#
55a7d60f |
|
20-Mar-2024 |
Hugo Cornelis <hugo.cornelis@essensium.com> |
image-host: Fix error value paths and emit error messages to stderr. A recent refactoring in image-host.c messed up the return values of the function that reads the encryptiong keys. This patch fixes this and also makes sure that error output goes to stderr instead of to stdout. Signed-off-by: Hugo Cornelis <hugo.cornelis@essensium.com> |
#
bc01d9ff |
|
08-Jan-2024 |
Hugo Cornelis <hugo.cornelis@essensium.com> |
image-host: refactor and protect for very long filenames This patch adds a function fit_image_read_key_iv_data that checks the return value of snprintf and allows to generate a sensible error message when generating binary images using filenames that are too long for the OS to handle. This is especially relevant for automated builds such as Buildroot and Yocto builds. Signed-off-by: Hugo Cornelis <hugo.cornelis@essensium.com> |
#
03e59826 |
|
21-Dec-2023 |
Paul-Erwan Rio <paulerwan.rio@gmail.com> |
tools: fix build without LIBCRYPTO support Commit cb9faa6f98ae ("tools: Use a single target-independent config to enable OpenSSL") introduced a target-independent configuration to build crypto features in host tools. But since commit 2c21256b27d7 ("hash: Use Kconfig to enable hashing in host tools and SPL") the build without OpenSSL is broken, due to FIT signature/encryption features. Add missing conditional compilation tokens to fix this. Signed-off-by: Paul-Erwan Rio <paulerwan.rio@gmail.com> Tested-by: Alexander Dahl <ada@thorsis.com> Cc: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8d8851e8 |
|
17-Aug-2023 |
Oleksandr Suvorov <oleksandr.suvorov@foundries.io> |
tools: image-host: print error messages to stderr The make by default cuts off the stdout output from external tools, so all error messages from the image-host are not shown in a make output. Besides that, it is a common approach to use stderr stream for error messages. Use stderr for all error messages in image-host. Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
90cfae2a |
|
21-Dec-2022 |
Simon Glass <sjg@chromium.org> |
mkimage: Add a few more messages for FIT failures Add messages to make it clearer which part of the FIT creation is failing. This can happen when an invalid 'algo' property is provided in the .its file. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
0abe3323 |
|
20-Oct-2022 |
Sean Anderson <sean.anderson@seco.com> |
mkimage: fit: Fix signing of configs with external data Just like we exclude data-size, data-position, and data-offset from fit_config_check_sig, we must exclude them while signing as well. While we're at it, use the FIT_DATA_* defines for fit_config_check_sig as welll. Fixes: 8edecd3110e ("fit: Fix verification of images with external data") Fixes: c522949a29d ("rsa: sig: fix config signature check for fit with padding") Signed-off-by: Sean Anderson <sean.anderson@seco.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7c5eeb83 |
|
14-Sep-2022 |
Steven Lawrance <steven.lawrance@softathome.com> |
image-pre-load: Move macros/definitions to image.h Putting these definitions in a header will allow signatures to be validated independently of bootm. Signed-off-by: Steven Lawrance <steven.lawrance@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
61657180 |
|
26-Apr-2022 |
Mark Kettenis <kettenis@openbsd.org> |
tools: mkimage: Avoid ENODATA in host tools ENODATA isn't part of POSIX. Use EINVAL instead. Signed-off-by: Mark Kettenis <kettenis@openbsd.org> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
6e052d1c |
|
28-Mar-2022 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: add public key for image pre-load stage This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
2d2384bb |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org> |
#
9737c2d1 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Pass public-key node through to caller Update the two functions that call add_verify_data() so that the caller can see the node that was written to. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c033dc8c |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
image: Return destination node for add_verify_data() method It is useful to know where the verification data was written. Update the API to return this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
48422343 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Drop unused name in image-host The name is created but never used. Drop it. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
70e6bcc4 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Improve comments in signing functions Add some more comments to explain what is going on in the signing functions. Fix two repeated typos. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
5902a397 |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
mkimage: Allow to specify the signature algorithm on the command line This permits to prepare FIT image description that do not hard-code the final choice of the signature algorithm, possibly requiring the user to patch the sources. When -o <algo> is specified, this information is used in favor of the 'algo' property in the signature node. Furthermore, that property is set accordingly when writing the image. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> |
#
4550ce9b |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
image-fit: Make string of algo parameter constant Modifications would be invalid. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
185f812c |
|
19-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
doc: replace @return by Return: Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
#
2c6bcab6 |
|
28-Sep-2021 |
Vagrant Cascadian <vagrant@debian.org> |
tools/image-host.c: Fix spelling of "expected". Signed-off-by: Vagrant Cascadian <vagrant@debian.org> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7f0f4e18 |
|
13-May-2021 |
Simon Glass <sjg@chromium.org> |
tools: Avoid showing return value of clock_gettime() This value is either 0 for success or -1 for error. Coverity reports that "ret" is passed to a parameter that cannot be negative, pointing to the condition 'if (ret < 0)'. Adjust it to just check for non-zero and avoid showing -1 in the error message, which is pointless. Perhaps these changes will molify Coverity. Reported-by: Coverity (CID: 312956) Signed-off-by: Simon Glass <sjg@chromium.org> |
#
7c39799d |
|
31-May-2021 |
Ming Liu <liu.ming50@gmail.com> |
tools: image-host: fix wrong return value The return value '-ENOSPC' of fit_set_timestamp function does not match the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'. Fix it by not calling fit_set_timestamp, but call fdt_setprop instead. This fixes a following mkimage error: | Can't write signature for 'signature@1' signature node in | 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error> | mkimage Can't add hashes to FIT blob: -1 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> |
#
36bfcb62 |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
mkimage: Add a 'keyfile' argument for image signing It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com> |
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> |
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> |
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <masahiroy@kernel.org> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <masahiroy@kernel.org> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <masahiroy@kernel.org> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <masahiroy@kernel.org> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> |
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> |
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> |
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> |
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) |
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> |
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> |
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> |
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de> |
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
bc01d9ff |
|
08-Jan-2024 |
Hugo Cornelis <hugo.cornelis@essensium.com> |
image-host: refactor and protect for very long filenames This patch adds a function fit_image_read_key_iv_data that checks the return value of snprintf and allows to generate a sensible error message when generating binary images using filenames that are too long for the OS to handle. This is especially relevant for automated builds such as Buildroot and Yocto builds. Signed-off-by: Hugo Cornelis <hugo.cornelis@essensium.com> |
#
03e59826 |
|
21-Dec-2023 |
Paul-Erwan Rio <paulerwan.rio@gmail.com> |
tools: fix build without LIBCRYPTO support Commit cb9faa6f98ae ("tools: Use a single target-independent config to enable OpenSSL") introduced a target-independent configuration to build crypto features in host tools. But since commit 2c21256b27d7 ("hash: Use Kconfig to enable hashing in host tools and SPL") the build without OpenSSL is broken, due to FIT signature/encryption features. Add missing conditional compilation tokens to fix this. Signed-off-by: Paul-Erwan Rio <paulerwan.rio@gmail.com> Tested-by: Alexander Dahl <ada@thorsis.com> Cc: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8d8851e8 |
|
17-Aug-2023 |
Oleksandr Suvorov <oleksandr.suvorov@foundries.io> |
tools: image-host: print error messages to stderr The make by default cuts off the stdout output from external tools, so all error messages from the image-host are not shown in a make output. Besides that, it is a common approach to use stderr stream for error messages. Use stderr for all error messages in image-host. Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
90cfae2a |
|
21-Dec-2022 |
Simon Glass <sjg@chromium.org> |
