u-boot.git/include, branch v2013.07-rc2 Unnamed repository; edit this file 'description' to name the repository. mkimage: Build signing only if board has CONFIG_FIT_SIGNATURE 2013-06-28T20:26:52+00:00 Simon Glass sjg@chromium.org 2013-06-27T17:43:18+00:00 29ce737d6f4a8e19cbc8c54451e72e059e4d56e7 At present mkimage is set up to always build with image signing support. This means that the SSL libraries (e.g. libssl-dev) are always required. Adjust things so that mkimage can be built with and without image signing, controlled by the presence of CONFIG_FIT_SIGNATURE in the board config file. If CONFIG_FIT_SIGNATURE is not enabled, then mkimage will report a warning that signing is not supported. If the option is enabled, but libraries are not available, then a build error similar to this will be shown: lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No such file or directory Signed-off-by: Simon Glass <sjg@chromium.org> 
At present mkimage is set up to always build with image signing support.
This means that the SSL libraries (e.g. libssl-dev) are always required.

Adjust things so that mkimage can be built with and without image signing,
controlled by the presence of CONFIG_FIT_SIGNATURE in the board config file.

If CONFIG_FIT_SIGNATURE is not enabled, then mkimage will report a warning
that signing is not supported. If the option is enabled, but libraries are
not available, then a build error similar to this will be shown:

lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No such file or directory

Signed-off-by: Simon Glass <sjg@chromium.org>
am335x_evm: Add missing ';' in findfdt 2013-06-27T13:55:39+00:00 Tom Rini trini@ti.com 2013-06-27T13:55:39+00:00 20cb5fbec649ea3f4baaa7eab1ad77e9d7dfdca5 In a714321 we add a check at the end of findfdt to make sure we have updated it from undefined and if not, warn the user. This however forgot a ';' on the end of the previous last test. Signed-off-by: Tom Rini <trini@ti.com> 
In a714321 we add a check at the end of findfdt to make sure we have
updated it from undefined and if not, warn the user.  This however
forgot a ';' on the end of the previous last test.

Signed-off-by: Tom Rini <trini@ti.com>
Fix block device accesses beyond 2TiB 2013-06-26T14:26:06+00:00 Sascha Silbe t-uboot@infra-silbe.de 2013-06-14T11:07:25+00:00 ff8fef566601ba27767e885386cb2074c4f09886 With CONFIG_SYS_64BIT_LBA, lbaint_t gets defined as a 64-bit type, which is required to represent block numbers for storage devices that exceed 2TiB (the block size usually is 512B), e.g. recent hard drives. For some obscure reason, the current U-Boot code uses lbaint_t for the number of blocks to read (a rather optimistic estimation of how RAM sizes will evolve), but not for the starting address. Trying to access blocks beyond the 2TiB boundary will simply wrap around and read a block within the 0..2TiB range. We now use lbaint_t for block start addresses, too. This required changes to all block drivers as the signature of block_read(), block_write() and block_erase() in block_dev_desc_t changed. Signed-off-by: Sascha Silbe <t-uboot@infra-silbe.de> 
With CONFIG_SYS_64BIT_LBA, lbaint_t gets defined as a 64-bit type,
which is required to represent block numbers for storage devices that
exceed 2TiB (the block size usually is 512B), e.g. recent hard drives.

For some obscure reason, the current U-Boot code uses lbaint_t for the
number of blocks to read (a rather optimistic estimation of how RAM
sizes will evolve), but not for the starting address. Trying to access
blocks beyond the 2TiB boundary will simply wrap around and read a
block within the 0..2TiB range.

We now use lbaint_t for block start addresses, too. This required
changes to all block drivers as the signature of block_read(),
block_write() and block_erase() in block_dev_desc_t changed.

Signed-off-by: Sascha Silbe <t-uboot@infra-silbe.de>
sandbox: config: Enable FIT signatures with RSA 2013-06-26T14:18:57+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:10+00:00 74378cf8e730d794832678a5d2f4d2d67da3ad47 We want to sign and verify images using sandbox, so enable these options. Signed-off-by: Simon Glass <sjg@chromium.org> 
We want to sign and verify images using sandbox, so enable these options.

Signed-off-by: Simon Glass <sjg@chromium.org>
image: Add support for signing of FIT configurations 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:09+00:00 4d0985295bbb50a952f4312c0a818cd89b8ee7aa While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> 
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).

Add support for signing of FIT configurations using the libfdt's region
support.

Please see doc/uImage.FIT/signature.txt for more information.

Signed-off-by: Simon Glass <sjg@chromium.org>
libfdt: Add fdt_find_regions() 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:08+00:00 3e06cd1f97792b4bc3882de1ac99f031fb0eaa80 Add a function to find regions in device tree given a list of nodes to include and properties to exclude. See the header file for full documentation. Signed-off-by: Simon Glass <sjg@chromium.org> 
Add a function to find regions in device tree given a list of nodes to
include and properties to exclude.

See the header file for full documentation.

Signed-off-by: Simon Glass <sjg@chromium.org>
image: Add RSA support for image signing 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:02+00:00 19c402afa2e1190f596f35a84ac049b10d814f1f RSA provides a public key encryption facility which is ideal for image signing and verification. Images are signed using a private key by mkimage. Then at run-time, the images are verified using a private key. This implementation uses openssl for the host part (mkimage). To avoid bringing large libraries into the U-Boot binary, the RSA public key is encoded using a simple numeric representation in the device tree. Signed-off-by: Simon Glass <sjg@chromium.org> 
RSA provides a public key encryption facility which is ideal for image
signing and verification.

Images are signed using a private key by mkimage. Then at run-time, the
images are verified using a private key.

This implementation uses openssl for the host part (mkimage). To avoid
bringing large libraries into the U-Boot binary, the RSA public key
is encoded using a simple numeric representation in the device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
image: Support signing of images 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:01+00:00 56518e71041fafdfd7af3a24f263b0a22efbeda9 Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> 
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.

Signed-off-by: Simon Glass <sjg@chromium.org>
image: Add signing infrastructure 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:00+00:00 3e569a6b1eb7ef0c8144f8c243f9e33c834bf003 Add a structure to describe an algorithm which can sign and (later) verify images. Signed-off-by: Simon Glass <sjg@chromium.org> 
Add a structure to describe an algorithm which can sign and (later) verify
images.

Signed-off-by: Simon Glass <sjg@chromium.org>
x86: config: Add tracing options 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-11T18:14:53+00:00 b5f319373400d3c7e6820e793a7bb370ad0c8a76 Add configs to enable tracing when it is needed. Signed-off-by: Simon Glass <sjg@chromium.org> 
Add configs to enable tracing when it is needed.

Signed-off-by: Simon Glass <sjg@chromium.org>