u-boot.git/include/image.h, branch v2017.03 Unnamed repository; edit this file 'description' to name the repository. bootm: relocate ramdisk if CONFIG_SYS_BOOT_RAMDISK_HIGH set 2017-01-20T14:15:20+00:00 Rick Altherr raltherr@google.com 2017-01-19T01:12:24+00:00 c2e7e72bb9f0cb47d024997b381cb64786eb5402 In 35fc84f, bootm was refactored so plain 'bootm' and 'bootm <subcommand>' shared a common implementation. The 'bootm ramdisk' command implementation is now part of the common implementation but not invoke by plain 'bootm' since the original implementation never did ramdisk relocation. Instead, ramdisk relocation happened in image_setup_linux() which is typically called during the OS portion of 'bootm'. On ARM, parameters to the Linux kernel can either be passed by FDT or ATAGS. When using FDT, image_setup_linux() is called which also triggers ramdisk relocation. When using ATAGS, image_setup_linux() is _not_ called because it mostly does FDT setup. Instead of calling image_setup_linux() in both FDT and ATAGS cases, include BOOTM_STATE_RAMDISK in the requested states during a plain 'bootm' if CONFIG_SYS_BOOT_RAMDISK_HIGH is set and remove the ramdisk relocation from image_setup_linux(). This causes ramdisk relocation to happen on any system where CONFIG_SYS_BOOT_RAMDISK_HIGH regardless of the OS being booted. Also remove IMAGE_ENABLE_RAMDISK_HIGH as it was only used by the now-removed code from image_setup_linux(). Signed-off-by: Rick Altherr <raltherr@google.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Joel Stanley <joel@jms.id.au> 
In 35fc84f, bootm was refactored so plain 'bootm' and
'bootm <subcommand>' shared a common implementation.
The 'bootm ramdisk' command implementation is now part of the common
implementation but not invoke by plain 'bootm' since the original
implementation never did ramdisk relocation.  Instead, ramdisk
relocation happened in image_setup_linux() which is typically called
during the OS portion of 'bootm'.

On ARM, parameters to the Linux kernel can either be passed by FDT or
ATAGS. When using FDT, image_setup_linux() is called which also triggers
ramdisk relocation.  When using ATAGS, image_setup_linux() is _not_
called because it mostly does FDT setup.

Instead of calling image_setup_linux() in both FDT and ATAGS cases,
include BOOTM_STATE_RAMDISK in the requested states during a plain
'bootm' if CONFIG_SYS_BOOT_RAMDISK_HIGH is set and remove the ramdisk
relocation from image_setup_linux().  This causes ramdisk relocation to
happen on any system where CONFIG_SYS_BOOT_RAMDISK_HIGH regardless of
the OS being booted. Also remove IMAGE_ENABLE_RAMDISK_HIGH as it was
only used by the now-removed code from image_setup_linux().

Signed-off-by: Rick Altherr <raltherr@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Merge branch 'master' of git://git.denx.de/u-boot-video 2017-01-17T01:23:14+00:00 Tom Rini trini@konsulko.com 2017-01-17T01:23:14+00:00 f253f2933b7373556329c0174dd5b101039a4056 






mkimage: Add support for signing with pkcs11
2017-01-14T21:47:13+00:00

George McCollister
george.mccollister@gmail.com

2017-01-06T19:14:17+00:00

f1ca1fdebf1cde1c37c91b3d85f8b7af111112ea

Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>





Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>







splash: add support for loading splash from a FIT image
2017-01-13T16:40:38+00:00

tomas.melin@vaisala.com
tomas.melin@vaisala.com

2017-01-13T11:20:14+00:00

db1b79b886f085b5af09db9378f5c53417c3ecde

Enable support for loading a splash image from within a FIT image.
The image is assumed to be generated with mkimage -E flag to hold
the data external to the FIT.

Signed-off-by: Tomas Melin <tomas.melin@vaisala.com>
Acked-by: Igor Grinberg <grinberg@compulab.co.il>





Enable support for loading a splash image from within a FIT image.
The image is assumed to be generated with mkimage -E flag to hold
the data external to the FIT.