mkimage: Add a few more messages for FIT failures Add messages to make it clearer which part of the FIT creation is failing. This can happen when an invalid 'algo' property is provided in the .its file. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
0abe3323 |
|
20-Oct-2022 |
Sean Anderson <sean.anderson@seco.com> |
mkimage: fit: Fix signing of configs with external data Just like we exclude data-size, data-position, and data-offset from fit_config_check_sig, we must exclude them while signing as well. While we're at it, use the FIT_DATA_* defines for fit_config_check_sig as welll. Fixes: 8edecd3110e ("fit: Fix verification of images with external data") Fixes: c522949a29d ("rsa: sig: fix config signature check for fit with padding") Signed-off-by: Sean Anderson <sean.anderson@seco.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7c5eeb83 |
|
14-Sep-2022 |
Steven Lawrance <steven.lawrance@softathome.com> |
image-pre-load: Move macros/definitions to image.h Putting these definitions in a header will allow signatures to be validated independently of bootm. Signed-off-by: Steven Lawrance <steven.lawrance@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
61657180 |
|
26-Apr-2022 |
Mark Kettenis <kettenis@openbsd.org> |
tools: mkimage: Avoid ENODATA in host tools ENODATA isn't part of POSIX. Use EINVAL instead. Signed-off-by: Mark Kettenis <kettenis@openbsd.org> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
6e052d1c |
|
28-Mar-2022 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: add public key for image pre-load stage This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
2d2384bb |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org> |
#
9737c2d1 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Pass public-key node through to caller Update the two functions that call add_verify_data() so that the caller can see the node that was written to. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c033dc8c |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
image: Return destination node for add_verify_data() method It is useful to know where the verification data was written. Update the API to return this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
48422343 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Drop unused name in image-host The name is created but never used. Drop it. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
70e6bcc4 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Improve comments in signing functions Add some more comments to explain what is going on in the signing functions. Fix two repeated typos. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
5902a397 |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
mkimage: Allow to specify the signature algorithm on the command line This permits to prepare FIT image description that do not hard-code the final choice of the signature algorithm, possibly requiring the user to patch the sources. When -o <algo> is specified, this information is used in favor of the 'algo' property in the signature node. Furthermore, that property is set accordingly when writing the image. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> |
#
4550ce9b |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
image-fit: Make string of algo parameter constant Modifications would be invalid. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
185f812c |
|
19-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
doc: replace @return by Return: Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
#
2c6bcab6 |
|
28-Sep-2021 |
Vagrant Cascadian <vagrant@debian.org> |
tools/image-host.c: Fix spelling of "expected". Signed-off-by: Vagrant Cascadian <vagrant@debian.org> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7f0f4e18 |
|
13-May-2021 |
Simon Glass <sjg@chromium.org> |
tools: Avoid showing return value of clock_gettime() This value is either 0 for success or -1 for error. Coverity reports that "ret" is passed to a parameter that cannot be negative, pointing to the condition 'if (ret < 0)'. Adjust it to just check for non-zero and avoid showing -1 in the error message, which is pointless. Perhaps these changes will molify Coverity. Reported-by: Coverity (CID: 312956) Signed-off-by: Simon Glass <sjg@chromium.org> |
#
7c39799d |
|
31-May-2021 |
Ming Liu <liu.ming50@gmail.com> |
tools: image-host: fix wrong return value The return value '-ENOSPC' of fit_set_timestamp function does not match the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'. Fix it by not calling fit_set_timestamp, but call fdt_setprop instead. This fixes a following mkimage error: | Can't write signature for 'signature@1' signature node in | 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error> | mkimage Can't add hashes to FIT blob: -1 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> |
#
36bfcb62 |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
mkimage: Add a 'keyfile' argument for image signing It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com> |
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> |
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> |
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <masahiroy@kernel.org> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <masahiroy@kernel.org> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <masahiroy@kernel.org> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <masahiroy@kernel.org> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> |
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> |
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> |
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> |
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) |
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> |
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> |
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> |
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de> |
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
03e59826 |
|
21-Dec-2023 |
Paul-Erwan Rio <paulerwan.rio@gmail.com> |
tools: fix build without LIBCRYPTO support Commit cb9faa6f98ae ("tools: Use a single target-independent config to enable OpenSSL") introduced a target-independent configuration to build crypto features in host tools. But since commit 2c21256b27d7 ("hash: Use Kconfig to enable hashing in host tools and SPL") the build without OpenSSL is broken, due to FIT signature/encryption features. Add missing conditional compilation tokens to fix this. Signed-off-by: Paul-Erwan Rio <paulerwan.rio@gmail.com> Tested-by: Alexander Dahl <ada@thorsis.com> Cc: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8d8851e8 |
|
17-Aug-2023 |
Oleksandr Suvorov <oleksandr.suvorov@foundries.io> |
tools: image-host: print error messages to stderr The make by default cuts off the stdout output from external tools, so all error messages from the image-host are not shown in a make output. Besides that, it is a common approach to use stderr stream for error messages. Use stderr for all error messages in image-host. Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
90cfae2a |
|
21-Dec-2022 |
Simon Glass <sjg@chromium.org> |
mkimage: Add a few more messages for FIT failures Add messages to make it clearer which part of the FIT creation is failing. This can happen when an invalid 'algo' property is provided in the .its file. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
0abe3323 |
|
20-Oct-2022 |
Sean Anderson <sean.anderson@seco.com> |
mkimage: fit: Fix signing of configs with external data Just like we exclude data-size, data-position, and data-offset from fit_config_check_sig, we must exclude them while signing as well. While we're at it, use the FIT_DATA_* defines for fit_config_check_sig as welll. Fixes: 8edecd3110e ("fit: Fix verification of images with external data") Fixes: c522949a29d ("rsa: sig: fix config signature check for fit with padding") Signed-off-by: Sean Anderson <sean.anderson@seco.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7c5eeb83 |
|
14-Sep-2022 |
Steven Lawrance <steven.lawrance@softathome.com> |
image-pre-load: Move macros/definitions to image.h Putting these definitions in a header will allow signatures to be validated independently of bootm. Signed-off-by: Steven Lawrance <steven.lawrance@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
61657180 |
|
26-Apr-2022 |
Mark Kettenis <kettenis@openbsd.org> |
tools: mkimage: Avoid ENODATA in host tools ENODATA isn't part of POSIX. Use EINVAL instead. Signed-off-by: Mark Kettenis <kettenis@openbsd.org> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
6e052d1c |
|
28-Mar-2022 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: add public key for image pre-load stage This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
2d2384bb |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org> |
#
9737c2d1 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Pass public-key node through to caller Update the two functions that call add_verify_data() so that the caller can see the node that was written to. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c033dc8c |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
image: Return destination node for add_verify_data() method It is useful to know where the verification data was written. Update the API to return this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
48422343 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Drop unused name in image-host The name is created but never used. Drop it. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
70e6bcc4 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Improve comments in signing functions Add some more comments to explain what is going on in the signing functions. Fix two repeated typos. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
5902a397 |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
