u-boot.git/doc/uImage.FIT, branch v2014.07 Unnamed repository; edit this file 'description' to name the repository. Add documentation for verified boot on Beaglebone Black 2014-06-19T15:19:03+00:00 Simon Glass sjg@chromium.org 2014-06-12T13:24:54+00:00 c7320ed52f8e71eeadcf6b36c818b7b39321f8d4 As an example of an end-to-end process for using verified boot in U-Boot, add a detailed description of the steps to be used for a Beaglebone Black. Signed-off-by: Simon Glass <sjg@chromium.org> 
As an example of an end-to-end process for using verified boot in U-Boot,
add a detailed description of the steps to be used for a Beaglebone
Black.

Signed-off-by: Simon Glass <sjg@chromium.org>
Enhance fit_check_sign to check all images 2014-06-19T15:19:02+00:00 Simon Glass sjg@chromium.org 2014-06-12T13:24:53+00:00 ce1400f6949bbfec01fe381a844b14844cb3be12 At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) 
At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)
bootm: make use of legacy image format configurable 2014-06-05T18:44:56+00:00 Heiko Schocher hs@denx.de 2014-05-28T09:33:33+00:00 21d29f7f9f4888a4858b58b368ae7cf8783a6ebf make the use of legacy image format configurable through the config define CONFIG_IMAGE_FORMAT_LEGACY. When relying on signed FIT images with required signature check the legacy image format should be disabled. Therefore introduce this new define and enable legacy image format if CONFIG_FIT_SIGNATURE is not set. If CONFIG_FIT_SIGNATURE is set disable per default the legacy image format. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Cc: Lars Steubesand <lars.steubesand@philips.com> Cc: Mike Pearce <mike@kaew.be> Cc: Wolfgang Denk <wd@denx.de> Cc: Tom Rini <trini@ti.com> Cc: Michal Simek <monstr@monstr.eu> Acked-by: Simon Glass <sjg@chromium.org> 
make the use of legacy image format configurable through
the config define CONFIG_IMAGE_FORMAT_LEGACY.

When relying on signed FIT images with required signature check
the legacy image format should be disabled. Therefore introduce
this new define and enable legacy image format if CONFIG_FIT_SIGNATURE
is not set. If CONFIG_FIT_SIGNATURE is set disable per default
the legacy image format.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Lars Steubesand <lars.steubesand@philips.com>
Cc: Mike Pearce <mike@kaew.be>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Tom Rini <trini@ti.com>
Cc: Michal Simek <monstr@monstr.eu>
Acked-by: Simon Glass <sjg@chromium.org>
FDT: Fix DTC repository references 2014-06-05T18:44:56+00:00 Jon Loeliger jon.loeliger@oracle.com 2014-05-27T14:12:48+00:00 5f65826b1bbe155d839db7c92dca4653f0dcf025 The Device Tree Compiler (DTC) used to have its master repository located on jdl.com. While it is still there, its official, new, shiny location is on kernel.org here: git://git.kernel.org/pub/scm/utils/dtc/dtc.git Update a few references to point there instead. Signed-off-by: Jon Loeliger <jdl@jdl.com> Acked-by: Simon Glass <sjg@chromium.org> 
The Device Tree Compiler (DTC) used to have its master
repository located on jdl.com.  While it is still there,
its official, new, shiny location is on kernel.org here:

    git://git.kernel.org/pub/scm/utils/dtc/dtc.git

Update a few references to point there instead.

Signed-off-by: Jon Loeliger <jdl@jdl.com>
Acked-by: Simon Glass <sjg@chromium.org>
tools, fit_check_sign: verify a signed fit image 2014-03-21T20:40:38+00:00 Heiko Schocher hs@denx.de 2014-03-03T11:19:30+00:00 29a23f9d6c533f8371be3ae0268c4c75866291b2 add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> 
add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
rsa: add sha256-rsa2048 algorithm 2014-03-21T20:39:34+00:00 Heiko Schocher hs@denx.de 2014-03-03T11:19:26+00:00 646257d1f4004855d486024527a4784bf57c4c4d based on patch from andreas@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: Heiko Schocher <hs@denx.de> Cc: andreas@oetken.name Cc: Simon Glass <sjg@chromium.org> 
based on patch from andreas@oetken.name:

http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.

aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: andreas@oetken.name
Cc: Simon Glass <sjg@chromium.org>
cosmetic: uImage.FIT: fix documents 2014-01-17T13:04:32+00:00 Masahiro Yamada yamada.m@jp.panasonic.com 2014-01-16T02:05:23+00:00 09b72d692f4bce6716a255433b93c9ae2c4cc315 - Fix the path to source_file_format.txt - Fix a minor typo - Fix the type for FIT blob: it must be "flat_dt" Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com> 
- Fix the path to source_file_format.txt
  - Fix a minor typo
  - Fix the type for FIT blob: it must be "flat_dt"

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
cosmetic: doc: uImage.FIT: fix typos 2013-09-20T14:30:53+00:00 Masahiro Yamada yamada.m@jp.panasonic.com 2013-09-13T11:28:21+00:00 61ffc17aeb0883bd59ced1f1589221242e8c689f Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com> Acked-by: Simon Glass <sjg@chromium.org> 
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Simon Glass <sjg@chromium.org>
Add verified boot information and test 2013-06-26T14:18:57+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:11+00:00 041bca5ba3adb48750d0a438cb3b1356a0c2e603 Add a description of how to implement verified boot using signed FIT images, and a simple test which verifies operation on sandbox. The test signs a FIT image and verifies it, then signs a FIT configuration and verifies it. Then it corrupts the signature to check that this is detected. Signed-off-by: Simon Glass <sjg@chromium.org> 
Add a description of how to implement verified boot using signed FIT images,
and a simple test which verifies operation on sandbox.

The test signs a FIT image and verifies it, then signs a FIT configuration
and verifies it. Then it corrupts the signature to check that this is
detected.

Signed-off-by: Simon Glass <sjg@chromium.org>
image: Add support for signing of FIT configurations 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:09+00:00 4d0985295bbb50a952f4312c0a818cd89b8ee7aa While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> 
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).

Add support for signing of FIT configurations using the libfdt's region
support.

Please see doc/uImage.FIT/signature.txt for more information.

Signed-off-by: Simon Glass <sjg@chromium.org>