u-boot.git/include/image.h, branch v2017.01 Unnamed repository; edit this file 'description' to name the repository. tools: mkimage: add firmware-ivt image type for HAB verification 2017-01-02T16:06:57+00:00 Sven Ebenfeld sven.ebenfeld@gmail.com 2016-11-06T15:37:56+00:00 d21bd69b6e95ca7824941e7f527871cd5c63c7f7 When we want to use Secure Boot with HAB from SPL over U-Boot.img, we need to append the IVT to the image and leave space for the CSF. Images generated as firmware_ivt can directly be signed using the Freescale code signing tool. For creation of a CSF, mkimage outputs the correct HAB Blocks for the image. The changes to the usual firmware image class are quite small, that is why I implemented that directly into the default_image. Cc: sbabic@denx.de v2-Changes: None Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com> Reviewed-by: George McCollister <george.mccollister@gmail.com> Tested-by: George McCollister <george.mccollister@gmail.com> 
When we want to use Secure Boot with HAB from SPL over U-Boot.img,
we need to append the IVT to the image and leave space for the CSF.
Images generated as firmware_ivt can directly be signed using the
Freescale code signing tool. For creation of a CSF, mkimage outputs
the correct HAB Blocks for the image.
The changes to the usual firmware image class are quite small,
that is why I implemented that directly into the default_image.

Cc: sbabic@denx.de

v2-Changes: None

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
image: Add Trusted Execution Environment image type 2016-12-03T18:21:20+00:00 Andrew F. Davis afd@ti.com 2016-11-29T22:33:21+00:00 7e719ee7d8eb61f459a38f69a825823603879258 Add a new image type representing Trusted Execution Environment (TEE) image types. For example, an OP-TEE OS binary image. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Add a new image type representing Trusted Execution Environment (TEE)
image types. For example, an OP-TEE OS binary image.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
image: Add FIT image loadable section custom processing 2016-12-03T18:21:19+00:00 Andrew F. Davis afd@ti.com 2016-11-29T22:33:20+00:00 d7be50921ed35e36e000a5e8daba41701a5eebb9 To help automate the loading of custom image types we add the ability to define custom handlers for the loadable section types. When we find a compatible type while loading a "loadable" image from a FIT image we run its associated handlers to perform any additional steps needed for loading this image. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
To help automate the loading of custom image types we add the ability
to define custom handlers for the loadable section types. When we find
a compatible type while loading a "loadable" image from a FIT image we
run its associated handlers to perform any additional steps needed for
loading this image.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
image: Combine image_sig_algo with image_sign_info 2016-11-21T19:07:31+00:00 Andrew Duda aduda@meraki.com 2016-11-08T18:53:41+00:00 83dd98e012b55b494ac2bf1f9a5d66f684bfbbe8 Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.

Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.

Indirectly adds support for "sha1,rsa4096" signing/verification.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
image: Add crypto_algo struct for RSA info 2016-11-21T19:07:31+00:00 Andrew Duda aduda@meraki.com 2016-11-08T18:53:41+00:00 0c1d74fda7c0063eeca4d8d9fa8674e6ec2ef685 Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checksum and crypto algos.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
rsa: Verify RSA padding programatically 2016-11-21T19:07:30+00:00 Andrew Duda aduda@meraki.com 2016-11-08T18:53:40+00:00 da29f2991d75fc8aa3289407a0e686a4a22f8c9e Padding verification was done against static SHA/RSA pair arrays which take up a lot of static memory, are mostly 0xff, and cannot be reused for additional SHA/RSA pairings. The padding can be easily computed according to PKCS#1v2.1 as: EM = 0x00 || 0x01 || PS || 0x00 || T where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding of the hash. Store DER prefix in checksum_algo and create rsa_verify_padding function to handle verification of a message for any SHA/RSA pairing. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SHA/RSA pairings. The padding can be easily computed
according to PKCS#1v2.1 as:

  EM = 0x00 || 0x01 || PS || 0x00 || T

where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding
of the hash.

