| #
60bee396 |
| 15-Apr-2025 |
Xuhui Lin <xuhui.lin@rock-chips.com> |
lib: rsa: Add otp revoke pub key support
Change-Id: I73b07c051960813d4e5a8b27ac732672f3bf58b4
Signed-off-by: Xuhui Lin <xuhui.lin@rock-chips.com>
|
| #
8e2679f6 |
| 15-Apr-2025 |
Xuhui Lin <xuhui.lin@rock-chips.com> |
lib: rsa: Add otp disable upgrade support
Change-Id: Ie18df1ab3650eeb6d39c07eadaa2aaa468045e1e
Signed-off-by: Xuhui Lin <xuhui.lin@rock-chips.com>
|
| #
59992cdc |
| 15-Apr-2025 |
Xuhui Lin <xuhui.lin@rock-chips.com> |
lib: rsa: Simplify rsa_burn_key_hash func
Use new implementation misc_otp_write_readback.
Change-Id: I14d7df12ce1cf3de1ff79c20eb211e22ebcd9ac8
Signed-off-by: Xuhui Lin <xuhui.lin@rock-chips.com>
|
| #
cfb52818 |
| 14-Nov-2024 |
Xuhui Lin <xuhui.lin@rock-chips.com> |
lib: rsa: Wait for power supply steady only before OTP write
If secureboot enabled, even burn_key flag exists,
don't need to delay 3s.
Change-Id: I1a93328295d7757346fd8d73d27393565ebd9122
Signed-of
lib: rsa: Wait for power supply steady only before OTP write
If secureboot enabled, even burn_key flag exists,
don't need to delay 3s.
Change-Id: I1a93328295d7757346fd8d73d27393565ebd9122
Signed-off-by: Xuhui Lin <xuhui.lin@rock-chips.com>
show more ...
|
| #
6849cc07 |
| 15-Aug-2024 |
Xuhui Lin <xuhui.lin@rock-chips.com> |
lib: rsa: Add 3s delay before write secure otp
Delay 3 seconds to make sure power supply is steady.
Change-Id: Ieefae68fa52f23efb7315221d425b31650ae0883
Signed-off-by: Xuhui Lin <xuhui.lin@rock-chi
lib: rsa: Add 3s delay before write secure otp
Delay 3 seconds to make sure power supply is steady.
Change-Id: Ieefae68fa52f23efb7315221d425b31650ae0883
Signed-off-by: Xuhui Lin <xuhui.lin@rock-chips.com>
show more ...
|
| #
f8e13adf |
| 01-Apr-2024 |
Xuhui Lin <xuhui.lin@rock-chips.com> |
lib: rsa: Add burn rsa4096 key hash support
1. If burn both flags(0x30ff) into OTP_SECURE_BOOT_ENABLE_ADDR,
0xff will be burned first. If power down happens when burn rsa4096 flag
(0xff is already b
lib: rsa: Add burn rsa4096 key hash support
1. If burn both flags(0x30ff) into OTP_SECURE_BOOT_ENABLE_ADDR,
0xff will be burned first. If power down happens when burn rsa4096 flag
(0xff is already burned), the device becomes bricked.
2. So, fix all OTP_SECURE_BOOT_ENABLE_SIZE from 2 bytes to 1 byte,
only allow to burn 1 byte to open secureboot. Add OTP_RSA4096_ENABLE_ADDR/SIZE
definition used for burn rsa4096 flag.
Change-Id: Ifc9767242bc86fd0cf69ff107b4f557bc3a4fdcd
Signed-off-by: Xuhui Lin <xuhui.lin@rock-chips.com>
show more ...
|
| #
2285b68d |
| 09-Jan-2024 |
Xuhui Lin <xuhui.lin@rock-chips.com> |
lib: rsa: Add burn-key-hash flag check
When enter rsa_burn_key_hash, need to check burn-key-hash flag in
itb first before further ops.
Signed-off-by: Xuhui Lin <xuhui.lin@rock-chips.com>
Change-Id:
lib: rsa: Add burn-key-hash flag check
When enter rsa_burn_key_hash, need to check burn-key-hash flag in
itb first before further ops.
Signed-off-by: Xuhui Lin <xuhui.lin@rock-chips.com>
Change-Id: I87ac5f4a0decaa984445b98e57d3a1fa589d7d56
show more ...
|
| #
b77c257e |
| 19-Oct-2023 |
Xuhui Lin <xuhui.lin@rock-chips.com> |
lib: rsa: Add support for rsa key repair
Signed-off-by: Xuhui Lin <xuhui.lin@rock-chips.com>
Change-Id: I79828d8e268accf2e691f047107b3af3d2b35179
|
| #
c9e2e133 |
| 19-Jun-2023 |
Xuhui Lin <xuhui.lin@rock-chips.com> |
lib: rsa: Add support for rsa4096
Signed-off-by: Xuhui Lin <xuhui.lin@rock-chips.com>
Change-Id: Icdbe40c0a416237b88db80fffa07c61de982516a
|
| #
a1300100 |
| 03-Jan-2023 |
Xuhui Lin <xuhui.lin@rock-chips.com> |
lib: rsa: Fix secure boot check for burn key
Only secure_flags = 0xff means secure boot, other values(like 0xf0) have its special meaning.
