u-boot.git/tools/image-host.c, branch v2018.01 Unnamed repository; edit this file 'description' to name the repository. tools: image: fix message when fail to add verification data for config 2017-11-06T14:59:01+00:00 Masahiro Yamada yamada.masahiro@socionext.com 2017-10-27T06:04:21+00:00 76b9cbab25f832a25e51c50a221c0f1ff3632b7c This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 
This function is called when signing configuration nodes.  Adjust
the error message.

I do not know why we do not need to show the error message in case of
ENOSPC.  Remove the if-conditional that seems unnecessary.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
tools: image: allow to sign image nodes without -K option 2017-11-06T14:59:00+00:00 Masahiro Yamada yamada.masahiro@socionext.com 2017-10-27T06:04:20+00:00 6793d017a7679477402f5d30229651dba0db5ed2 If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 
If -K option is missing when you sign image nodes, it fails with
an unclear error message:

  tools/mkimage Can't add hashes to FIT blob: -1

It is hard to figure out the cause of the failure.

In contrast, when you sign configuration nodes, -K is optional because
fit_config_process_sig() returns successfully if keydest is unset.
Probably this is a preferred behavior when you want to update FIT with
the same key; you do not have to update the public key in this case.

So, this commit changes fit_image_process_sig() to continue signing
without keydest.  If ->add_verify_data() fails, show a clearer error
message, which has been borrowed from fit_config_process_sig().

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
tools: image: fix "algo" property of public key for verified boot 2017-11-06T14:59:00+00:00 Masahiro Yamada yamada.masahiro@socionext.com 2017-10-27T04:25:21+00:00 1d88a99d1b9175c41f015631311fd9e5966eb997 The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 
The "algo_name" points to a property in a blob being edited.  The
pointer becomes stale when fit_image_write_sig() inserts signatures.
Then crypto->add_verify_data() writes wrong data to the public key
destination.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
tools: image: fix node name of signature node in FIT 2017-10-23T21:28:17+00:00 Masahiro Yamada yamada.masahiro@socionext.com 2017-10-19T10:16:21+00:00 16067e6b87293eeb1fc4bac3edc0fd675b94d1a8 Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Both "conf_name" and "sig_name" point to the name of config node.
The latter should be the name of the signature node.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
mkimage: Add support for signing with pkcs11 2017-01-14T21:47:13+00:00 George McCollister george.mccollister@gmail.com 2017-01-06T19:14:17+00:00 f1ca1fdebf1cde1c37c91b3d85f8b7af111112ea Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> 
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
image: Combine image_sig_algo with image_sign_info 2016-11-21T19:07:31+00:00 Andrew Duda aduda@meraki.com 2016-11-08T18:53:41+00:00 83dd98e012b55b494ac2bf1f9a5d66f684bfbbe8 Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.

Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.

Indirectly adds support for "sha1,rsa4096" signing/verification.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
image: Add crypto_algo struct for RSA info 2016-11-21T19:07:31+00:00 Andrew Duda aduda@meraki.com 2016-11-08T18:53:41+00:00 0c1d74fda7c0063eeca4d8d9fa8674e6ec2ef685 Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checksum and crypto algos.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7 2016-07-25T16:01:36+00:00 mario.six@gdsys.cc mario.six@gdsys.cc 2016-07-22T06:58:40+00:00 713fb2dcb24537073171fc84528044a3ba081817 [NOTE: I took v1 of these patches in, and then v2 came out, this commit is squashing the minor deltas from v1 -> v2 of updates to c236ebd and 2b9ec76 into this commit - trini] - Added an additional NULL check, as suggested by Simon Glass to fit_image_process_sig - Re-formatted the comment blocks Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Simon Glass <sjg@chromium.org> [For merging the chnages from v2 back onto v1] Signed-off-by: Tom Rini <trini@konsulko.com> 
[NOTE: I took v1 of these patches in, and then v2 came out, this commit
is squashing the minor deltas from v1 -> v2 of updates to c236ebd and
2b9ec76 into this commit - trini]

- Added an additional NULL check, as suggested by Simon Glass to
  fit_image_process_sig
- Re-formatted the comment blocks

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Simon Glass <sjg@chromium.org>
[For merging the chnages from v2 back onto v1]
Signed-off-by: Tom Rini <trini@konsulko.com>
tools: Fix return code of fit_image_process_sig() 2016-07-22T18:46:24+00:00 mario.six@gdsys.cc mario.six@gdsys.cc 2016-07-19T09:07:06+00:00 c236ebd2fa04e872bb248c363e558961e1d138f0 When signing images, we repeatedly call fit_add_file_data() with successively increasing size values to include the keys in the DTB. Unfortunately, if large keys are used (such as 4096 bit RSA keys), this process fails sometimes, and mkimage needs to be called repeatedly to integrate the keys into the DTB. This is because fit_add_file_data actually returns the wrong error code, and the loop terminates prematurely, instead of trying again with a larger size value. This patch corrects the return value and also removes a error message, which is misleading, since we actually allow the function to fail. A (hopefully helpful) comment is also added to explain the lack of error message. This is probably related to 1152a05 ("tools: Correct error handling in fit_image_process_hash()") and the corresponding error reported here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html Signed-off-by: Mario Six <mario.six@gdsys.cc> 
When signing images, we repeatedly call fit_add_file_data() with
successively increasing size values to include the keys in the DTB.

Unfortunately, if large keys are used (such as 4096 bit RSA keys), this
process fails sometimes, and mkimage needs to be called repeatedly to
integrate the keys into the DTB.

This is because fit_add_file_data actually returns the wrong error
code, and the loop terminates prematurely, instead of trying again with
a larger size value.

This patch corrects the return value and also removes a error message,
which is misleading, since we actually allow the function to fail. A
(hopefully helpful) comment is also added to explain the lack of error
message.

This is probably related to 1152a05 ("tools: Correct error handling in
fit_image_process_hash()") and the corresponding error reported here:

https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html

Signed-off-by: Mario Six <mario.six@gdsys.cc>
tools: Correct error handling in fit_image_process_hash() 2016-07-14T22:22:37+00:00 Simon Glass sjg@chromium.org 2016-07-03T15:40:44+00:00 1152a05ee6593bf3036337cd18edd355589ea3a8 We should not be returning -1 as an error code. This can mask a situation where we run out of space adding things to the FIT. By returning the correct error in this case (-ENOSPC) it can be handled by the higher-level code. This may fix the error reported by Tom Van Deun here: https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html although I am not sure as I cannot actually repeat it. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Tom Van Deun <tom.vandeun@wapice.com> Reviewed-by: Teddy Reed <teddy.reed@gmail.com> 
We should not be returning -1 as an error code. This can mask a situation
where we run out of space adding things to the FIT. By returning the correct
error in this case (-ENOSPC) it can be handled by the higher-level code.

This may fix the error reported by Tom Van Deun here:

https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html

although I am not sure as I cannot actually repeat it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Tom Van Deun <tom.vandeun@wapice.com>
Reviewed-by: Teddy Reed <teddy.reed@gmail.com>