-
- Downloads
Implement generalised RSA public exponents for verified boot
Remove the verified boot limitation that only allows a single RSA public exponent of 65537 (F4). This change allows use with existing PKI infrastructure and has been tested with HSM-based PKI. Change the configuration OF tree format to store the RSA public exponent as a 64 bit integer and implement backward compatibility for verified boot configuration trees without this extra field. Parameterise vboot_test.sh to test different public exponents. Mathematics and other hard work by Andrew Bott. Tested with the following public exponents: 3, 5, 17, 257, 39981, 50457, 65537 and 4294967297. Signed-off-by:Andrew Bott <Andrew.Bott@ipaccess.com> Signed-off-by:
Andrew Wishart <Andrew.Wishart@ipaccess.com> Signed-off-by:
Neil Piercy <Neil.Piercy@ipaccess.com> Signed-off-by:
Michael van der Westhuizen <michael@smart-africa.com> Cc: Simon Glass <sjg@chromium.org>
Showing
- doc/uImage.FIT/signature.txt 3 additions, 1 deletiondoc/uImage.FIT/signature.txt
- include/u-boot/rsa.h 1 addition, 0 deletionsinclude/u-boot/rsa.h
- lib/rsa/rsa-sign.c 57 additions, 3 deletionslib/rsa/rsa-sign.c
- lib/rsa/rsa-verify.c 88 additions, 5 deletionslib/rsa/rsa-verify.c
- test/vboot/vboot_test.sh 9 additions, 1 deletiontest/vboot/vboot_test.sh
Loading
Please register or sign in to comment