basing on this uclass.
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
Public exponentiation which is required in rsa verify functionality is
tightly integrated with verification code in rsa_verify.c. The patch
splits the file into twp separating the modular exponentiation.
1. rsa-verify.c
- The file parses device tree keys node to fill a keyprop structure.
The keyprop structure can then be converted to implementation specific
format.
(struct rsa_pub_key for sw implementation)
- The parsed device tree node is then passed to a generic rsa_mod_exp
function.
2. rsa-mod-exp.c
Move the software specific functions related to modular exponentiation
from rsa-verify.c to this file.
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
Remove the verified boot limitation that only allows a single
RSA public exponent of 65537 (F4). This change allows use with
existing PKI infrastructure and has been tested with HSM-based
PKI.
Change the configuration OF tree format to store the RSA public
exponent as a 64 bit integer and implement backward compatibility
for verified boot configuration trees without this extra field.
Parameterise vboot_test.sh to test different public exponents.
Mathematics and other hard work by Andrew Bott.
Tested with the following public exponents: 3, 5, 17, 257, 39981,
50457, 65537 and 4294967297.
Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com>
Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com>
Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com>
Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Cc: Simon Glass <sjg@chromium.org>
commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.
cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
Add the CRC32 algorithm to the list of available hashes, and make
the crc32 command use hash_command(). Add a new crc32_wd_buf() to
make this possible, which puts its result in a buffer rather than
returning it as a 32-bit value.
Note: For some boards the hash command is not enabled, neither
are sha1, sha256 or the verify option. In this case the full
hash implementation adds about 500 bytes of overhead. So as a
special case, we use #ifdef to select very simple bahaviour in
that case. The justification for this is that it is currently
a very common case (virtually all boards enable crc32 but only
some enable more advanced features).
Signed-off-by: Simon Glass <sjg@chromium.org>
define Z_NULL to (void *)0 include/u-boot/zlib.h to get rid of most of
the NULL pointer warnings.
inflate.c:942:1: warning: non-ANSI definition of function 'inflateEnd'
inflate.c:9:1: warning: non-ANSI definition of function 'inflateReset'
inflate.c:12:17: warning: Using plain integer as NULL pointer
inflate.c:12:42: warning: Using plain integer as NULL pointer
inflate.c:15:17: warning: Using plain integer as NULL pointer
inflate.c:21:19: warning: Using plain integer as NULL pointer
inflate.c:35:1: warning: non-ANSI definition of function 'inflateInit2_'
inflate.c:38:20: warning: Using plain integer as NULL pointer
inflate.c:41:17: warning: Using plain integer as NULL pointer
inflate.c:42:17: warning: Using plain integer as NULL pointer
inflate.c:50:18: warning: Using plain integer as NULL pointer
inflate.c:65:23: warning: Using plain integer as NULL pointer
inflate.c:69:21: warning: Using plain integer as NULL pointer
inflate.c:78:1: warning: non-ANSI definition of function 'inflateInit_'
inflate.c:86:1: warning: non-ANSI definition of function 'fixedtables'
inflate.c:108:26: warning: Using plain integer as NULL pointer
inflate.c:109:1: warning: non-ANSI definition of function 'updatewindow'
inflate.c:112:30: warning: Using plain integer as NULL pointer
inflate.c:339:1: warning: non-ANSI definition of function 'inflate'
inflate.c:349:17: warning: Using plain integer as NULL pointer
inflate.c:349:42: warning: Using plain integer as NULL pointer
inflate.c:350:27: warning: Using plain integer as NULL pointer
inflate.c:369:42: warning: Using plain integer as NULL pointer
inflate.c:376:32: warning: Using plain integer as NULL pointer
inflate.c:401:54: warning: Using plain integer as NULL pointer
inflate.c:419:32: warning: Using plain integer as NULL pointer
inflate.c:426:32: warning: Using plain integer as NULL pointer
inflate.c:433:32: warning: Using plain integer as NULL pointer
inflate.c:444:36: warning: Using plain integer as NULL pointer
inflate.c:449:37: warning: Using plain integer as NULL pointer
inflate.c:450:38: warning: Using plain integer as NULL pointer
inflate.c:457:40: warning: Using plain integer as NULL pointer
inflate.c:458:47: warning: Using plain integer as NULL pointer
inflate.c:480:40: warning: Using plain integer as NULL pointer
inflate.c:481:50: warning: Using plain integer as NULL pointer
inflate.c:491:37: warning: Using plain integer as NULL pointer
inflate.c:492:37: warning: Using plain integer as NULL pointer
inflate.c:501:40: warning: Using plain integer as NULL pointer
inflate.c:502:53: warning: Using plain integer as NULL pointer
inflate.c:512:37: warning: Using plain integer as NULL pointer
inflate.c:513:40: warning: Using plain integer as NULL pointer
inflate.c:525:32: warning: Using plain integer as NULL pointer
inflate.c:529:52: warning: Using plain integer as NULL pointer
inflate.c:543:54: warning: Using plain integer as NULL pointer
inflate.c:932:17: warning: Using plain integer as NULL pointer
inflate.c:932:42: warning: Using plain integer as NULL pointer
inflate.c:935:26: warning: Using plain integer as NULL pointer
inflate.c:940:19: warning: Using plain integer as NULL pointer
adler32.c:58:5: warning: non-ANSI definition of function 'adler32'
adler32.c:81:16: warning: Using plain integer as NULL pointer
zutil.c:53:9: warning: non-ANSI definition of function 'zcalloc'
zutil.c:64:9: warning: non-ANSI definition of function 'zcfree'
inffast.c:70:1: warning: non-ANSI definition of function 'inflate_fast'
inftrees.c:33:1: warning: non-ANSI definition of function 'inflate_table'
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Add a new config CONFIG_GZIP_ENABLED, if enabled, the uboot bin would
include zlib's deflate method which could be used for compressing.