mkimage: Allow to specify the signature algorithm on the command line This permits to prepare FIT image description that do not hard-code the final choice of the signature algorithm, possibly requiring the user to patch the sources. When -o <algo> is specified, this information is used in favor of the 'algo' property in the signature node. Furthermore, that property is set accordingly when writing the image. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> |
#
4550ce9b |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
image-fit: Make string of algo parameter constant Modifications would be invalid. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
185f812c |
|
19-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
doc: replace @return by Return: Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
#
2c6bcab6 |
|
28-Sep-2021 |
Vagrant Cascadian <vagrant@debian.org> |
tools/image-host.c: Fix spelling of "expected". Signed-off-by: Vagrant Cascadian <vagrant@debian.org> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7f0f4e18 |
|
13-May-2021 |
Simon Glass <sjg@chromium.org> |
tools: Avoid showing return value of clock_gettime() This value is either 0 for success or -1 for error. Coverity reports that "ret" is passed to a parameter that cannot be negative, pointing to the condition 'if (ret < 0)'. Adjust it to just check for non-zero and avoid showing -1 in the error message, which is pointless. Perhaps these changes will molify Coverity. Reported-by: Coverity (CID: 312956) Signed-off-by: Simon Glass <sjg@chromium.org> |
#
7c39799d |
|
31-May-2021 |
Ming Liu <liu.ming50@gmail.com> |
tools: image-host: fix wrong return value The return value '-ENOSPC' of fit_set_timestamp function does not match the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'. Fix it by not calling fit_set_timestamp, but call fdt_setprop instead. This fixes a following mkimage error: | Can't write signature for 'signature@1' signature node in | 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error> | mkimage Can't add hashes to FIT blob: -1 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> |
#
36bfcb62 |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
mkimage: Add a 'keyfile' argument for image signing It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com> |
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> |
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> |
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <masahiroy@kernel.org> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <masahiroy@kernel.org> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <masahiroy@kernel.org> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <masahiroy@kernel.org> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> |
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> |
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> |
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> |
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) |
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> |
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> |
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> |
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de> |
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
8d8851e8 |
|
17-Aug-2023 |
Oleksandr Suvorov <oleksandr.suvorov@foundries.io> |
tools: image-host: print error messages to stderr The make by default cuts off the stdout output from external tools, so all error messages from the image-host are not shown in a make output. Besides that, it is a common approach to use stderr stream for error messages. Use stderr for all error messages in image-host. Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
90cfae2a |
|
21-Dec-2022 |
Simon Glass <sjg@chromium.org> |
mkimage: Add a few more messages for FIT failures Add messages to make it clearer which part of the FIT creation is failing. This can happen when an invalid 'algo' property is provided in the .its file. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
0abe3323 |
|
20-Oct-2022 |
Sean Anderson <sean.anderson@seco.com> |
mkimage: fit: Fix signing of configs with external data Just like we exclude data-size, data-position, and data-offset from fit_config_check_sig, we must exclude them while signing as well. While we're at it, use the FIT_DATA_* defines for fit_config_check_sig as welll. Fixes: 8edecd3110e ("fit: Fix verification of images with external data") Fixes: c522949a29d ("rsa: sig: fix config signature check for fit with padding") Signed-off-by: Sean Anderson <sean.anderson@seco.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7c5eeb83 |
|
14-Sep-2022 |
Steven Lawrance <steven.lawrance@softathome.com> |
image-pre-load: Move macros/definitions to image.h Putting these definitions in a header will allow signatures to be validated independently of bootm. Signed-off-by: Steven Lawrance <steven.lawrance@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
61657180 |
|
26-Apr-2022 |
Mark Kettenis <kettenis@openbsd.org> |
tools: mkimage: Avoid ENODATA in host tools ENODATA isn't part of POSIX. Use EINVAL instead. Signed-off-by: Mark Kettenis <kettenis@openbsd.org> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
6e052d1c |
|
28-Mar-2022 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: add public key for image pre-load stage This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
2d2384bb |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org> |
#
9737c2d1 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Pass public-key node through to caller Update the two functions that call add_verify_data() so that the caller can see the node that was written to. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c033dc8c |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
image: Return destination node for add_verify_data() method It is useful to know where the verification data was written. Update the API to return this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
48422343 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Drop unused name in image-host The name is created but never used. Drop it. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
70e6bcc4 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Improve comments in signing functions Add some more comments to explain what is going on in the signing functions. Fix two repeated typos. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
5902a397 |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
mkimage: Allow to specify the signature algorithm on the command line This permits to prepare FIT image description that do not hard-code the final choice of the signature algorithm, possibly requiring the user to patch the sources. When -o <algo> is specified, this information is used in favor of the 'algo' property in the signature node. Furthermore, that property is set accordingly when writing the image. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> |
#
4550ce9b |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
image-fit: Make string of algo parameter constant Modifications would be invalid. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
185f812c |
|
19-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
doc: replace @return by Return: Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
#
2c6bcab6 |
|
28-Sep-2021 |
Vagrant Cascadian <vagrant@debian.org> |
tools/image-host.c: Fix spelling of "expected". Signed-off-by: Vagrant Cascadian <vagrant@debian.org> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7f0f4e18 |
|
13-May-2021 |
Simon Glass <sjg@chromium.org> |
tools: Avoid showing return value of clock_gettime() This value is either 0 for success or -1 for error. Coverity reports that "ret" is passed to a parameter that cannot be negative, pointing to the condition 'if (ret < 0)'. Adjust it to just check for non-zero and avoid showing -1 in the error message, which is pointless. Perhaps these changes will molify Coverity. Reported-by: Coverity (CID: 312956) Signed-off-by: Simon Glass <sjg@chromium.org> |
#
7c39799d |
|
31-May-2021 |
Ming Liu <liu.ming50@gmail.com> |
tools: image-host: fix wrong return value The return value '-ENOSPC' of fit_set_timestamp function does not match the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'. Fix it by not calling fit_set_timestamp, but call fdt_setprop instead. This fixes a following mkimage error: | Can't write signature for 'signature@1' signature node in | 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error> | mkimage Can't add hashes to FIT blob: -1 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> |
#
36bfcb62 |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
mkimage: Add a 'keyfile' argument for image signing It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com> |
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> |
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> |
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <masahiroy@kernel.org> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <masahiroy@kernel.org> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <masahiroy@kernel.org> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <masahiroy@kernel.org> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> |
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> |
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> |
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> |
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) |
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> |
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> |
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> |
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de> |
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
90cfae2a |
|
21-Dec-2022 |
Simon Glass <sjg@chromium.org> |
