u-boot.git/test/vboot, branch v2015.10 Unnamed repository; edit this file 'description' to name the repository. Implement generalised RSA public exponents for verified boot 2014-08-09T15:17:01+00:00 Michael van der Westhuizen michael@smart-africa.com 2014-07-02T08:17:26+00:00 e0f2f15534146729fdf2ce58b740121fd67eea1c Remove the verified boot limitation that only allows a single RSA public exponent of 65537 (F4). This change allows use with existing PKI infrastructure and has been tested with HSM-based PKI. Change the configuration OF tree format to store the RSA public exponent as a 64 bit integer and implement backward compatibility for verified boot configuration trees without this extra field. Parameterise vboot_test.sh to test different public exponents. Mathematics and other hard work by Andrew Bott. Tested with the following public exponents: 3, 5, 17, 257, 39981, 50457, 65537 and 4294967297. Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com> Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com> Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com> Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com> Cc: Simon Glass <sjg@chromium.org> 
Remove the verified boot limitation that only allows a single
RSA public exponent of 65537 (F4).  This change allows use with
existing PKI infrastructure and has been tested with HSM-based
PKI.

Change the configuration OF tree format to store the RSA public
exponent as a 64 bit integer and implement backward compatibility
for verified boot configuration trees without this extra field.

Parameterise vboot_test.sh to test different public exponents.

Mathematics and other hard work by Andrew Bott.

Tested with the following public exponents: 3, 5, 17, 257, 39981,
50457, 65537 and 4294967297.

Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com>
Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com>
Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com>
Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Cc: Simon Glass <sjg@chromium.org>
sandbox: restore ability to access host fs through standard commands 2014-06-23T21:37:23+00:00 Stephen Warren swarren@nvidia.com 2014-06-12T16:28:32+00:00 4d907025d6a530c0f3d2e869331e863c3e3cc3c2 Commit 95fac6ab4589 "sandbox: Use os functions to read host device tree" removed the ability for get_device_and_partition() to handle the "host" device type, and redirect accesses to it to the host filesystem. This broke some unit tests that use this feature. So, revert that change. The code added back by this patch is slightly different to pacify checkpatch. However, we're then left with "host" being both: - A pseudo device that accesses the hosts real filesystem. - An emulated block device, which accesses "sectors" inside a file stored on the host. In order to resolve this discrepancy, rename the pseudo device from host to hostfs, and adjust the unit-tests for this change. The "help sb" output is modified to reflect this rename, and state where the host and hostfs devices should be used. Signed-off-by: Stephen Warren <swarren@nvidia.com> Tested-by: Josh Wu <josh.wu@atmel.com> Acked-by: Simon Glass <sjg@chromium.org> Tested-by: Simon Glass <sjg@chromium.org> 
Commit 95fac6ab4589 "sandbox: Use os functions to read host device tree"
removed the ability for get_device_and_partition() to handle the "host"
device type, and redirect accesses to it to the host filesystem. This
broke some unit tests that use this feature. So, revert that change. The
code added back by this patch is slightly different to pacify checkpatch.

However, we're then left with "host" being both:
- A pseudo device that accesses the hosts real filesystem.
- An emulated block device, which accesses "sectors" inside a file stored
  on the host.

In order to resolve this discrepancy, rename the pseudo device from host
to hostfs, and adjust the unit-tests for this change.

The "help sb" output is modified to reflect this rename, and state where
the host and hostfs devices should be used.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Tested-by: Josh Wu <josh.wu@atmel.com>
Acked-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
test: vboot: explicitly request bash 2014-06-19T15:19:04+00:00 Stephen Warren swarren@nvidia.com 2014-06-12T16:27:39+00:00 967a99ad823342510857be84f7920a41f1949147 vboot_test.sh uses Bashisms. Explicitly use #!/bin/bash so the script doesn't fail if /bin/sh isn't Bash. Signed-off-by: Stephen Warren <swarren@nvidia.com> Acked-by: Simon Glass <sjg@chromium.org> 
vboot_test.sh uses Bashisms. Explicitly use #!/bin/bash so the script
doesn't fail if /bin/sh isn't Bash.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Acked-by: Simon Glass <sjg@chromium.org>
tools, fit_check_sign: verify a signed fit image 2014-03-21T20:40:38+00:00 Heiko Schocher hs@denx.de 2014-03-03T11:19:30+00:00 29a23f9d6c533f8371be3ae0268c4c75866291b2 add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> 
add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
rsa: add sha256-rsa2048 algorithm 2014-03-21T20:39:34+00:00 Heiko Schocher hs@denx.de 2014-03-03T11:19:26+00:00 646257d1f4004855d486024527a4784bf57c4c4d based on patch from andreas@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: Heiko Schocher <hs@denx.de> Cc: andreas@oetken.name Cc: Simon Glass <sjg@chromium.org> 
based on patch from andreas@oetken.name:

http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.

aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: andreas@oetken.name
Cc: Simon Glass <sjg@chromium.org>
Add GPL-2.0+ SPDX-License-Identifier to source files 2013-07-24T13:44:38+00:00 Wolfgang Denk wd@denx.de 2013-07-08T07:37:19+00:00 1a4596601fd395f3afb8f82f3f840c5e00bdd57a Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com> 
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
Add verified boot information and test 2013-06-26T14:18:57+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:11+00:00 041bca5ba3adb48750d0a438cb3b1356a0c2e603 Add a description of how to implement verified boot using signed FIT images, and a simple test which verifies operation on sandbox. The test signs a FIT image and verifies it, then signs a FIT configuration and verifies it. Then it corrupts the signature to check that this is detected. Signed-off-by: Simon Glass <sjg@chromium.org> 
Add a description of how to implement verified boot using signed FIT images,
and a simple test which verifies operation on sandbox.

The test signs a FIT image and verifies it, then signs a FIT configuration
and verifies it. Then it corrupts the signature to check that this is
detected.

Signed-off-by: Simon Glass <sjg@chromium.org>