Signed-off-by: Lei Wen <leiwen@marvell.com>
This allows us to add a proper zalloc() func (one that does a zeroing
alloc), and removes duplicate prototypes.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
md5.c: In function ‘MD5Final’:
md5.c:156:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
md5.c:157:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Wolfgang Denk <wd@denx.de>
Acked-by: Mike Frysinger <vapier@gentoo.org>
Now that the other architecture-specific lib directories have been
moved out of the top-level directory there's not much reason to have the
'_generic' suffix on the common lib directory.
Signed-off-by: Peter Tyser <ptyser@xes-inc.com>
uninitialized retval variable warning fixed
crc32 APIs moved to crc.h (newly added) and build warnings fixed
Signed-off-by: Prafulla Wadaskar <prafulla@marvell.com>
Signed-off-by: Wolfgang Denk <wd@denx.de>
Start a common header file for common linker script code (such as
workarounds for older linkers) rather than doing this in the build system.
As fallout, we no longer execute the linker every time config.mk is
included by a build file (which can easily be 70+ times), but rather only
execute it once.
This also fixes a bug in the major version checking by creating a macro to
easily compare versions and keep people from making the same common
mistake (forgetting to check major and minor together).
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
This patch updates zlib to the latest stable version.
Only relevant zlib parts were ported to u-boot tree, as already did for the
current zlib (0.95). New zlib guarantees a faster inflate performances
other then others improvements as explained at www.zlib.net.
It also includes Alessandro Rubini's patches to allow 0 as destination pointer
and to call watchdog reset if required by architecture.
Signed-off-by: Giuseppe Condorelli <giuseppe.condorelli@st.com>
Reviewed-by: Angelo Castello <angelo.castello@st.com>
Reviewed-by: Alessandro Rubini <rubini-list@gnudd.com>
This reverts commit b201171f2b.
The commit caused problems for example when unpacking kernel images:
Uncompressing Kernel Image ... Error: inflate() returned -2
GUNZIP: uncompress, out-of-mem or overwrite error - must
RESET board to recover
Conflicts:
include/u-boot/zlib.h
lib_generic/zlib.c
Signed-off-by: Wolfgang Denk <wd@denx.de>
This patch updates zlib to the latest stable version.
Only relevant zlib parts were ported to u-boot tree, as was done for
the previously used version of zlib (0.95). New zlib gives faster
inflate performance and other improvements, see www.zlib.net
Signed-off-by: Giuseppe Condorelli <giuseppe.condorelli@st.com>
Reviewed-by: Angelo Castello <angelo.castello@st.com>
Edited commit message
Signed-off-by: Wolfgang Denk <wd@denx.de>
Shove a lot of the HOSTCC and related #ifdef checking crap into the new
compiler.h header so that we can keep all other headers nice and clean.
Also introduce custom uswap functions so we don't have to rely on the non
standard implementations that a host may (or may not in the case of OS X)
provide. This allows mkimage to finally build cleanly on an OS X system.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Some systems have zlib.h installed in /usr/include/. This isn't the
desired file for u-boot code - we want the one in include/zlib.h.
This rename will avoid the conflict.
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Implement watchodg-aware variants of hash calculation functions:
- crc32_wd()
- md5_wd()
- sha1_csum_wd()
The above functions calculate the hash of the input buffer in chunks,
triggering the watchdog after processing each chunk. The chunk size
is given as a function call parameter.
Signed-off-by: Bartlomiej Sieka <tur@semihalf.com>
Some systems have md5.h installed in /usr/include/. This isn't the
desired file (we want the one in include/md5.h). This will avoid the
conflict. This fixes the host tools building problem by creating a new
directory for U-Boot specific header files.
[Patch by Andy Fleming, modified to use separate directory by Wolfgang
Denk]
Signed-off-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Andy Fleming <afleming@freescale.com>
Acked-by: Timur Tabi <timur@freescale.com>