01 Apr, 2020
3 commits
-
These are used in multiple places so update them to use a shared #define.
Signed-off-by: Simon Glass
Reviewed-by: Philippe Reynes -
It is currently possible to use a different configuration's signature and
thus bypass the configuration check. Make sure that the configuration node
that was hashed matches the one being checked, to catch this problem.Also add a proper function comment to fit_config_check_sig() and make it
static.Signed-off-by: Simon Glass
-
This function only returns an error message sometimes. Update it to always
return an error message if one is available. This makes it easier to see
what went wrong.Signed-off-by: Simon Glass
24 Oct, 2019
1 commit
-
This patch adds manual relocation for struct checksum_algo & struct
crypto_algo structures.Signed-off-by: T Karthik Reddy
Signed-off-by: Siva Durga Prasad Paladugu
Signed-off-by: Michal Simek
21 Jun, 2019
1 commit
-
Previously we would store NULL in info->padding and jump to an illegal
instruction if an unknown value for "padding" was specified in the
device tree.Signed-off-by: Patrick Doyle
03 Dec, 2018
2 commits
-
We add the support of the padding pss for rsa signature.
This new padding is often recommended instead of pkcs-1.5.Signed-off-by: Philippe Reynes
Reviewed-by: Simon Glass -
The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to manage several padding algorithm.
The choice of the padding is done in the file .its.Signed-off-by: Philippe Reynes
Reviewed-by: Simon Glass
17 Nov, 2018
1 commit
-
A specially crafted FIT image leads to memory corruption in the stack
when using the verified boot feature. The function fit_config_check_sig
has a logic error that makes it possible to write past the end of the
stack allocated array node_inc. This could potentially be used to bypass
the signature check when using verified boot.This change ensures that the number of strings is correct when counted.
Signed-off-by: Konrad Beckmann
Reviewed-by: Simon Glass
11 Jul, 2018
2 commits
-
The hashed-strings signature property includes two uint32_t values.
The first is unneeded as there should never be a start offset into the
strings region. The second, the size, is needed because the added
signature node appends to this region.See tools/image-host.c, where a static 0 value is used for the offset.
Signed-off-by: Teddy Reed
Reviewed-by: Simon Glass -
This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.Suggested-by: Simon Glass
Signed-off-by: Teddy Reed
Reviewed-by: Simon Glass
07 May, 2018
1 commit
-
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.Signed-off-by: Tom Rini
16 Jan, 2018
1 commit
-
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the tree where node names were mentioned in
comments, to not give bad examples to the reader.Signed-off-by: Andre Przywara
06 Nov, 2017
1 commit
-
Designated initializers are more readable because we do not
have to check the order in the struct definitions.Signed-off-by: Masahiro Yamada
Reviewed-by: Simon Glass
22 Nov, 2016
3 commits
-
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.Indirectly adds support for "sha1,rsa4096" signing/verification.
Signed-off-by: Andrew Duda
Signed-off-by: aduda
Reviewed-by: Simon Glass -
Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checksum and crypto algos.Signed-off-by: Andrew Duda
Signed-off-by: aduda
Reviewed-by: Simon Glass -
Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SHA/RSA pairings. The padding can be easily computed
according to PKCS#1v2.1 as:EM = 0x00 || 0x01 || PS || 0x00 || T
where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding
of the hash.Store DER prefix in checksum_algo and create rsa_verify_padding
function to handle verification of a message for any SHA/RSA pairing.Signed-off-by: Andrew Duda
Signed-off-by: aduda
Reviewed-by: Simon Glass
14 Oct, 2016
1 commit
-
The signature for this macro has changed. Bring in the upstream version and
adjust U-Boot's usages to suit.Signed-off-by: Simon Glass
Update to drivers/power/pmic/palmas.c:
Signed-off-by: KeerthyChange-Id: I6cc9021339bfe686f9df21d61a1095ca2b3776e8
17 Feb, 2015
1 commit
-
Use fdt_for_each_subnode macro to simplify the code a bit.
Signed-off-by: Axel Lin
Acked-by: Simon Glass
30 Jan, 2015
1 commit
-
Currently the hash functions used in RSA are called directly from the sha1
and sha256 libraries. Change the RSA checksum library to use the progressive
hash API's registered with struct hash_algo. This will allow the checksum
library to use the hardware accelerated progressive hash API's once available.Signed-off-by: Ruchika Gupta
CC: Simon Glass
Acked-by: Simon Glass
Signed-off-by: Simon Glass
(Fixed build error in am335x_boneblack_vboot due to duplicate CONFIG_DM)Change-Id: Ic44279432f88d4e8594c6e94feb1cfcae2443a54
19 Jun, 2014
2 commits
-
commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.cc: Simon Glass
Signed-off-by: Jeroen Hofstee -
It is more common to have 0 mean OK, and -ve mean error. Change this
function to work the same way to avoid confusion.Signed-off-by: Simon Glass
22 Mar, 2014
3 commits
-
add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.Signed-off-by: Heiko Schocher
Cc: Simon Glass -
Add support for sha256,rsa4096 signatures in u-boot.
Signed-off-by: Heiko Schocher
Acked-by: Simon Glass
Cc: andreas@oetken.name -
based on patch from andreas@oetken.name:
http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current headSigned-off-by: Heiko Schocher
Cc: andreas@oetken.name
Cc: Simon Glass
24 Jul, 2013
1 commit
-
Signed-off-by: Wolfgang Denk
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini
26 Jun, 2013
4 commits
-
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).Add support for signing of FIT configurations using the libfdt's region
support.Please see doc/uImage.FIT/signature.txt for more information.
Signed-off-by: Simon Glass
-
RSA provides a public key encryption facility which is ideal for image
signing and verification.Images are signed using a private key by mkimage. Then at run-time, the
images are verified using a private key.This implementation uses openssl for the host part (mkimage). To avoid
bringing large libraries into the U-Boot binary, the RSA public key
is encoded using a simple numeric representation in the device tree.Signed-off-by: Simon Glass
-
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.Signed-off-by: Simon Glass
-
Add a structure to describe an algorithm which can sign and (later) verify
images.Signed-off-by: Simon Glass