u-boot.git/doc/uImage.FIT, branch v2015.01 Unnamed repository; edit this file 'description' to name the repository. x86: Support loading kernel setup from a FIT 2014-10-22T15:03:06+00:00 Simon Glass sjg@chromium.org 2014-10-20T03:11:24+00:00 90268b878bd830f2fc9b1e225d96009efe331cd1 Add a new setup@ section to the FIT which can be used to provide a setup binary for booting Linux on x86. This makes it possible to boot x86 from a FIT. Signed-off-by: Simon Glass <sjg@chromium.org> 
Add a new setup@ section to the FIT which can be used to provide a setup
binary for booting Linux on x86. This makes it possible to boot x86 from
a FIT.

Signed-off-by: Simon Glass <sjg@chromium.org>
doc: Tidy up and update part of the FIT documentation 2014-10-22T15:03:06+00:00 Simon Glass sjg@chromium.org 2014-10-20T03:11:23+00:00 381197788dbf8bb94f96ec9e03b6b81618187260 This uses cfg instead of conf, and img instead of image. Fix these and update in a few other places. Signed-off-by: Simon Glass <sjg@chromium.org> 
This uses cfg instead of conf, and img instead of image. Fix these and
update in a few other places.

Signed-off-by: Simon Glass <sjg@chromium.org>
Implement generalised RSA public exponents for verified boot 2014-08-09T15:17:01+00:00 Michael van der Westhuizen michael@smart-africa.com 2014-07-02T08:17:26+00:00 e0f2f15534146729fdf2ce58b740121fd67eea1c Remove the verified boot limitation that only allows a single RSA public exponent of 65537 (F4). This change allows use with existing PKI infrastructure and has been tested with HSM-based PKI. Change the configuration OF tree format to store the RSA public exponent as a 64 bit integer and implement backward compatibility for verified boot configuration trees without this extra field. Parameterise vboot_test.sh to test different public exponents. Mathematics and other hard work by Andrew Bott. Tested with the following public exponents: 3, 5, 17, 257, 39981, 50457, 65537 and 4294967297. Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com> Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com> Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com> Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com> Cc: Simon Glass <sjg@chromium.org> 
Remove the verified boot limitation that only allows a single
RSA public exponent of 65537 (F4).  This change allows use with
existing PKI infrastructure and has been tested with HSM-based
PKI.

Change the configuration OF tree format to store the RSA public
exponent as a 64 bit integer and implement backward compatibility
for verified boot configuration trees without this extra field.

Parameterise vboot_test.sh to test different public exponents.

Mathematics and other hard work by Andrew Bott.

Tested with the following public exponents: 3, 5, 17, 257, 39981,
50457, 65537 and 4294967297.

Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com>
Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com>
Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com>
Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Cc: Simon Glass <sjg@chromium.org>
Add documentation for verified boot on Beaglebone Black 2014-06-19T15:19:03+00:00 Simon Glass sjg@chromium.org 2014-06-12T13:24:54+00:00 c7320ed52f8e71eeadcf6b36c818b7b39321f8d4 As an example of an end-to-end process for using verified boot in U-Boot, add a detailed description of the steps to be used for a Beaglebone Black. Signed-off-by: Simon Glass <sjg@chromium.org> 
As an example of an end-to-end process for using verified boot in U-Boot,
add a detailed description of the steps to be used for a Beaglebone
Black.

Signed-off-by: Simon Glass <sjg@chromium.org>
Enhance fit_check_sign to check all images 2014-06-19T15:19:02+00:00 Simon Glass sjg@chromium.org 2014-06-12T13:24:53+00:00 ce1400f6949bbfec01fe381a844b14844cb3be12 At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1) 
At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)
bootm: make use of legacy image format configurable 2014-06-05T18:44:56+00:00 Heiko Schocher hs@denx.de 2014-05-28T09:33:33+00:00 21d29f7f9f4888a4858b58b368ae7cf8783a6ebf make the use of legacy image format configurable through the config define CONFIG_IMAGE_FORMAT_LEGACY. When relying on signed FIT images with required signature check the legacy image format should be disabled. Therefore introduce this new define and enable legacy image format if CONFIG_FIT_SIGNATURE is not set. If CONFIG_FIT_SIGNATURE is set disable per default the legacy image format. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Cc: Lars Steubesand <lars.steubesand@philips.com> Cc: Mike Pearce <mike@kaew.be> Cc: Wolfgang Denk <wd@denx.de> Cc: Tom Rini <trini@ti.com> Cc: Michal Simek <monstr@monstr.eu> Acked-by: Simon Glass <sjg@chromium.org> 
make the use of legacy image format configurable through
the config define CONFIG_IMAGE_FORMAT_LEGACY.

When relying on signed FIT images with required signature check
the legacy image format should be disabled. Therefore introduce
this new define and enable legacy image format if CONFIG_FIT_SIGNATURE
is not set. If CONFIG_FIT_SIGNATURE is set disable per default
the legacy image format.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Lars Steubesand <lars.steubesand@philips.com>
Cc: Mike Pearce <mike@kaew.be>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Tom Rini <trini@ti.com>
Cc: Michal Simek <monstr@monstr.eu>
Acked-by: Simon Glass <sjg@chromium.org>
FDT: Fix DTC repository references 2014-06-05T18:44:56+00:00 Jon Loeliger jon.loeliger@oracle.com 2014-05-27T14:12:48+00:00 5f65826b1bbe155d839db7c92dca4653f0dcf025 The Device Tree Compiler (DTC) used to have its master repository located on jdl.com. While it is still there, its official, new, shiny location is on kernel.org here: git://git.kernel.org/pub/scm/utils/dtc/dtc.git Update a few references to point there instead. Signed-off-by: Jon Loeliger <jdl@jdl.com> Acked-by: Simon Glass <sjg@chromium.org> 
The Device Tree Compiler (DTC) used to have its master
repository located on jdl.com.  While it is still there,
its official, new, shiny location is on kernel.org here:

    git://git.kernel.org/pub/scm/utils/dtc/dtc.git

Update a few references to point there instead.

Signed-off-by: Jon Loeliger <jdl@jdl.com>
Acked-by: Simon Glass <sjg@chromium.org>
tools, fit_check_sign: verify a signed fit image 2014-03-21T20:40:38+00:00 Heiko Schocher hs@denx.de 2014-03-03T11:19:30+00:00 29a23f9d6c533f8371be3ae0268c4c75866291b2 add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> 
add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
rsa: add sha256-rsa2048 algorithm 2014-03-21T20:39:34+00:00 Heiko Schocher hs@denx.de 2014-03-03T11:19:26+00:00 646257d1f4004855d486024527a4784bf57c4c4d based on patch from andreas@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: Heiko Schocher <hs@denx.de> Cc: andreas@oetken.name Cc: Simon Glass <sjg@chromium.org> 
based on patch from andreas@oetken.name:

http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.

aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: andreas@oetken.name
Cc: Simon Glass <sjg@chromium.org>
cosmetic: uImage.FIT: fix documents 2014-01-17T13:04:32+00:00 Masahiro Yamada yamada.m@jp.panasonic.com 2014-01-16T02:05:23+00:00 09b72d692f4bce6716a255433b93c9ae2c4cc315 - Fix the path to source_file_format.txt - Fix a minor typo - Fix the type for FIT blob: it must be "flat_dt" Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com> 
- Fix the path to source_file_format.txt
  - Fix a minor typo
  - Fix the type for FIT blob: it must be "flat_dt"

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>