u-boot.git/include/image.h, branch v2014.07-rc3 Unnamed repository; edit this file 'description' to name the repository. Prevent a buffer overflow in mkimage when signing with SHA256 2014-06-05T21:01:23+00:00 Michael van der Westhuizen michael@smart-africa.com 2014-05-30T18:59:00+00:00 1de7bb4f27745336c6d9cd5c2088748fcdaf699d Due to the FIT_MAX_HASH_LEN constant not having been updated to support SHA256 signatures one will always see a buffer overflow in fit_image_process_hash when signing images that use this larger hash. This is exposed by vboot_test.sh. Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com> Acked-by: Simon Glass <sjg@chromium.org> [trini: Rework a bit so move the exportable parts of hash.h outside of !USE_HOSTCC and only need that as a new include to image.h] Signed-off-by: Tom Rini <trini@ti.com> 
Due to the FIT_MAX_HASH_LEN constant not having been updated
to support SHA256 signatures one will always see a buffer
overflow in fit_image_process_hash when signing images that
use this larger hash.  This is exposed by vboot_test.sh.

Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Acked-by: Simon Glass <sjg@chromium.org>
[trini: Rework a bit so move the exportable parts of hash.h outside of
 !USE_HOSTCC and only need that as a new include to image.h]
Signed-off-by: Tom Rini <trini@ti.com>
bootm: make use of legacy image format configurable 2014-06-05T18:44:56+00:00 Heiko Schocher hs@denx.de 2014-05-28T09:33:33+00:00 21d29f7f9f4888a4858b58b368ae7cf8783a6ebf make the use of legacy image format configurable through the config define CONFIG_IMAGE_FORMAT_LEGACY. When relying on signed FIT images with required signature check the legacy image format should be disabled. Therefore introduce this new define and enable legacy image format if CONFIG_FIT_SIGNATURE is not set. If CONFIG_FIT_SIGNATURE is set disable per default the legacy image format. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Cc: Lars Steubesand <lars.steubesand@philips.com> Cc: Mike Pearce <mike@kaew.be> Cc: Wolfgang Denk <wd@denx.de> Cc: Tom Rini <trini@ti.com> Cc: Michal Simek <monstr@monstr.eu> Acked-by: Simon Glass <sjg@chromium.org> 
make the use of legacy image format configurable through
the config define CONFIG_IMAGE_FORMAT_LEGACY.

When relying on signed FIT images with required signature check
the legacy image format should be disabled. Therefore introduce
this new define and enable legacy image format if CONFIG_FIT_SIGNATURE
is not set. If CONFIG_FIT_SIGNATURE is set disable per default
the legacy image format.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Lars Steubesand <lars.steubesand@philips.com>
Cc: Mike Pearce <mike@kaew.be>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Tom Rini <trini@ti.com>
Cc: Michal Simek <monstr@monstr.eu>
Acked-by: Simon Glass <sjg@chromium.org>
mkimage: add atmelimage 2014-05-26T22:10:48+00:00 Andreas Bießmann andreas.devel@googlemail.com 2014-05-19T12:23:39+00:00 7b1a411743db47648b2955c414a71836823acfd9 The new atmelimage converts a machine code BLOB to bootable ROM image. Atmel ROM has no sophisticated image format, it only checks the first 7 ARM vectors. The vectors can contain valid B or LDR opcodes, the 6'th vector contains the image size to load. Additionally the PMECC header can be written by the atmelimage target. The parameters must be given via the -n switch as a coma separated list. For example: mkimage -T atmelimage \ -n usePmecc=1,sectorPerPage=4,sectorSize=512,spareSize=64,eccBits=4,eccOffset=36 \ -d spl/u-boot-spl.bin boot.bin A provided image can be checked for correct header setup. It prints out the PMECC header parameters if it has one and the 6'th interrupt vector content. ---8<--- Image Type: ATMEL ROM-Boot Image with PMECC Header PMECC header ==================== eccOffset: 36 sectorSize: 512 eccBitReq: 4 spareSize: 64 nbSectorPerPage: 4 usePmecc: 1 ==================== 6'th vector has 17044 set --->8--- A SPL binary modified with the atmelimage mkimage target was succesfully booted on a sama5d34ek via MMC and NAND. Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com> Cc: Bo Shen <voice.shen@atmel.com> Cc: Heiko Schocher <hs@denx.de> Tested-by: Bo Shen <voice.shen@atmel.com> 
The new atmelimage converts a machine code BLOB to bootable ROM image. Atmel
ROM has no sophisticated image format, it only checks the first 7 ARM vectors.
The vectors can contain valid B or LDR opcodes, the 6'th vector contains the
image size to load.