mkimage: Add a few more messages for FIT failures Add messages to make it clearer which part of the FIT creation is failing. This can happen when an invalid 'algo' property is provided in the .its file. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
0abe3323 |
|
20-Oct-2022 |
Sean Anderson <sean.anderson@seco.com> |
mkimage: fit: Fix signing of configs with external data Just like we exclude data-size, data-position, and data-offset from fit_config_check_sig, we must exclude them while signing as well. While we're at it, use the FIT_DATA_* defines for fit_config_check_sig as welll. Fixes: 8edecd3110e ("fit: Fix verification of images with external data") Fixes: c522949a29d ("rsa: sig: fix config signature check for fit with padding") Signed-off-by: Sean Anderson <sean.anderson@seco.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7c5eeb83 |
|
14-Sep-2022 |
Steven Lawrance <steven.lawrance@softathome.com> |
image-pre-load: Move macros/definitions to image.h Putting these definitions in a header will allow signatures to be validated independently of bootm. Signed-off-by: Steven Lawrance <steven.lawrance@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
61657180 |
|
26-Apr-2022 |
Mark Kettenis <kettenis@openbsd.org> |
tools: mkimage: Avoid ENODATA in host tools ENODATA isn't part of POSIX. Use EINVAL instead. Signed-off-by: Mark Kettenis <kettenis@openbsd.org> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
6e052d1c |
|
28-Mar-2022 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: add public key for image pre-load stage This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
2d2384bb |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org> |
#
9737c2d1 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Pass public-key node through to caller Update the two functions that call add_verify_data() so that the caller can see the node that was written to. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c033dc8c |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
image: Return destination node for add_verify_data() method It is useful to know where the verification data was written. Update the API to return this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
48422343 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Drop unused name in image-host The name is created but never used. Drop it. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
70e6bcc4 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Improve comments in signing functions Add some more comments to explain what is going on in the signing functions. Fix two repeated typos. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
5902a397 |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
mkimage: Allow to specify the signature algorithm on the command line This permits to prepare FIT image description that do not hard-code the final choice of the signature algorithm, possibly requiring the user to patch the sources. When -o <algo> is specified, this information is used in favor of the 'algo' property in the signature node. Furthermore, that property is set accordingly when writing the image. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> |
#
4550ce9b |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
image-fit: Make string of algo parameter constant Modifications would be invalid. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
185f812c |
|
19-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
doc: replace @return by Return: Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
#
2c6bcab6 |
|
28-Sep-2021 |
Vagrant Cascadian <vagrant@debian.org> |
tools/image-host.c: Fix spelling of "expected". Signed-off-by: Vagrant Cascadian <vagrant@debian.org> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7f0f4e18 |
|
13-May-2021 |
Simon Glass <sjg@chromium.org> |
tools: Avoid showing return value of clock_gettime() This value is either 0 for success or -1 for error. Coverity reports that "ret" is passed to a parameter that cannot be negative, pointing to the condition 'if (ret < 0)'. Adjust it to just check for non-zero and avoid showing -1 in the error message, which is pointless. Perhaps these changes will molify Coverity. Reported-by: Coverity (CID: 312956) Signed-off-by: Simon Glass <sjg@chromium.org> |
#
7c39799d |
|
31-May-2021 |
Ming Liu <liu.ming50@gmail.com> |
tools: image-host: fix wrong return value The return value '-ENOSPC' of fit_set_timestamp function does not match the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'. Fix it by not calling fit_set_timestamp, but call fdt_setprop instead. This fixes a following mkimage error: | Can't write signature for 'signature@1' signature node in | 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error> | mkimage Can't add hashes to FIT blob: -1 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> |
#
36bfcb62 |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
mkimage: Add a 'keyfile' argument for image signing It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com> |
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> |
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> |
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> |
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> |
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> |
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> |
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) |
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> |
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> |
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> |
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de> |
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
0abe3323 |
|
20-Oct-2022 |
Sean Anderson <sean.anderson@seco.com> |
mkimage: fit: Fix signing of configs with external data Just like we exclude data-size, data-position, and data-offset from fit_config_check_sig, we must exclude them while signing as well. While we're at it, use the FIT_DATA_* defines for fit_config_check_sig as welll. Fixes: 8edecd3110e ("fit: Fix verification of images with external data") Fixes: c522949a29d ("rsa: sig: fix config signature check for fit with padding") Signed-off-by: Sean Anderson <sean.anderson@seco.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7c5eeb83 |
|
14-Sep-2022 |
Steven Lawrance <steven.lawrance@softathome.com> |
image-pre-load: Move macros/definitions to image.h Putting these definitions in a header will allow signatures to be validated independently of bootm. Signed-off-by: Steven Lawrance <steven.lawrance@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
61657180 |
|
26-Apr-2022 |
Mark Kettenis <kettenis@openbsd.org> |
tools: mkimage: Avoid ENODATA in host tools ENODATA isn't part of POSIX. Use EINVAL instead. Signed-off-by: Mark Kettenis <kettenis@openbsd.org> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
6e052d1c |
|
28-Mar-2022 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: add public key for image pre-load stage This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
2d2384bb |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org> |
#
9737c2d1 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Pass public-key node through to caller Update the two functions that call add_verify_data() so that the caller can see the node that was written to. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c033dc8c |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
image: Return destination node for add_verify_data() method It is useful to know where the verification data was written. Update the API to return this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
48422343 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Drop unused name in image-host The name is created but never used. Drop it. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
70e6bcc4 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Improve comments in signing functions Add some more comments to explain what is going on in the signing functions. Fix two repeated typos. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
5902a397 |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
mkimage: Allow to specify the signature algorithm on the command line This permits to prepare FIT image description that do not hard-code the final choice of the signature algorithm, possibly requiring the user to patch the sources. When -o <algo> is specified, this information is used in favor of the 'algo' property in the signature node. Furthermore, that property is set accordingly when writing the image. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> |
#
4550ce9b |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
image-fit: Make string of algo parameter constant Modifications would be invalid. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
185f812c |
|
19-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
doc: replace @return by Return: Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
#
2c6bcab6 |
|
28-Sep-2021 |
Vagrant Cascadian <vagrant@debian.org> |
tools/image-host.c: Fix spelling of "expected". Signed-off-by: Vagrant Cascadian <vagrant@debian.org> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7f0f4e18 |
|
13-May-2021 |
Simon Glass <sjg@chromium.org> |
tools: Avoid showing return value of clock_gettime() This value is either 0 for success or -1 for error. Coverity reports that "ret" is passed to a parameter that cannot be negative, pointing to the condition 'if (ret < 0)'. Adjust it to just check for non-zero and avoid showing -1 in the error message, which is pointless. Perhaps these changes will molify Coverity. Reported-by: Coverity (CID: 312956) Signed-off-by: Simon Glass <sjg@chromium.org> |
#
7c39799d |
|
31-May-2021 |
Ming Liu <liu.ming50@gmail.com> |
