u-boot.git/include/image.h, branch v2022.07 Unnamed repository; edit this file 'description' to name the repository. lib: rsa: Fix const-correctness of rsassa_pss functions 2022-04-11T15:39:19+00:00 SESA644425 giojahermann@gmail.com 2022-03-09T09:27:15+00:00 c755aa8a1dc2f2b819ce36148248ebe93bbc7f86 Prior to introduction of modifications in rsassa_pss functions related to padding verification, doing a pass to update const-correctness in targeted functions to comply with coding-rules and avoid const-cast Signed-off-by: SESA644425 <gioja.hermann@non.se.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Prior to introduction of modifications in rsassa_pss functions
related to padding verification, doing a pass to update
const-correctness in targeted functions to comply with
coding-rules and avoid const-cast

Signed-off-by: SESA644425 <gioja.hermann@non.se.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Merge branch 'master' of https://source.denx.de/u-boot/custodians/u-boot-sunxi 2022-04-05T12:33:32+00:00 Tom Rini trini@konsulko.com 2022-04-05T12:33:32+00:00 4de720e98d552dfda9278516bf788c4a73b3e56f A big part is the DM pinctrl driver, which allows us to get rid of quite some custom pinmux code and make the whole port much more robust. Many thanks to Samuel for that nice contribution! There are some more or less cosmetic warnings about missing clocks right now, I will send the trivial fixes for that later. Another big chunk is the mkimage upgrade, which adds RISC-V and TOC0 (secure images) support. Both features are unused at the moment, but I have an always-secure board that will use that once the DT lands in the kernel. On top of those big things we have some smaller fixes, improving the I2C DM support, fixing some H6/H616 early clock setup and improving the eMMC boot partition support. The gitlab CI completed successfully, including the build test for all 161 sunxi boards. I also boot tested on a A64, A20, H3, H6, and F1C100 board. USB, SD card, eMMC, and Ethernet all work there (where applicable). 
A big part is the DM pinctrl driver, which allows us to get rid of quite
some custom pinmux code and make the whole port much more robust. Many
thanks to Samuel for that nice contribution! There are some more or less
cosmetic warnings about missing clocks right now, I will send the trivial
fixes for that later.
Another big chunk is the mkimage upgrade, which adds RISC-V and TOC0
(secure images) support. Both features are unused at the moment, but I
have an always-secure board that will use that once the DT lands in the
kernel.
On top of those big things we have some smaller fixes, improving the
I2C DM support, fixing some H6/H616 early clock setup and improving the
eMMC boot partition support.

The gitlab CI completed successfully, including the build test for all
161 sunxi boards. I also boot tested on a A64, A20, H3, H6, and F1C100
board. USB, SD card, eMMC, and Ethernet all work there (where applicable).
tools: mkimage: Add Allwinner TOC0 support 2022-04-04T22:24:17+00:00 Samuel Holland samuel@sholland.org 2022-03-18T05:00:43+00:00 e9e87ec47c756b1ee2b0a6680488d60adb2079a9 Most Allwinner sunxi SoCs have separate boot ROMs in non-secure and secure mode. The "non-secure" or "normal" boot ROM (NBROM) uses the existing sunxi_egon image type. The secure boot ROM (SBROM) uses a completely different image type, known as TOC0. A TOC0 image is composed of a header and two or more items. One item is the firmware binary. The others form a chain linking the firmware signature to the root-of-trust public key (ROTPK), which has its hash burned in the SoC's eFuses. Signatures are made using RSA-2048 + SHA256. The pseudo-ASN.1 structure is manually assembled; this is done to work around bugs/quirks in the boot ROM, which vary between SoCs. This TOC0 implementation has been verified to work with the A50, A64, H5, H6, and H616 SBROMs, and it may work with other SoCs. Signed-off-by: Samuel Holland <samuel@sholland.org> Acked-by: Andre Przywara <andre.przywara@arm.com> Signed-off-by: Andre Przywara <andre.przywara@arm.com> 
Most Allwinner sunxi SoCs have separate boot ROMs in non-secure and
secure mode. The "non-secure" or "normal" boot ROM (NBROM) uses the
existing sunxi_egon image type. The secure boot ROM (SBROM) uses a
completely different image type, known as TOC0.

A TOC0 image is composed of a header and two or more items. One item
is the firmware binary. The others form a chain linking the firmware
signature to the root-of-trust public key (ROTPK), which has its hash
burned in the SoC's eFuses. Signatures are made using RSA-2048 + SHA256.

The pseudo-ASN.1 structure is manually assembled; this is done to work
around bugs/quirks in the boot ROM, which vary between SoCs. This TOC0
implementation has been verified to work with the A50, A64, H5, H6,
and H616 SBROMs, and it may work with other SoCs.

