image: Add support for signing of FIT configurations
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).
Add support for signing of FIT configurations using the libfdt's region
support.
Please see doc/uImage.FIT/signature.txt for more information.
Signed-off-by: 
Simon Glass <sjg@chromium.org>
Showing
- common/image-sig.c 230 additions, 1 deletioncommon/image-sig.c
- doc/uImage.FIT/sign-configs.its 45 additions, 0 deletionsdoc/uImage.FIT/sign-configs.its
- doc/uImage.FIT/signature.txt 167 additions, 1 deletiondoc/uImage.FIT/signature.txt
- include/image.h 16 additions, 0 deletionsinclude/image.h
- tools/image-host.c 340 additions, 1 deletiontools/image-host.c
Loading
Please register or sign in to comment