tools: image-host: fix wrong return value The return value '-ENOSPC' of fit_set_timestamp function does not match the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'. Fix it by not calling fit_set_timestamp, but call fdt_setprop instead. This fixes a following mkimage error: | Can't write signature for 'signature@1' signature node in | 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error> | mkimage Can't add hashes to FIT blob: -1 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> |
#
36bfcb62 |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
mkimage: Add a 'keyfile' argument for image signing It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com> |
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> |
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> |
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> |
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> |
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> |
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> |
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) |
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> |
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> |
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> |
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de> |
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
7c5eeb83 |
|
14-Sep-2022 |
Steven Lawrance <steven.lawrance@softathome.com> |
image-pre-load: Move macros/definitions to image.h Putting these definitions in a header will allow signatures to be validated independently of bootm. Signed-off-by: Steven Lawrance <steven.lawrance@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
61657180 |
|
26-Apr-2022 |
Mark Kettenis <kettenis@openbsd.org> |
tools: mkimage: Avoid ENODATA in host tools ENODATA isn't part of POSIX. Use EINVAL instead. Signed-off-by: Mark Kettenis <kettenis@openbsd.org> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
6e052d1c |
|
28-Mar-2022 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: add public key for image pre-load stage This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
2d2384bb |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org> |
#
9737c2d1 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Pass public-key node through to caller Update the two functions that call add_verify_data() so that the caller can see the node that was written to. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c033dc8c |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
image: Return destination node for add_verify_data() method It is useful to know where the verification data was written. Update the API to return this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
48422343 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Drop unused name in image-host The name is created but never used. Drop it. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
70e6bcc4 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Improve comments in signing functions Add some more comments to explain what is going on in the signing functions. Fix two repeated typos. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
5902a397 |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
mkimage: Allow to specify the signature algorithm on the command line This permits to prepare FIT image description that do not hard-code the final choice of the signature algorithm, possibly requiring the user to patch the sources. When -o <algo> is specified, this information is used in favor of the 'algo' property in the signature node. Furthermore, that property is set accordingly when writing the image. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> |
#
4550ce9b |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
image-fit: Make string of algo parameter constant Modifications would be invalid. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
185f812c |
|
19-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
doc: replace @return by Return: Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
#
2c6bcab6 |
|
28-Sep-2021 |
Vagrant Cascadian <vagrant@debian.org> |
tools/image-host.c: Fix spelling of "expected". Signed-off-by: Vagrant Cascadian <vagrant@debian.org> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7f0f4e18 |
|
13-May-2021 |
Simon Glass <sjg@chromium.org> |
tools: Avoid showing return value of clock_gettime() This value is either 0 for success or -1 for error. Coverity reports that "ret" is passed to a parameter that cannot be negative, pointing to the condition 'if (ret < 0)'. Adjust it to just check for non-zero and avoid showing -1 in the error message, which is pointless. Perhaps these changes will molify Coverity. Reported-by: Coverity (CID: 312956) Signed-off-by: Simon Glass <sjg@chromium.org> |
#
7c39799d |
|
31-May-2021 |
Ming Liu <liu.ming50@gmail.com> |
tools: image-host: fix wrong return value The return value '-ENOSPC' of fit_set_timestamp function does not match the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'. Fix it by not calling fit_set_timestamp, but call fdt_setprop instead. This fixes a following mkimage error: | Can't write signature for 'signature@1' signature node in | 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error> | mkimage Can't add hashes to FIT blob: -1 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> |
#
36bfcb62 |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
mkimage: Add a 'keyfile' argument for image signing It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com> |
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> |
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> |
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> |
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> |
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> |
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> |
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) |
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> |
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> |
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> |
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de> |
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
61657180 |
|
26-Apr-2022 |
Mark Kettenis <kettenis@openbsd.org> |
tools: mkimage: Avoid ENODATA in host tools ENODATA isn't part of POSIX. Use EINVAL instead. Signed-off-by: Mark Kettenis <kettenis@openbsd.org> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
6e052d1c |
|
28-Mar-2022 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: add public key for image pre-load stage This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
2d2384bb |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org> |
#
9737c2d1 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Pass public-key node through to caller Update the two functions that call add_verify_data() so that the caller can see the node that was written to. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c033dc8c |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
image: Return destination node for add_verify_data() method It is useful to know where the verification data was written. Update the API to return this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
48422343 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Drop unused name in image-host The name is created but never used. Drop it. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
70e6bcc4 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Improve comments in signing functions Add some more comments to explain what is going on in the signing functions. Fix two repeated typos. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
5902a397 |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
mkimage: Allow to specify the signature algorithm on the command line This permits to prepare FIT image description that do not hard-code the final choice of the signature algorithm, possibly requiring the user to patch the sources. When -o <algo> is specified, this information is used in favor of the 'algo' property in the signature node. Furthermore, that property is set accordingly when writing the image. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> |
#
4550ce9b |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
image-fit: Make string of algo parameter constant Modifications would be invalid. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
185f812c |
|
19-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
doc: replace @return by Return: Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
#
2c6bcab6 |
|
28-Sep-2021 |
Vagrant Cascadian <vagrant@debian.org> |
tools/image-host.c: Fix spelling of "expected". Signed-off-by: Vagrant Cascadian <vagrant@debian.org> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7f0f4e18 |
|
13-May-2021 |
Simon Glass <sjg@chromium.org> |
tools: Avoid showing return value of clock_gettime() This value is either 0 for success or -1 for error. Coverity reports that "ret" is passed to a parameter that cannot be negative, pointing to the condition 'if (ret < 0)'. Adjust it to just check for non-zero and avoid showing -1 in the error message, which is pointless. Perhaps these changes will molify Coverity. Reported-by: Coverity (CID: 312956) Signed-off-by: Simon Glass <sjg@chromium.org> |
#
7c39799d |
|
31-May-2021 |
Ming Liu <liu.ming50@gmail.com> |
tools: image-host: fix wrong return value The return value '-ENOSPC' of fit_set_timestamp function does not match the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'. Fix it by not calling fit_set_timestamp, but call fdt_setprop instead. This fixes a following mkimage error: | Can't write signature for 'signature@1' signature node in | 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error> | mkimage Can't add hashes to FIT blob: -1 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> |
#
36bfcb62 |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
mkimage: Add a 'keyfile' argument for image signing It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com> |