Signed-off-by: Samuel Holland <samuel@sholland.org>
Acked-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
mkimage: add public key for image pre-load stage 2022-03-31T18:12:01+00:00 Philippe Reynes philippe.reynes@softathome.com 2022-03-28T20:57:02+00:00 6e052d1cbafbedbfba73070da483111f2ae68e5a This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> 
This commit enhances mkimage to update the node
/image/pre-load/sig with the public key.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
cmd: bootm: add a stage pre-load 2022-03-31T18:12:01+00:00 Philippe Reynes philippe.reynes@softathome.com 2022-03-28T20:57:00+00:00 9d46e63d9771c789c2c934bb6f5f6af042f1bba0 Add a stage pre-load to the command bootm. Right now, this stage may be used to read a header and check the signature of the full image. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> 
Add a stage pre-load to the command bootm.
Right now, this stage may be used to read a
header and check the signature of the full
image.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
boot: image: add a stage pre-load 2022-03-31T18:12:01+00:00 Philippe Reynes philippe.reynes@softathome.com 2022-03-28T20:56:59+00:00 982207435a7b96d594336a88c08cb5b09e5f2963 Add a stage pre-load that could check or modify an image. For the moment, only a header with a signature is supported. This header has the following format: - magic : 4 bytes - version : 4 bytes - header size : 4 bytes - image size : 4 bytes - offset image signature : 4 bytes - flags : 4 bytes - reserved0 : 4 bytes - reserved1 : 4 bytes - sha256 of the image signature : 32 bytes - signature of the first 64 bytes : n bytes - image signature : n bytes - padding : up to header size The stage uses a node /image/pre-load/sig to get some informations: - algo-name (mandatory) : name of the algo used to sign - padding-name : name of padding used to sign - signature-size : size of the signature (in the header) - mandatory : set to yes if this sig is mandatory - public-key (madatory) : value of the public key Before running the image, the stage pre-load checks the signature provided in the header. This is an initial support, later we could add the support of: - ciphering - uncompressing - ... Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> 
Add a stage pre-load that could
check or modify an image.

For the moment, only a header with a signature is
supported. This header has the following format:
- magic : 4 bytes
- version : 4 bytes
- header size : 4 bytes
- image size : 4 bytes
- offset image signature : 4 bytes
- flags : 4 bytes
- reserved0 : 4 bytes
- reserved1 : 4 bytes
- sha256 of the image signature : 32 bytes
- signature of the first 64 bytes : n bytes
- image signature : n bytes
- padding : up to header size

The stage uses a node /image/pre-load/sig to
get some informations:
- algo-name (mandatory) : name of the algo used to sign
- padding-name : name of padding used to sign
- signature-size : size of the signature (in the header)
- mandatory : set to yes if this sig is mandatory
- public-key (madatory) : value of the public key

Before running the image, the stage pre-load checks
the signature provided in the header.

This is an initial support, later we could add the
support of:
- ciphering
- uncompressing
- ...

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
tools: mkimage: Show where signatures/keys are written 2022-01-26T15:50:44+00:00 Simon Glass sjg@chromium.org 2021-11-12T19:28:13+00:00 2d2384bbaff0ab84c868b553c74048a5f6acc9e3 At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org> 
At present mkimage displays the node information but it is not clear what
signing action was taken. Add a message that shows it. For now it only
supports showing a single signing action, since that is the common case.

Sample:

   Signature written to 'sha1-basic/test.fit',
       node '/configurations/conf-1/signature'
   Public key written to 'sha1-basic/sandbox-u-boot.dtb',
       node '/signature/key-dev'

Signed-off-by: Simon Glass <sjg@chromium.org>
image: Return destination node for add_verify_data() method 2022-01-26T15:50:44+00:00 Simon Glass sjg@chromium.org 2021-11-12T19:28:11+00:00 c033dc8c0c4b744e028e124f88be4829309c75d1 It is useful to know where the verification data was written. Update the API to return this. Signed-off-by: Simon Glass <sjg@chromium.org> 
It is useful to know where the verification data was written. Update the
API to return this.

Signed-off-by: Simon Glass <sjg@chromium.org>
tools: Pass the key blob around 2022-01-26T15:50:44+00:00 Simon Glass sjg@chromium.org 2021-11-12T19:28:10+00:00 99f844ba3a6b3ddd73742cddf7dee955bbb96c61 At present we rely on the key blob being in the global_data fdt_blob pointer. This is true in U-Boot but not with tools. For clarity, pass the parameter around. Signed-off-by: Simon Glass <sjg@chromium.org> 
At present we rely on the key blob being in the global_data fdt_blob
pointer. This is true in U-Boot but not with tools. For clarity, pass the
parameter around.

Signed-off-by: Simon Glass <sjg@chromium.org>
tools: Improve comments in signing functions 2022-01-26T15:50:43+00:00 Simon Glass sjg@chromium.org 2021-11-12T19:28:06+00:00 70e6bcc43f541fbcb8e878dba8299e8e30943bcd Add some more comments to explain what is going on in the signing functions. Fix two repeated typos. Signed-off-by: Simon Glass <sjg@chromium.org> 
Add some more comments to explain what is going on in the signing
functions. Fix two repeated typos.

Signed-off-by: Simon Glass <sjg@chromium.org>