Additionally the PMECC header can be written by the atmelimage target. The
parameters must be given via the -n switch as a coma separated list. For
example:

mkimage -T atmelimage \
 -n usePmecc=1,sectorPerPage=4,sectorSize=512,spareSize=64,eccBits=4,eccOffset=36 \
 -d spl/u-boot-spl.bin boot.bin

A provided image can be checked for correct header setup. It prints out the
PMECC header parameters if it has one and the 6'th interrupt vector content.

---8<---
Image Type:	ATMEL ROM-Boot Image with PMECC Header
		PMECC header
		====================
		eccOffset:        36
		sectorSize:      512
		eccBitReq:         4
		spareSize:        64
		nbSectorPerPage:   4
		usePmecc:          1
		====================
		6'th vector has 17044 set
--->8---

A SPL binary modified with the atmelimage mkimage target was succesfully
booted on a sama5d34ek via MMC and NAND.

Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Cc: Bo Shen <voice.shen@atmel.com>
Cc: Heiko Schocher <hs@denx.de>
Tested-by: Bo Shen <voice.shen@atmel.com>
Merge branch 'master' of git://git.denx.de/u-boot-usb 2014-05-22T16:56:15+00:00 Tom Rini trini@ti.com 2014-05-22T16:56:15+00:00 c9afa7cea84c9b7346fcd2710577bcc386631aba 






Merge branch 'u-boot/master'
2014-05-09T09:50:14+00:00

Albert ARIBAUD
albert.u.boot@aribaud.net

2014-05-09T08:47:05+00:00

d2a3e911390f9fc4d8c0ee4b3c7fc75f4fd3fd19

Conflicts:
	drivers/net/Makefile

(trivial merge)





Conflicts:
	drivers/net/Makefile

(trivial merge)







image: add support for Android's boot image format
2014-05-08T08:38:29+00:00

Sebastian Siewior
bigeasy@linutronix.de

2014-05-05T20:08:09+00:00

9ace3fc81427f6a4036718c2daff9d6f8ee7b69a

This patch adds support for the Android boot-image format. The header
file is from the Android project and got slightly alterted so the struct +
its defines are not generic but have something like a namespace. The
header file is from bootloader/legacy/include/boot/bootimg.h. The header
parsing has been written from scratch and I looked at
bootloader/legacy/usbloader/usbloader.c for some details.
The image contains the physical address (load address) of the kernel and
ramdisk. This address is considered only for the kernel image.
The "second image" defined in the image header is currently not
supported. I haven't found anything that is creating this.

v3 (Rob Herring):
This is based on http://patchwork.ozlabs.org/patch/126797/ with the
following changes:
- Rebased to current mainline
- Moved android image handling to separate functions in
  common/image-android.c
- s/u8/char/ in header to fix string function warnings
- Use SPDX identifiers for licenses
- Cleaned-up file source information:
  android_image.h is from file include/boot/bootimg.h in repository:
  https://android.googlesource.com/platform/bootable/bootloader/legacy
  The git commit hash is 4205b865141ff2e255fe1d3bd16de18e217ef06a
  usbloader.c would be from the same commit, but it does not appear
  to have been used for any actual code.
v4:
- s/andriod/android/
- Use a separate flag ep_found to track if the entry point has been set
rather than using a magic value.

