Commits · 8ec87df3762f27bbd77fb28474d1e46ad23c9e28 · Jack Humbert / reform-boundary-uboot

Nov 06, 2017

image-sig: use designated initializers for algorithm · 8ec87df3

Masahiro Yamada authored 7 years ago


Designated initializers are more readable because we do not
have to check the order in the struct definitions.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

8ec87df3

Nov 21, 2016

image: Combine image_sig_algo with image_sign_info · 83dd98e0

Andrew Duda authored 8 years ago


Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.

Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.

Indirectly adds support for "sha1,rsa4096" signing/verification.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

83dd98e0

image: Add crypto_algo struct for RSA info · 0c1d74fd

Andrew Duda authored 8 years ago


Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checksum and crypto algos.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

0c1d74fd

rsa: Verify RSA padding programatically · da29f299

Andrew Duda authored 8 years ago


Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SHA/RSA pairings. The padding can be easily computed
according to PKCS#1v2.1 as:

  EM = 0x00 || 0x01 || PS || 0x00 || T

where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding
of the hash.

Store DER prefix in checksum_algo and create rsa_verify_padding
function to handle verification of a message for any SHA/RSA pairing.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

da29f299

Oct 13, 2016

libfdt: Sync fdt_for_each_subnode() with upstream · df87e6b1

Simon Glass authored 8 years ago


The signature for this macro has changed. Bring in the upstream version and
adjust U-Boot's usages to suit.

Signed-off-by: Simon Glass <sjg@chromium.org>
Update to drivers/power/pmic/palmas.c:
Signed-off-by: Keerthy <j-keerthy@ti.com>

Change-Id: I6cc9021339bfe686f9df21d61a1095ca2b3776e8

df87e6b1

Feb 16, 2015

image: Convert to use fdt_for_each_subnode macro · 364ac5b5

Axel Lin authored 10 years ago


Use fdt_for_each_subnode macro to simplify the code a bit.

Signed-off-by: Axel Lin <axel.lin@ingics.com>
Acked-by: Simon Glass <sjg@chromium.org>

364ac5b5

Jan 30, 2015

rsa: Use checksum algorithms from struct hash_algo · b37b46f0

Ruchika Gupta authored 10 years ago


Currently the hash functions used in RSA are called directly from the sha1
and sha256 libraries. Change the RSA checksum library to use the progressive
hash API's registered with struct hash_algo. This will allow the checksum
library to use the hardware accelerated progressive hash API's once available.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
(Fixed build error in am335x_boneblack_vboot due to duplicate CONFIG_DM)

Change-Id: Ic44279432f88d4e8594c6e94feb1cfcae2443a54

b37b46f0

Jun 19, 2014

includes: move openssl headers to include/u-boot · 2b9912e6

Jeroen Hofstee authored 10 years ago


commit 18b06652 "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>

2b9912e6

Reverse the meaning of the fit_config_verify() return code · 12df2abe

Simon Glass authored 10 years ago


It is more common to have 0 mean OK, and -ve mean error. Change this
function to work the same way to avoid confusion.

Signed-off-by: Simon Glass <sjg@chromium.org>

12df2abe

Mar 21, 2014

tools, fit_check_sign: verify a signed fit image · 29a23f9d

Heiko Schocher authored 11 years ago


add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>

29a23f9d

rsa: add sha256,rsa4096 algorithm · db1b5f3d

Heiko Schocher authored 11 years ago


Add support for sha256,rsa4096 signatures in u-boot.

Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
Cc: andreas@oetken.name

db1b5f3d

rsa: add sha256-rsa2048 algorithm · 646257d1

Heiko Schocher authored 11 years ago

based on patch from andreas@oetken.name:

http://patchwork.ozlabs.org/patch/294318/


commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.

aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: andreas@oetken.name
Cc: Simon Glass <sjg@chromium.org>

646257d1

Jul 24, 2013

Add GPL-2.0+ SPDX-License-Identifier to source files · 1a459660

Wolfgang Denk authored 11 years ago


Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>

1a459660

Jun 26, 2013

image: Add support for signing of FIT configurations · 4d098529

Simon Glass authored 11 years ago


While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).

Add support for signing of FIT configurations using the libfdt's region
support.

Please see doc/uImage.FIT/signature.txt for more information.

Signed-off-by: Simon Glass <sjg@chromium.org>

4d098529

image: Add RSA support for image signing · 19c402af

Simon Glass authored 11 years ago


RSA provides a public key encryption facility which is ideal for image
signing and verification.

Images are signed using a private key by mkimage. Then at run-time, the
images are verified using a private key.

This implementation uses openssl for the host part (mkimage). To avoid
bringing large libraries into the U-Boot binary, the RSA public key
is encoded using a simple numeric representation in the device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>

19c402af

image: Support signing of images · 56518e71

Simon Glass authored 11 years ago


Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.

Signed-off-by: Simon Glass <sjg@chromium.org>

56518e71

image: Add signing infrastructure · 3e569a6b

Simon Glass authored 11 years ago


Add a structure to describe an algorithm which can sign and (later) verify
images.

Signed-off-by: Simon Glass <sjg@chromium.org>

3e569a6b

Oct 26, 2012

arm: Remove support for NETARM · b411eb30

Marek Vasut authored 12 years ago


This stuff has been rotting in the tree for a while now. Remove it.

