UPSTREAM: doc: verified-boot: fix crypto algorithm examples

As you see in crypto_algos in common/image-sig.c, the algorithm
should be either "rsa2048" or "rsa4096". "rs2048" is a typo.

Change-Id:

UPSTREAM: doc: verified-boot: fix crypto algorithm examples

As you see in crypto_algos in common/image-sig.c, the algorithm
should be either "rsa2048" or "rsa4096". "rs2048" is a typo.

Change-Id: I35cc5c126fc0129eb35de1a6652d64c0e645cbe9
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
(cherry picked from commit 6af5520fe13d81ccd4ec4f7234a8d7a2426c2bd6)

show more ...

doc: verified-boot: fix typos

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

mkimage: Add support for signing with pkcs11

Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, e

mkimage: Add support for signing with pkcs11

Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>

show more ...

doc: clarify openssl-based key and certificate generation process

Add some basic clarification that the dev.key file generated by OpenSSL
contains both the public and private key, and further highli

doc: clarify openssl-based key and certificate generation process

Add some basic clarification that the dev.key file generated by OpenSSL
contains both the public and private key, and further highlight that
the certificate generated here contains the public key only.

Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>

show more ...

Implement generalised RSA public exponents for verified boot

Remove the verified boot limitation that only allows a single
RSA public exponent of 65537 (F4). This change allows use with
existing PK

Implement generalised RSA public exponents for verified boot

Remove the verified boot limitation that only allows a single
RSA public exponent of 65537 (F4). This change allows use with
existing PKI infrastructure and has been tested with HSM-based
PKI.

Change the configuration OF tree format to store the RSA public
exponent as a 64 bit integer and implement backward compatibility
for verified boot configuration trees without this extra field.

Parameterise vboot_test.sh to test different public exponents.

Mathematics and other hard work by Andrew Bott.

Tested with the following public exponents: 3, 5, 17, 257, 39981,
50457, 65537 and 4294967297.

Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com>
Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com>
Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com>
Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Cc: Simon Glass <sjg@chromium.org>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot

Signed-off-by: Stefano Babic <sbabic@denx.de>

Conflicts:
boards.cfg

Merge branch 'u-boot/master' into 'u-boot-arm/master'

Enhance fit_check_sign to check all images

At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.

Sig

Enhance fit_check_sign to check all images

At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)

show more ...

bootm: make use of legacy image format configurable

make the use of legacy image format configurable through
the config define CONFIG_IMAGE_FORMAT_LEGACY.

When relying on signed FIT images with req

bootm: make use of legacy image format configurable

make the use of legacy image format configurable through
the config define CONFIG_IMAGE_FORMAT_LEGACY.

When relying on signed FIT images with required signature check
the legacy image format should be disabled. Therefore introduce
this new define and enable legacy image format if CONFIG_FIT_SIGNATURE
is not set. If CONFIG_FIT_SIGNATURE is set disable per default
the legacy image format.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Lars Steubesand <lars.steubesand@philips.com>
Cc: Mike Pearce <mike@kaew.be>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Tom Rini <trini@ti.com>
Cc: Michal Simek <monstr@monstr.eu>
Acked-by: Simon Glass <sjg@chromium.org>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot-arm

Merge branch 'u-boot/master'

Conflicts:
drivers/net/Makefile

(trivial merge)

Merge branch 'next'

tools, fit_check_sign: verify a signed fit image

add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chr

tools, fit_check_sign: verify a signed fit image

add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>

show more ...

rsa: add sha256-rsa2048 algorithm

based on patch from andreas@oetken.name:

http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and

rsa: add sha256-rsa2048 algorithm

based on patch from andreas@oetken.name:

http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.

aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: andreas@oetken.name
Cc: Simon Glass <sjg@chromium.org>

show more ...

image: Add support for signing of FIT configurations

While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a

image: Add support for signing of FIT configurations

While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).

Add support for signing of FIT configurations using the libfdt's region
support.

Please see doc/uImage.FIT/signature.txt for more information.

Signed-off-by: Simon Glass <sjg@chromium.org>

show more ...

image: Add signing infrastructure

Add a structure to describe an algorithm which can sign and (later) verify
images.

Signed-off-by: Simon Glass <sjg@chromium.org>