uboot-2021-rebase.git - uboot 2021 rebase, to fix booting on modern SD cards, from https://github.com/fifteenhex/u-boot/tree/am335x_som

Age	Commit message (Collapse)	Author
2018-01-15	doc: FIT image: fix incorrect description of DT node unit address	Andre Przywara
	The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the FIT image documentation files where this was not observed, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2017-10-23	doc: verified-boot: fix crypto algorithm examples	Masahiro Yamada
	As you see in crypto_algos in common/image-sig.c, the algorithm should be either "rsa2048" or "rsa4096". "rs2048" is a typo. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2017-08-26	doc: verified-boot: fix typos	Masahiro Yamada
	Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-01-14	mkimage: Add support for signing with pkcs11	George McCollister
	Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com>
2016-04-01	doc: clarify openssl-based key and certificate generation process	Andreas Dannenberg
	Add some basic clarification that the dev.key file generated by OpenSSL contains both the public and private key, and further highlight that the certificate generated here contains the public key only. Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
2014-08-09	Implement generalised RSA public exponents for verified boot	Michael van der Westhuizen
	Remove the verified boot limitation that only allows a single RSA public exponent of 65537 (F4). This change allows use with existing PKI infrastructure and has been tested with HSM-based PKI. Change the configuration OF tree format to store the RSA public exponent as a 64 bit integer and implement backward compatibility for verified boot configuration trees without this extra field. Parameterise vboot_test.sh to test different public exponents. Mathematics and other hard work by Andrew Bott. Tested with the following public exponents: 3, 5, 17, 257, 39981, 50457, 65537 and 4294967297. Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com> Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com> Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com> Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com> Cc: Simon Glass <sjg@chromium.org>
2014-06-19	Enhance fit_check_sign to check all images	Simon Glass
	At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1)
2014-06-05	bootm: make use of legacy image format configurable	Heiko Schocher
	make the use of legacy image format configurable through the config define CONFIG_IMAGE_FORMAT_LEGACY. When relying on signed FIT images with required signature check the legacy image format should be disabled. Therefore introduce this new define and enable legacy image format if CONFIG_FIT_SIGNATURE is not set. If CONFIG_FIT_SIGNATURE is set disable per default the legacy image format. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Cc: Lars Steubesand <lars.steubesand@philips.com> Cc: Mike Pearce <mike@kaew.be> Cc: Wolfgang Denk <wd@denx.de> Cc: Tom Rini <trini@ti.com> Cc: Michal Simek <monstr@monstr.eu> Acked-by: Simon Glass <sjg@chromium.org>
2014-03-21	tools, fit_check_sign: verify a signed fit image	Heiko Schocher
	add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org>
2014-03-21	rsa: add sha256-rsa2048 algorithm	Heiko Schocher
	based on patch from andreas@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: Heiko Schocher <hs@denx.de> Cc: andreas@oetken.name Cc: Simon Glass <sjg@chromium.org>
2013-06-26	image: Add support for signing of FIT configurations	Simon Glass
	While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26	image: Add signing infrastructure	Simon Glass
	Add a structure to describe an algorithm which can sign and (later) verify images. Signed-off-by: Simon Glass <sjg@chromium.org>