Signed-off-by: Marek Vasut <marex@denx.de>

b411eb30

Sep 07, 2011

ARM: remove broken "impa7" board. · c1f8750f

Wolfgang Denk authored 13 years ago


Signed-off-by: Wolfgang Denk <wd@denx.de>
Cc: Albert ARIBAUD <albert.u.boot@aribaud.net>
Cc: Marius Gröger <mag@sysgo.de>

c1f8750f

ARM: remove broken "ep7312" board. · c8f63b41

Wolfgang Denk authored 13 years ago


Signed-off-by: Wolfgang Denk <wd@denx.de>
Cc: Albert ARIBAUD <albert.u.boot@aribaud.net>
Cc: Marius Gröger <mag@sysgo.de>

c8f63b41

Apr 13, 2010

Move architecture-specific includes to arch/$ARCH/include/asm · 819833af

Peter Tyser authored 14 years ago

This helps to clean up the include/ directory so that it only contains
non-architecture-specific headers and also matches Linux's directory
layout which many U-Boot developers are already familiar with.

Signed-off-by: Peter Tyser <ptyser@xes-inc.com>

819833af

Replace "#include <asm-$ARCH/$FILE>" with "#include <asm/$FILE>" · 61f2b38a

Peter Tyser authored 14 years ago


The appropriate include/asm-$ARCH directory should already by symlinked
to include/asm so using the whole "asm-$ARCH" path is unnecessary.

This change should also allow us to move the include/asm-$ARCH
directories into their appropriate lib/$ARCH/ directories.

Signed-off-by: Peter Tyser <ptyser@xes-inc.com>

61f2b38a

Mar 29, 2009
- s3c4510b: move specific code to soc directory · 281dfb0c
  Jean-Christophe PLAGNIOL-VILLARD authored 15 years ago
  
  Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
  281dfb0c
May 09, 2007
- New board SMN42 branch · b0d8f5bf
  Peter Pearse authored 17 years ago
  
  b0d8f5bf
Jan 24, 2007
- Add port for the lpc2292sodimm evaluation board from EmbeddedArtists · 6bd2447e
  Gary Jennejohn authored 18 years ago
  
  6bd2447e
Oct 06, 2005
- Update make target for ARM supported boards. · 87cb6862
  Wolfgang Denk authored 19 years ago
  
  Use lowlevel_init() instead of platformsetup() [rename]. Patch by Peter Pearse, 06 Oct 2005
  87cb6862
Sep 25, 2005
- Add board support for armadillo HT1070 · c570b2fd
  Wolfgang Denk authored 19 years ago
  
  Patch by Rowel Atienza, 06 Apr 2005
  c570b2fd
Jul 01, 2004

* Code cleanup (ARM mostly) · 39539887

Wolfgang Denk authored 20 years ago

* Patch by Curt Brune, 17 May 2004:
  - Add support for Samsung S3C4510B CPU (ARM7tdmi based SoC)
  - Add support for ESPD-Inc. EVB4510 Board

39539887

Jun 19, 2004

Patch by Josef Wagner, 04 Jun 2004: · 49822e23

Wolfgang Denk authored 20 years ago

- DDR Ram support for PM520 (MPC5200)
- support for different flash types (PM520)
- USB / IDE / CF-Card / DiskOnChip support for PM520
- 8 bit boot rom support for PM520/CE520
- Add auto SDRAM module detection for MicroSys CPC45 board (MPC8245)
- I2C and RTC support for CPC45
- support of new flash type (28F160C3T) for CPC45

49822e23

Apr 18, 2004

* Temporarily disabled John Kerl's extended MII command code because · e35745bb

Wolfgang Denk authored 20 years ago

  "miivals.h" is missing

* Patches by Mark Jonas, 13 Apr 2004:
  - Remove CS0 chip select timing setting from cpu/mpc5xxx/start.S
  - Add sync instructions to IceCube SDRAM init code
  - Move SDRAM chip constants into seperate include files
  - Unify DDR and SDR initialization code
  - Unify all IceCube (Lite5xxx) target names

e35745bb

Jul 16, 2003
- * Add support for IceCube board (with MGT5100 and MPC5200 CPUs) · 945af8d7
  Wolfgang Denk authored 21 years ago
  
  * Add support for MGT5100 and MPC5200 processors
  945af8d7
Jul 14, 2003

* Patches by Yuli Barcohen, 13 Jul 2003: · 8564acf9

Wolfgang Denk authored 21 years ago

  - Correct flash and JFFS2 support for MPC8260ADS
  - fix PVR values and clock generation for PowerQUICC II family
    (8270/8275/8280)

* Patch by Bernhard Kuhn, 08 Jul 2003:
  - add support for M68K targets

* Patch by Ken Chou, 3 Jul:
  - Fix PCI config table for A3000
  - Fix iobase for natsemi.c
    (PCI_BASE_ADDRESS_0 is the IO base register for DP83815)

* Allow to enable "slow" POST routines by key press on power-on
* Fix temperature dependend switching of LCD backlight on LWMON
* Tweak output format for LWMON

8564acf9

Nov 12, 2000
- Initial revision · fb48c4af
  Wolfgang Denk authored 24 years ago
  
  fb48c4af