u-boot.git/doc, branch v2013.07-rc2 Unnamed repository; edit this file 'description' to name the repository. cmd_bootm: Add command line arguments to Plan 9 2013-06-26T14:25:22+00:00 Steven Stallion sstallion@gmail.com 2013-06-10T08:00:09+00:00 eeaef5e4305497537bd47308724de39c7d6cbf19 This patch introduces support for command line arguments to Plan 9. Plan 9 generally dedicates a small region of kernel memory (known as CONFADDR) for runtime configuration. A new environment variable named confaddr was introduced to indicate this location when copying arguments. Signed-off-by: Steven Stallion <sstallion@gmail.com> [trini: Adapt for Simon's changes about correcting argc, no need to bump by 2 now] Signed-off-by: Tom Rini <trini@ti.com> 
This patch introduces support for command line arguments to Plan 9.
Plan 9 generally dedicates a small region of kernel memory (known
as CONFADDR) for runtime configuration.  A new environment variable
named confaddr was introduced to indicate this location when copying
arguments.

Signed-off-by: Steven Stallion <sstallion@gmail.com>
[trini: Adapt for Simon's changes about correcting argc, no need to bump
by 2 now]
Signed-off-by: Tom Rini <trini@ti.com>
Add verified boot information and test 2013-06-26T14:18:57+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:11+00:00 041bca5ba3adb48750d0a438cb3b1356a0c2e603 Add a description of how to implement verified boot using signed FIT images, and a simple test which verifies operation on sandbox. The test signs a FIT image and verifies it, then signs a FIT configuration and verifies it. Then it corrupts the signature to check that this is detected. Signed-off-by: Simon Glass <sjg@chromium.org> 
Add a description of how to implement verified boot using signed FIT images,
and a simple test which verifies operation on sandbox.

The test signs a FIT image and verifies it, then signs a FIT configuration
and verifies it. Then it corrupts the signature to check that this is
detected.

Signed-off-by: Simon Glass <sjg@chromium.org>
image: Add support for signing of FIT configurations 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:09+00:00 4d0985295bbb50a952f4312c0a818cd89b8ee7aa While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> 
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).

Add support for signing of FIT configurations using the libfdt's region
support.

Please see doc/uImage.FIT/signature.txt for more information.

Signed-off-by: Simon Glass <sjg@chromium.org>
mkimage: Add -r option to specify keys that must be verified 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:07+00:00 399c744b22459585dc2dda2cb7353b3026e28e18 Normally, multiple public keys can be provided and U-Boot is not required to use all of them for verification. This is because some images may not be signed, or may be optionally signed. But we still need a mechanism to determine when a key must be used. This feature cannot be implemented in the FIT itself, since anyone could change it to mark a key as optional. The requirement for key verification must go in with the public keys, in a place that is protected from modification. Add a -r option which tells mkimage to mark all keys that it uses for signing as 'required'. If some keys are optional and some are required, run mkimage several times (perhaps with different key directories if some keys are very secret) using the -F flag to update an existing FIT. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> 
Normally, multiple public keys can be provided and U-Boot is not
required to use all of them for verification. This is because some
images may not be signed, or may be optionally signed.

But we still need a mechanism to determine when a key must be used.
This feature cannot be implemented in the FIT itself, since anyone
could change it to mark a key as optional. The requirement for
key verification must go in with the public keys, in a place that
is protected from modification.

Add a -r option which tells mkimage to mark all keys that it uses
for signing as 'required'.

If some keys are optional and some are required, run mkimage several
times (perhaps with different key directories if some keys are very
secret) using the -F flag to update an existing FIT.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
mkimage: Add -c option to specify a comment for key signing 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:06+00:00 4f6104270146c76fcaf46e951f84cdc1612a04b7 When signing an image, it is useful to add some details about which tool or person is authorising the signing. Add a comment field which can take care of miscellaneous requirements. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> 
When signing an image, it is useful to add some details about which tool
or person is authorising the signing. Add a comment field which can take
care of miscellaneous requirements.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
mkimage: Add -F option to modify an existing .fit file 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:05+00:00 95d77b4479f9d07aea114fd4253cd665bb48ea10 When signing images it is sometimes necessary to sign with different keys at different times, or make the signer entirely separate from the FIT creation to avoid needing the private keys to be publicly available in the system. Add a -F option so that key signing can be a separate step, and possibly done multiple times as different keys are avaiable. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> 
When signing images it is sometimes necessary to sign with different keys
at different times, or make the signer entirely separate from the FIT
creation to avoid needing the private keys to be publicly available in
the system.

Add a -F option so that key signing can be a separate step, and possibly
done multiple times as different keys are avaiable.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
mkimage: Add -K to write public keys to an FDT blob 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:04+00:00 e29495d37f7c0533d365004ca475218250351c93 FIT image verification requires public keys. Add a convenient option to mkimage to write the public keys to an FDT blob when it uses then for signing an image. This allows us to use: mkimage -f test.its -K dest.dtb -k keys test.fit and have the signatures written to test.fit and the corresponding public keys written to dest.dtb. Then dest.dtb can be used as the control FDT for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the public keys it needs. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> 
FIT image verification requires public keys. Add a convenient option to
mkimage to write the public keys to an FDT blob when it uses then for
signing an image. This allows us to use:

   mkimage -f test.its -K dest.dtb -k keys test.fit

and have the signatures written to test.fit and the corresponding public
keys written to dest.dtb. Then dest.dtb can be used as the control FDT
for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the
public keys it needs.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
mkimage: Add -k option to specify key directory 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:03+00:00 80e4df8ac661ada5308f3bffebe4e6fae1f8e990 Keys required for signing images will be in a specific directory. Add a -k option to specify that directory. Also update the mkimage man page with this information and a clearer list of available commands. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> (v1) 
Keys required for signing images will be in a specific directory. Add a
-k option to specify that directory.

Also update the mkimage man page with this information and a clearer list
of available commands.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de> (v1)
image: Support signing of images 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:01+00:00 56518e71041fafdfd7af3a24f263b0a22efbeda9 Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> 
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.

Signed-off-by: Simon Glass <sjg@chromium.org>
image: Add signing infrastructure 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:00+00:00 3e569a6b1eb7ef0c8144f8c243f9e33c834bf003 Add a structure to describe an algorithm which can sign and (later) verify images. Signed-off-by: Simon Glass <sjg@chromium.org> 
Add a structure to describe an algorithm which can sign and (later) verify
images.

Signed-off-by: Simon Glass <sjg@chromium.org>