Signed-off-by: Xuhui Lin <xuhui.lin@rock-chips.com>
Change
lib: rsa: Fix secure boot check for burn key
Only secure_flags = 0xff means secure boot, other values(like 0xf0) have its special meaning.
Signed-off-by: Xuhui Lin <xuhui.lin@rock-chips.com>
Change-Id: I4fb53d1ce170ba67270b1136d5eecdef09f3ef55
show more ...
|
| #
c2b76562 |
| 29-Mar-2022 |
Joseph Chen <chenjh@rock-chips.com> |
rsa/sig: Compile rsa_burn_key_hash() in SPL only
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Change-Id: Ibe2c198432e75e5aec46f3784a78b215ad46af2f
|
| #
f649b885 |
| 21-Jul-2021 |
Jason Zhu <jason.zhu@rock-chips.com> |
lib: rsa-verify: pass the public key to next stage
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Change-Id: I92f2906981ea14aaabda3b1b7b44574cc157e451
|
| #
9c63859f |
| 23-Dec-2020 |
Jason Zhu <jason.zhu@rock-chips.com> |
lib: rsa-verify: calculate the hash depended on operator size
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Change-Id: I72822a2331afb45a1b291e473cd83f7ce3d627f6
|
| #
bd2c27cc |
| 10-Dec-2020 |
Jason Zhu <jason.zhu@rock-chips.com> |
rsa: read back to check the key hash after writing OTP
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Change-Id: I9cee6e758b487e3947727dc4c68df66ef2c51f67
|
| #
78263d89 |
| 10-Dec-2020 |
Jason Zhu <jason.zhu@rock-chips.com> |
rsa: support write public hash in spl
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Change-Id: I4120d0cad1cb24b45c3b281649e1eba520a11ee2
|
| #
507e6900 |
| 30-Oct-2020 |
Joseph Chen <chenjh@rock-chips.com> |
lib: rsa-verify: require np/c factor if using hardware decrypt
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Change-Id: I2c5a68e86a04f4c65719521ac9aac62297432beb
|
| #
85289e9d |
| 14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
UPSTREAM: rsa: add support of padding pss
We add the support of the padding pss for rsa signature.
This new padding is often recommended instead of pkcs-1.5.
Signed-off-by: Philippe Reynes <philipp
UPSTREAM: rsa: add support of padding pss
We add the support of the padding pss for rsa signature.
This new padding is often recommended instead of pkcs-1.5.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
(cherry picked from commit 061daa0b61f0fbeb214c566f3adb23da05545320)
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Change-Id: I28e5722504bfd0428cd119b2aaae60682a720648
show more ...
|
| #
219050bf |
| 14-Nov-2018 |
Philippe Reynes <philippe.reynes@softathome.com> |
UPSTREAM: rsa: add a structure for the padding
The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framew
UPSTREAM: rsa: add a structure for the padding
The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to manage several padding algorithm.
The choice of the padding is done in the file .its.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
(cherry picked from commit 20031567e12bb312bff95b70767f6275e20f0346)
Conflicts:
common/image-fit.c
lib/rsa/rsa-sign.c
lib/rsa/rsa-verify.c
Change-Id: Ie522fec1ea69e6b86ebde0f7dad91a45670da66b
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
show more ...
|
| #
0fb93272 |
| 07-Jul-2020 |
Joseph Chen <chenjh@rock-chips.com> |
lib: rsa: verify: rename hw_crypto_rsa() => rsa_mod_exp_hw()
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Change-Id: I7164a2001f386b18a0e502be4735be45ed9907f1
|
| #
e1e9b173 |
| 28-Mar-2020 |
Joseph Chen <chenjh@rock-chips.com> |
Merge branch 'next-dev' into thunder-boot
|
| #
008ec9b4 |
| 16-Mar-2020 |
Joseph Chen <chenjh@rock-chips.com> |
lib: rsa: add hardware crypto for FIT image checksum and rsa
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Change-Id: I526dd1b9a2a7e0050786f6006fd166f3dfb3a5c4
|
| #
2d221489 |
| 29-Nov-2016 |
Stefano Babic <sbabic@denx.de> |
Merge branch 'master' of git://git.denx.de/u-boot
Signed-off-by: Stefano Babic <sbabic@denx.de>
|
| #
83dd98e0 |
| 08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Combine image_sig_algo with image_sign_info
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer th
image: Combine image_sig_algo with image_sign_info
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.
Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.
Indirectly adds support for "sha1,rsa4096" signing/verification.
Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
show more ...
|
| #
0c1d74fd |
| 08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
image: Add crypto_algo struct for RSA info
Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checks
image: Add crypto_algo struct for RSA info
Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checksum and crypto algos.
Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
show more ...
|
| #
da29f299 |
| 08-Nov-2016 |
Andrew Duda <aduda@meraki.com> |
rsa: Verify RSA padding programatically
Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SH
rsa: Verify RSA padding programatically
Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SHA/RSA pairings. The padding can be easily computed
according to PKCS#1v2.1 as:
EM = 0x00 || 0x01 || PS || 0x00 || T
where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding
of the hash.
Store DER prefix in checksum_algo and create rsa_verify_padding
function to handle verification of a message for any SHA/RSA pairing.
Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
show more ...
|