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> |
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> |
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> |
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> |
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> |
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> |
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) |
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> |
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> |
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> |
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de> |
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
6e052d1c |
|
28-Mar-2022 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: add public key for image pre-load stage This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
2d2384bb |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org> |
#
9737c2d1 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Pass public-key node through to caller Update the two functions that call add_verify_data() so that the caller can see the node that was written to. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c033dc8c |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
image: Return destination node for add_verify_data() method It is useful to know where the verification data was written. Update the API to return this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
48422343 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Drop unused name in image-host The name is created but never used. Drop it. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
70e6bcc4 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Improve comments in signing functions Add some more comments to explain what is going on in the signing functions. Fix two repeated typos. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
5902a397 |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
mkimage: Allow to specify the signature algorithm on the command line This permits to prepare FIT image description that do not hard-code the final choice of the signature algorithm, possibly requiring the user to patch the sources. When -o <algo> is specified, this information is used in favor of the 'algo' property in the signature node. Furthermore, that property is set accordingly when writing the image. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> |
#
4550ce9b |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
image-fit: Make string of algo parameter constant Modifications would be invalid. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
185f812c |
|
19-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
doc: replace @return by Return: Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
#
2c6bcab6 |
|
28-Sep-2021 |
Vagrant Cascadian <vagrant@debian.org> |
tools/image-host.c: Fix spelling of "expected". Signed-off-by: Vagrant Cascadian <vagrant@debian.org> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7f0f4e18 |
|
13-May-2021 |
Simon Glass <sjg@chromium.org> |
tools: Avoid showing return value of clock_gettime() This value is either 0 for success or -1 for error. Coverity reports that "ret" is passed to a parameter that cannot be negative, pointing to the condition 'if (ret < 0)'. Adjust it to just check for non-zero and avoid showing -1 in the error message, which is pointless. Perhaps these changes will molify Coverity. Reported-by: Coverity (CID: 312956) Signed-off-by: Simon Glass <sjg@chromium.org> |
#
7c39799d |
|
31-May-2021 |
Ming Liu <liu.ming50@gmail.com> |
tools: image-host: fix wrong return value The return value '-ENOSPC' of fit_set_timestamp function does not match the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'. Fix it by not calling fit_set_timestamp, but call fdt_setprop instead. This fixes a following mkimage error: | Can't write signature for 'signature@1' signature node in | 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error> | mkimage Can't add hashes to FIT blob: -1 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> |
#
36bfcb62 |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
mkimage: Add a 'keyfile' argument for image signing It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com> |
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> |
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> |
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> |
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> |
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> |
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> |
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) |
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> |
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> |
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> |
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de> |
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
2d2384bb |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org> |
#
9737c2d1 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Pass public-key node through to caller Update the two functions that call add_verify_data() so that the caller can see the node that was written to. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
c033dc8c |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
image: Return destination node for add_verify_data() method It is useful to know where the verification data was written. Update the API to return this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
48422343 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Drop unused name in image-host The name is created but never used. Drop it. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
70e6bcc4 |
|
12-Nov-2021 |
Simon Glass <sjg@chromium.org> |
tools: Improve comments in signing functions Add some more comments to explain what is going on in the signing functions. Fix two repeated typos. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
5902a397 |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
mkimage: Allow to specify the signature algorithm on the command line This permits to prepare FIT image description that do not hard-code the final choice of the signature algorithm, possibly requiring the user to patch the sources. When -o <algo> is specified, this information is used in favor of the 'algo' property in the signature node. Furthermore, that property is set accordingly when writing the image. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> |
#
4550ce9b |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
image-fit: Make string of algo parameter constant Modifications would be invalid. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
185f812c |
|
19-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
doc: replace @return by Return: Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
#
2c6bcab6 |
|
28-Sep-2021 |
Vagrant Cascadian <vagrant@debian.org> |
tools/image-host.c: Fix spelling of "expected". Signed-off-by: Vagrant Cascadian <vagrant@debian.org> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7f0f4e18 |
|
13-May-2021 |
Simon Glass <sjg@chromium.org> |
tools: Avoid showing return value of clock_gettime() This value is either 0 for success or -1 for error. Coverity reports that "ret" is passed to a parameter that cannot be negative, pointing to the condition 'if (ret < 0)'. Adjust it to just check for non-zero and avoid showing -1 in the error message, which is pointless. Perhaps these changes will molify Coverity. Reported-by: Coverity (CID: 312956) Signed-off-by: Simon Glass <sjg@chromium.org> |
#
7c39799d |
|
31-May-2021 |
Ming Liu <liu.ming50@gmail.com> |
tools: image-host: fix wrong return value The return value '-ENOSPC' of fit_set_timestamp function does not match the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'. Fix it by not calling fit_set_timestamp, but call fdt_setprop instead. This fixes a following mkimage error: | Can't write signature for 'signature@1' signature node in | 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error> | mkimage Can't add hashes to FIT blob: -1 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> |
#
36bfcb62 |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
mkimage: Add a 'keyfile' argument for image signing It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com> |
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> |
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> |
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> |
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> |
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> |
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> |
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) |
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> |
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> |
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> |
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de> |
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
5902a397 |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
mkimage: Allow to specify the signature algorithm on the command line This permits to prepare FIT image description that do not hard-code the final choice of the signature algorithm, possibly requiring the user to patch the sources. When -o <algo> is specified, this information is used in favor of the 'algo' property in the signature node. Furthermore, that property is set accordingly when writing the image. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> |
#
4550ce9b |
|
14-Jan-2022 |
Jan Kiszka <jan.kiszka@siemens.com> |
image-fit: Make string of algo parameter constant Modifications would be invalid. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
185f812c |
|
19-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