Cc: Wolfgang Denk <wd@denx.de>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Rob Herring <robh@kernel.org>
Reviewed-by: Tom Rini <trini@ti.com>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>





This patch adds support for the Android boot-image format. The header
file is from the Android project and got slightly alterted so the struct +
its defines are not generic but have something like a namespace. The
header file is from bootloader/legacy/include/boot/bootimg.h. The header
parsing has been written from scratch and I looked at
bootloader/legacy/usbloader/usbloader.c for some details.
The image contains the physical address (load address) of the kernel and
ramdisk. This address is considered only for the kernel image.
The "second image" defined in the image header is currently not
supported. I haven't found anything that is creating this.

v3 (Rob Herring):
This is based on http://patchwork.ozlabs.org/patch/126797/ with the
following changes:
- Rebased to current mainline
- Moved android image handling to separate functions in
  common/image-android.c
- s/u8/char/ in header to fix string function warnings
- Use SPDX identifiers for licenses
- Cleaned-up file source information:
  android_image.h is from file include/boot/bootimg.h in repository:
  https://android.googlesource.com/platform/bootable/bootloader/legacy
  The git commit hash is 4205b865141ff2e255fe1d3bd16de18e217ef06a
  usbloader.c would be from the same commit, but it does not appear
  to have been used for any actual code.
v4:
- s/andriod/android/
- Use a separate flag ep_found to track if the entry point has been set
rather than using a magic value.

Cc: Wolfgang Denk <wd@denx.de>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Rob Herring <robh@kernel.org>
Reviewed-by: Tom Rini <trini@ti.com>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>







tools: mkimage: add support for gpimage format
2014-04-17T21:24:38+00:00

Karicheri, Muralidharan
m-karicheri2@ti.com

2014-04-04T17:16:48+00:00

bf411ea9f11a757cb3916f3a2e9753f4e0208672

This patch add support for gpimage format as a preparatory
patch for porting u-boot for keystone2 devices and is
based on omapimage format. It re-uses gph header to store the
size and loadaddr as done in omapimage.c

Signed-off-by: Vitaly Andrianov <vitalya@ti.com>
Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
Acked-by: Tom Rini <trini@ti.com>





This patch add support for gpimage format as a preparatory
patch for porting u-boot for keystone2 devices and is
based on omapimage format. It re-uses gph header to store the
size and loadaddr as done in omapimage.c

Signed-off-by: Vitaly Andrianov <vitalya@ti.com>
Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
Acked-by: Tom Rini <trini@ti.com>







tools, fit_check_sign: verify a signed fit image
2014-03-21T20:40:38+00:00

Heiko Schocher
hs@denx.de

2014-03-03T11:19:30+00:00

29a23f9d6c533f8371be3ae0268c4c75866291b2

add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>





add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>







rsa: add sha256,rsa4096 algorithm
2014-03-21T20:39:35+00:00

Heiko Schocher
hs@denx.de

2014-03-03T11:19:27+00:00

db1b5f3d20666ffd52d649a3bd6141989b596e3f

Add support for sha256,rsa4096 signatures in u-boot.

Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
Cc: andreas@oetken.name





Add support for sha256,rsa4096 signatures in u-boot.

Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
Cc: andreas@oetken.name







rsa: add sha256-rsa2048 algorithm
2014-03-21T20:39:34+00:00

Heiko Schocher
hs@denx.de

2014-03-03T11:19:26+00:00

646257d1f4004855d486024527a4784bf57c4c4d

based on patch from andreas@oetken.name:

http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.

aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: andreas@oetken.name
Cc: Simon Glass <sjg@chromium.org>





based on patch from andreas@oetken.name:

http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.

aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: andreas@oetken.name
Cc: Simon Glass <sjg@chromium.org>