Store DER prefix in checksum_algo and create rsa_verify_padding
function to handle verification of a message for any SHA/RSA pairing.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
rsa: cosmetic: rename pad_len to key_len 2016-11-21T19:07:30+00:00 Andrew Duda aduda@meraki.com 2016-11-08T18:53:39+00:00 5300a4f9336291fb713fcfaf9ea6e51b71824800 checksum_algo's pad_len field isn't actually used to store the length of the padding but the total length of the RSA key (msg_len + pad_len) Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
checksum_algo's pad_len field isn't actually used to store the length of
the padding but the total length of the RSA key (msg_len + pad_len)

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
tools: mkimage: add support for Vybrid image format 2016-10-06T07:06:16+00:00 Albert ARIBAUD \(3ADEV\) albert.aribaud@3adev.fr 2016-09-26T07:08:06+00:00 ed0c2c0a9ead7d1b5739fc83cf99ac85a16cb979 This format can be flashed directly at address 0 of the NAND FLASH, as it contains all necessary headers. Signed-off-by: Albert ARIBAUD (3ADEV) <albert.aribaud@3adev.fr> 
This format can be flashed directly at address 0 of
the NAND FLASH, as it contains all necessary headers.

Signed-off-by: Albert ARIBAUD (3ADEV) <albert.aribaud@3adev.fr>
xtensa: add support for the xtensa processor architecture [1/2] 2016-08-15T22:46:38+00:00 Chris Zankel chris@zankel.net 2016-08-10T15:36:43+00:00 de5e5cea022ab44006ff1edf45a39f0943fb9dff The Xtensa processor architecture is a configurable, extensible, and synthesizable 32-bit RISC processor core provided by Cadence. This is the first part of the basic architecture port with changes to common files. The 'arch/xtensa' directory, and boards and additional drivers will be in separate commits. Signed-off-by: Chris Zankel <chris@zankel.net> Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> 
The Xtensa processor architecture is a configurable, extensible,
and synthesizable 32-bit RISC processor core provided by Cadence.

This is the first part of the basic architecture port with changes to
common files. The 'arch/xtensa' directory, and boards and additional
drivers will be in separate commits.

Signed-off-by: Chris Zankel <chris@zankel.net>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
image: fix IH_ARCH_... values for uImage compatibility 2016-07-21T14:47:03+00:00 Masahiro Yamada yamada.masahiro@socionext.com 2016-07-21T06:16:00+00:00 ff87b0810753cfaec0e3094aa9fda8b12d6ca569 Commit 555f45d8f916 ("image: Convert the IH_... values to enums") accidentally changed some IH_ARCH_... values. Prior to that commit, there existed a gap between IH_ARCH_M68K and IH_ARCH_MICROBLAZE, like follows. #define IH_ARCH_SPARC64 11 /* Sparc 64 Bit */ #define IH_ARCH_M68K 12 /* M68K */ #define IH_ARCH_MICROBLAZE 14 /* MicroBlaze */ #define IH_ARCH_NIOS2 15 /* Nios-II */ The enum conversion broke the compatibility with existing uImage files. Reverting 555f45d8f916 will cause build error unfortunately, so here is a more easy fix. I dug the git history and figured out the gap was introduced by commit 1117cbf2adac ("nios: remove nios-32 arch"). So, I revived IH_ARCH_NIOS just for filling the gap. I added comments to each enum block. Once we assign a value to IH_... it is not allowed to change it. Acked-by: Michal Simek <michal.simek@xilinx.com> Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Commit 555f45d8f916 ("image: Convert the IH_... values to enums")
accidentally changed some IH_ARCH_... values.

Prior to that commit, there existed a gap between IH_ARCH_M68K and
IH_ARCH_MICROBLAZE, like follows.

  #define IH_ARCH_SPARC64         11      /* Sparc 64 Bit */
  #define IH_ARCH_M68K            12      /* M68K         */
  #define IH_ARCH_MICROBLAZE      14      /* MicroBlaze   */
  #define IH_ARCH_NIOS2           15      /* Nios-II      */

The enum conversion broke the compatibility with existing uImage
files.  Reverting 555f45d8f916 will cause build error unfortunately,
so here is a more easy fix.

I dug the git history and figured out the gap was introduced by
commit 1117cbf2adac ("nios: remove nios-32 arch").  So, I revived
IH_ARCH_NIOS just for filling the gap.

I added comments to each enum block.  Once we assign a value to
IH_... it is not allowed to change it.

Acked-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>