doc: replace @return by Return: Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
#
2c6bcab6 |
|
28-Sep-2021 |
Vagrant Cascadian <vagrant@debian.org> |
tools/image-host.c: Fix spelling of "expected". Signed-off-by: Vagrant Cascadian <vagrant@debian.org> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7f0f4e18 |
|
13-May-2021 |
Simon Glass <sjg@chromium.org> |
tools: Avoid showing return value of clock_gettime() This value is either 0 for success or -1 for error. Coverity reports that "ret" is passed to a parameter that cannot be negative, pointing to the condition 'if (ret < 0)'. Adjust it to just check for non-zero and avoid showing -1 in the error message, which is pointless. Perhaps these changes will molify Coverity. Reported-by: Coverity (CID: 312956) Signed-off-by: Simon Glass <sjg@chromium.org> |
#
7c39799d |
|
31-May-2021 |
Ming Liu <liu.ming50@gmail.com> |
tools: image-host: fix wrong return value The return value '-ENOSPC' of fit_set_timestamp function does not match the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'. Fix it by not calling fit_set_timestamp, but call fdt_setprop instead. This fixes a following mkimage error: | Can't write signature for 'signature@1' signature node in | 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error> | mkimage Can't add hashes to FIT blob: -1 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> |
#
36bfcb62 |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
mkimage: Add a 'keyfile' argument for image signing It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com> |
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> |
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> |
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> |
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> |
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> |
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> |
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) |
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> |
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> |
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> |
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de> |
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
185f812c |
|
19-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
doc: replace @return by Return: Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
#
2c6bcab6 |
|
28-Sep-2021 |
Vagrant Cascadian <vagrant@debian.org> |
tools/image-host.c: Fix spelling of "expected". Signed-off-by: Vagrant Cascadian <vagrant@debian.org> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7f0f4e18 |
|
13-May-2021 |
Simon Glass <sjg@chromium.org> |
tools: Avoid showing return value of clock_gettime() This value is either 0 for success or -1 for error. Coverity reports that "ret" is passed to a parameter that cannot be negative, pointing to the condition 'if (ret < 0)'. Adjust it to just check for non-zero and avoid showing -1 in the error message, which is pointless. Perhaps these changes will molify Coverity. Reported-by: Coverity (CID: 312956) Signed-off-by: Simon Glass <sjg@chromium.org> |
#
7c39799d |
|
31-May-2021 |
Ming Liu <liu.ming50@gmail.com> |
tools: image-host: fix wrong return value The return value '-ENOSPC' of fit_set_timestamp function does not match the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'. Fix it by not calling fit_set_timestamp, but call fdt_setprop instead. This fixes a following mkimage error: | Can't write signature for 'signature@1' signature node in | 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error> | mkimage Can't add hashes to FIT blob: -1 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> |
#
36bfcb62 |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
mkimage: Add a 'keyfile' argument for image signing It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com> |
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> |
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> |
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> |
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> |
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> |
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> |
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) |
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> |
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> |
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> |
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de> |
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
2c6bcab6 |
|
28-Sep-2021 |
Vagrant Cascadian <vagrant@debian.org> |
tools/image-host.c: Fix spelling of "expected". Signed-off-by: Vagrant Cascadian <vagrant@debian.org> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
7f0f4e18 |
|
13-May-2021 |
Simon Glass <sjg@chromium.org> |
tools: Avoid showing return value of clock_gettime() This value is either 0 for success or -1 for error. Coverity reports that "ret" is passed to a parameter that cannot be negative, pointing to the condition 'if (ret < 0)'. Adjust it to just check for non-zero and avoid showing -1 in the error message, which is pointless. Perhaps these changes will molify Coverity. Reported-by: Coverity (CID: 312956) Signed-off-by: Simon Glass <sjg@chromium.org> |
#
7c39799d |
|
31-May-2021 |
Ming Liu <liu.ming50@gmail.com> |
tools: image-host: fix wrong return value The return value '-ENOSPC' of fit_set_timestamp function does not match the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'. Fix it by not calling fit_set_timestamp, but call fdt_setprop instead. This fixes a following mkimage error: | Can't write signature for 'signature@1' signature node in | 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error> | mkimage Can't add hashes to FIT blob: -1 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> |
#
36bfcb62 |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
mkimage: Add a 'keyfile' argument for image signing It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com> |
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> |
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> |
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> |
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> |
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> |
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> |
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) |
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> |
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> |
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> |
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de> |
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
7f0f4e18 |
|
13-May-2021 |
Simon Glass <sjg@chromium.org> |
tools: Avoid showing return value of clock_gettime() This value is either 0 for success or -1 for error. Coverity reports that "ret" is passed to a parameter that cannot be negative, pointing to the condition 'if (ret < 0)'. Adjust it to just check for non-zero and avoid showing -1 in the error message, which is pointless. Perhaps these changes will molify Coverity. Reported-by: Coverity (CID: 312956) Signed-off-by: Simon Glass <sjg@chromium.org> |
#
7c39799d |
|
31-May-2021 |
Ming Liu <liu.ming50@gmail.com> |
tools: image-host: fix wrong return value The return value '-ENOSPC' of fit_set_timestamp function does not match the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'. Fix it by not calling fit_set_timestamp, but call fdt_setprop instead. This fixes a following mkimage error: | Can't write signature for 'signature@1' signature node in | 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error> | mkimage Can't add hashes to FIT blob: -1 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> |
#
36bfcb62 |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
mkimage: Add a 'keyfile' argument for image signing It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com> |
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> |
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> |
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> |
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> |
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> |
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> |
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) |
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> |
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> |
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> |
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de> |
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
7c39799d |
|
31-May-2021 |
Ming Liu <liu.ming50@gmail.com> |
tools: image-host: fix wrong return value The return value '-ENOSPC' of fit_set_timestamp function does not match the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'. Fix it by not calling fit_set_timestamp, but call fdt_setprop instead. This fixes a following mkimage error: | Can't write signature for 'signature@1' signature node in | 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error> | mkimage Can't add hashes to FIT blob: -1 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> |
#
36bfcb62 |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
mkimage: Add a 'keyfile' argument for image signing It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com> |
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> |
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> |
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> |
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> |
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> |
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> |
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) |
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> |
