summaryrefslogtreecommitdiff
path: root/doc/uImage.FIT/signature.txt
AgeCommit message (Collapse)Author
2014-08-09Implement generalised RSA public exponents for verified bootMichael van der Westhuizen
Remove the verified boot limitation that only allows a single RSA public exponent of 65537 (F4). This change allows use with existing PKI infrastructure and has been tested with HSM-based PKI. Change the configuration OF tree format to store the RSA public exponent as a 64 bit integer and implement backward compatibility for verified boot configuration trees without this extra field. Parameterise vboot_test.sh to test different public exponents. Mathematics and other hard work by Andrew Bott. Tested with the following public exponents: 3, 5, 17, 257, 39981, 50457, 65537 and 4294967297. Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com> Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com> Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com> Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com> Cc: Simon Glass <sjg@chromium.org>
2014-06-19Enhance fit_check_sign to check all imagesSimon Glass
At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1)
2014-06-05bootm: make use of legacy image format configurableHeiko Schocher
make the use of legacy image format configurable through the config define CONFIG_IMAGE_FORMAT_LEGACY. When relying on signed FIT images with required signature check the legacy image format should be disabled. Therefore introduce this new define and enable legacy image format if CONFIG_FIT_SIGNATURE is not set. If CONFIG_FIT_SIGNATURE is set disable per default the legacy image format. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Cc: Lars Steubesand <lars.steubesand@philips.com> Cc: Mike Pearce <mike@kaew.be> Cc: Wolfgang Denk <wd@denx.de> Cc: Tom Rini <trini@ti.com> Cc: Michal Simek <monstr@monstr.eu> Acked-by: Simon Glass <sjg@chromium.org>
2014-03-21tools, fit_check_sign: verify a signed fit imageHeiko Schocher
add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org>
2014-03-21rsa: add sha256-rsa2048 algorithmHeiko Schocher
based on patch from andreas@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: Heiko Schocher <hs@denx.de> Cc: andreas@oetken.name Cc: Simon Glass <sjg@chromium.org>
2013-06-26image: Add support for signing of FIT configurationsSimon Glass
While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26image: Add signing infrastructureSimon Glass
Add a structure to describe an algorithm which can sign and (later) verify images. Signed-off-by: Simon Glass <sjg@chromium.org>