24 Jul, 2013
1 commit
-
Signed-off-by: Wolfgang Denk
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini
26 Jun, 2013
4 commits
-
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).Add support for signing of FIT configurations using the libfdt's region
support.Please see doc/uImage.FIT/signature.txt for more information.
Signed-off-by: Simon Glass
-
RSA provides a public key encryption facility which is ideal for image
signing and verification.Images are signed using a private key by mkimage. Then at run-time, the
images are verified using a private key.This implementation uses openssl for the host part (mkimage). To avoid
bringing large libraries into the U-Boot binary, the RSA public key
is encoded using a simple numeric representation in the device tree.Signed-off-by: Simon Glass
-
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.Signed-off-by: Simon Glass
-
Add a structure to describe an algorithm which can sign and (later) verify
images.Signed-off-by: Simon Glass