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> |
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> |
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de> |
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
36bfcb62 |
|
18-Feb-2021 |
Alexandru Gagniuc <mr.nuke.me@gmail.com> |
mkimage: Add a 'keyfile' argument for image signing It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com> |
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> |
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> |
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> |
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> |
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> |
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> |
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> |
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> |
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) |
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> |
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> |
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> |
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de> |
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> |
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
edfeba75 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: add support for several sub-images The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
5a4116f1 |
|
24-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host: clean function fit_config_get_hash_list This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
26927493 |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use correct variable for strerrno In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
cc34f04e |
|
13-Nov-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: use random instead of rand According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
3311eda6 |
|
08-Oct-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("File %s don't have the expected size (size=%ld, expected=%d)\n", ~~^ %lld filename, sbuf.st_size, expected_size); ~~~~~~~~~~~~ tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘__off64_t’ {aka ‘long long int’} [-Wformat=] printf("Can't read all file %s (read %zd bytes, expexted %ld)\n", ~~^ %lld filename, n, sbuf.st_size); ~~~~~~~~~~~~ Fix the format strings. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a6982a6f |
|
17-Sep-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
fit: cipher: aes: allow to store the IV in the FIT image Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
ef40129c |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: include image cipher in configuration signature This patch addresses issue #2 for signed configurations. -----8<----- Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
b33e5cc1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: don't cipher ciphered data Previously, mkimage -F could be run multiple times causing already ciphered image data to be ciphered again. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
04aeebb1 |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: handle FDT_ERR_NOSPACE when ciphering Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can replace an existing property value. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c520266f |
|
29-Jul-2020 |
Patrick Oppenlander <patrick.oppenlander@gmail.com> |
mkimage: fit: only process one cipher node Previously mkimage would process any node matching the regex cipher.* and apply the ciphers to the image data in the order they appeared in the FDT. This meant that data could be inadvertently ciphered multiple times. Switch to processing a single cipher node which exactly matches FIT_CIPHER_NODENAME. Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
64045a6a |
|
16-Apr-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
libfdt: split fdt_region declarations out to <fdt_region.h> fdt_region APIs are not part of libfdt. They are U-Boot extension for the verified boot. Split the declarations related to fdt_region out of <fdt_region.h>. This allows <linux/libfdt.h> to become a simple wrapper file, like Linux does. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
b21c08a1 |
|
11-Apr-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: image-host.c: use correct output format When building on a 32bit host the following warning occurs: tools/image-host.c: In function ‘fit_image_read_data’: tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=] printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", ~~^ %d filename, n, sbuf.st_size); ~ n is of type ssize_t so we should use %zd for printing. Fixes: 7298e422504e ("mkimage: fit: add support to encrypt image with aes") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
72188f54 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Use constants for 'required' and 'key-name-hint' These are used in multiple places so update them to use a shared #define. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
c3aa81e3 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
fit_check_sign: Allow selecting the configuration to verify This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
382cf620 |
|
18-Mar-2020 |
Simon Glass <sjg@chromium.org> |
image: Be a little more verbose when checking signatures It is useful to be a little more specific about what is being checked. Update a few messages to help with this. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
a3ca99c2 |
|
18-Feb-2020 |
Philippe Reynes <philippe.reynes@softathome.com> |
tools: image-host.c: remove uboot_aes.h The include uboot_aes.h is not useful and it breaks the compilation on android, so we remove it. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reported-by: Praneeth Bajjuri <praneeth@ti.com>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
7298e422 |
|
18-Dec-2019 |
Philippe Reynes <philippe.reynes@softathome.com> |
mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
20031567 |
|
14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
795f452e |
|
20-Jun-2018 |
Alex Kiernan <alex.kiernan@gmail.com> |
mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org>
|
#
7346c1e1 |
|
09-Jun-2018 |
Teddy Reed <teddy.reed@gmail.com> |
vboot: Do not use hashed-strings offset The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
b2267e8a |
|
03-Dec-2017 |
Andre Przywara <andre.przywara@arm.com> |
fix incorrect usage of DT node unit address in comments The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com>
|
#
76b9cbab |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix message when fail to add verification data for config This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
|
#
6793d017 |
|
27-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: allow to sign image nodes without -K option If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
|
#
1d88a99d |
|
26-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix "algo" property of public key for verified boot The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
|
#
16067e6b |
|
19-Oct-2017 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tools: image: fix node name of signature node in FIT Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
f1ca1fde |
|
06-Jan-2017 |
George McCollister <george.mccollister@gmail.com> |
mkimage: Add support for signing with pkcs11 Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com>
|
#
83dd98e0 |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
0c1d74fd |
|
08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
713fb2dc |
|
22-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
c236ebd2 |
|
19-Jul-2016 |
mario.six@gdsys.cc <mario.six@gdsys.cc> |
tools: Fix return code of fit_image_process_sig() When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc>
|
#
1152a05e |
|
03-Jul-2016 |
Simon Glass <sjg@chromium.org> |
tools: Correct error handling in fit_image_process_hash() We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com>
|
#
04a710a5 |
|
11-Aug-2014 |
Heiko Schocher <hs@denx.de> |
tools: fix typo in tools/image-host.c fix a typo in error printf. If FIT_CONFS_PATH is not found print FIT_CONFS_PATH not FIT_IMAGES_PATH. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org>
|
#
ce1400f6 |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1)
|
#
597a8b2c |
|
12-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically expand FDT in more cases The original code did not cover every case and there was a missing negative sign in one case. Expand the coverage and fix the bug. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
a9468115 |
|
02-Jun-2014 |
Simon Glass <sjg@chromium.org> |
mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
29a23f9d |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools, fit_check_sign: verify a signed fit image add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org>
|
#
66b36f83 |
|
02-Mar-2014 |
Heiko Schocher <hs@denx.de> |
tools/image-host: fix sign-images bug property "sign-images" is never found, fix this. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org>
|
#
1a459660 |
|
08-Jul-2013 |
Wolfgang Denk <wd@denx.de> |
Add GPL-2.0+ SPDX-License-Identifier to source files Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com>
|
#
4d098529 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Add support for signing of FIT configurations While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
56518e71 |
|
13-Jun-2013 |
Simon Glass <sjg@chromium.org> |
image: Support signing of images Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
bbb467dc |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
|
#
b7260910 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
|
#
94e5fa46 |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de>
|
#
604f23dd |
|
07-May-2013 |
Simon Glass <sjg@chromium.org> |
image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
|