Signed-off-by: Tomas Melin <tomas.melin@vaisala.com>
Acked-by: Igor Grinberg <grinberg@compulab.co.il>







tools: mkimage: add firmware-ivt image type for HAB verification
2017-01-02T16:06:57+00:00

Sven Ebenfeld
sven.ebenfeld@gmail.com

2016-11-06T15:37:56+00:00

d21bd69b6e95ca7824941e7f527871cd5c63c7f7

When we want to use Secure Boot with HAB from SPL over U-Boot.img,
we need to append the IVT to the image and leave space for the CSF.
Images generated as firmware_ivt can directly be signed using the
Freescale code signing tool. For creation of a CSF, mkimage outputs
the correct HAB Blocks for the image.
The changes to the usual firmware image class are quite small,
that is why I implemented that directly into the default_image.

Cc: sbabic@denx.de

v2-Changes: None

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>





When we want to use Secure Boot with HAB from SPL over U-Boot.img,
we need to append the IVT to the image and leave space for the CSF.
Images generated as firmware_ivt can directly be signed using the
Freescale code signing tool. For creation of a CSF, mkimage outputs
the correct HAB Blocks for the image.
The changes to the usual firmware image class are quite small,
that is why I implemented that directly into the default_image.

Cc: sbabic@denx.de

v2-Changes: None

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>







image: Add Trusted Execution Environment image type
2016-12-03T18:21:20+00:00

Andrew F. Davis
afd@ti.com

2016-11-29T22:33:21+00:00

7e719ee7d8eb61f459a38f69a825823603879258

Add a new image type representing Trusted Execution Environment (TEE)
image types. For example, an OP-TEE OS binary image.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>





Add a new image type representing Trusted Execution Environment (TEE)
image types. For example, an OP-TEE OS binary image.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>







image: Add FIT image loadable section custom processing
2016-12-03T18:21:19+00:00

Andrew F. Davis
afd@ti.com

2016-11-29T22:33:20+00:00

d7be50921ed35e36e000a5e8daba41701a5eebb9

To help automate the loading of custom image types we add the ability
to define custom handlers for the loadable section types. When we find
a compatible type while loading a "loadable" image from a FIT image we
run its associated handlers to perform any additional steps needed for
loading this image.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>





To help automate the loading of custom image types we add the ability
to define custom handlers for the loadable section types. When we find
a compatible type while loading a "loadable" image from a FIT image we
run its associated handlers to perform any additional steps needed for
loading this image.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>







image: Combine image_sig_algo with image_sign_info
2016-11-21T19:07:31+00:00

Andrew Duda
aduda@meraki.com

2016-11-08T18:53:41+00:00

83dd98e012b55b494ac2bf1f9a5d66f684bfbbe8

Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.

Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.

Indirectly adds support for "sha1,rsa4096" signing/verification.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>





Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.

Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.

Indirectly adds support for "sha1,rsa4096" signing/verification.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>







image: Add crypto_algo struct for RSA info
2016-11-21T19:07:31+00:00

Andrew Duda
aduda@meraki.com

2016-11-08T18:53:41+00:00

0c1d74fda7c0063eeca4d8d9fa8674e6ec2ef685

Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checksum and crypto algos.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>





Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checksum and crypto algos.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>







rsa: Verify RSA padding programatically
2016-11-21T19:07:30+00:00

Andrew Duda
aduda@meraki.com

2016-11-08T18:53:40+00:00

da29f2991d75fc8aa3289407a0e686a4a22f8c9e

Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SHA/RSA pairings. The padding can be easily computed
according to PKCS#1v2.1 as:

  EM = 0x00 || 0x01 || PS || 0x00 || T

where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding
of the hash.

Store DER prefix in checksum_algo and create rsa_verify_padding
function to handle verification of a message for any SHA/RSA pairing.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>





Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SHA/RSA pairings. The padding can be easily computed
according to PKCS#1v2.1 as:

  EM = 0x00 || 0x01 || PS || 0x00 || T

where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding
of the hash.

Store DER prefix in checksum_algo and create rsa_verify_padding
function to handle verification of a message for any SHA/RSA pairing.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>