u-boot.git/tools/image-host.c, branch v2018.09 Unnamed repository; edit this file 'description' to name the repository. mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures 2018-07-10T20:56:00+00:00 Alex Kiernan alex.kiernan@gmail.com 2018-06-20T20:10:52+00:00 795f452eeff157b994a783d78d00e0108463b993 When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org> 
When generating timestamps in signatures, use imagetool_get_source_date()
so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible
images.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromum.org>
vboot: Do not use hashed-strings offset 2018-07-10T20:55:58+00:00 Teddy Reed teddy.reed@gmail.com 2018-06-09T15:45:20+00:00 7346c1e192d63cd35f99c7e845e53c5d4d0bdc24 The hashed-strings signature property includes two uint32_t values. The first is unneeded as there should never be a start offset into the strings region. The second, the size, is needed because the added signature node appends to this region. See tools/image-host.c, where a static 0 value is used for the offset. Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
The hashed-strings signature property includes two uint32_t values.
The first is unneeded as there should never be a start offset into the
strings region. The second, the size, is needed because the added
signature node appends to this region.

See tools/image-host.c, where a static 0 value is used for the offset.

Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07T13:34:12+00:00 Tom Rini trini@konsulko.com 2018-05-06T21:58:06+00:00 83d290c56fab2d38cd1ab4c4cc7099559c1d5046 When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> 
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
fix incorrect usage of DT node unit address in comments 2018-01-16T01:29:21+00:00 Andre Przywara andre.przywara@arm.com 2017-12-04T02:05:10+00:00 b2267e8a22bd662fff00d3ba9751cfef5773a4b6 The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com> 
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the tree where node names were mentioned in
comments, to not give bad examples to the reader.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
tools: image: fix message when fail to add verification data for config 2017-11-06T14:59:01+00:00 Masahiro Yamada yamada.masahiro@socionext.com 2017-10-27T06:04:21+00:00 76b9cbab25f832a25e51c50a221c0f1ff3632b7c This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 
This function is called when signing configuration nodes.  Adjust
the error message.

I do not know why we do not need to show the error message in case of
ENOSPC.  Remove the if-conditional that seems unnecessary.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
tools: image: allow to sign image nodes without -K option 2017-11-06T14:59:00+00:00 Masahiro Yamada yamada.masahiro@socionext.com 2017-10-27T06:04:20+00:00 6793d017a7679477402f5d30229651dba0db5ed2 If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 
If -K option is missing when you sign image nodes, it fails with
an unclear error message:

  tools/mkimage Can't add hashes to FIT blob: -1

It is hard to figure out the cause of the failure.

In contrast, when you sign configuration nodes, -K is optional because
fit_config_process_sig() returns successfully if keydest is unset.
Probably this is a preferred behavior when you want to update FIT with
the same key; you do not have to update the public key in this case.

So, this commit changes fit_image_process_sig() to continue signing
without keydest.  If ->add_verify_data() fails, show a clearer error
message, which has been borrowed from fit_config_process_sig().

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
tools: image: fix "algo" property of public key for verified boot 2017-11-06T14:59:00+00:00 Masahiro Yamada yamada.masahiro@socionext.com 2017-10-27T04:25:21+00:00 1d88a99d1b9175c41f015631311fd9e5966eb997 The "algo_name" points to a property in a blob being edited. The pointer becomes stale when fit_image_write_sig() inserts signatures. Then crypto->add_verify_data() writes wrong data to the public key destination. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> 
The "algo_name" points to a property in a blob being edited.  The
pointer becomes stale when fit_image_write_sig() inserts signatures.
Then crypto->add_verify_data() writes wrong data to the public key
destination.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
tools: image: fix node name of signature node in FIT 2017-10-23T21:28:17+00:00 Masahiro Yamada yamada.masahiro@socionext.com 2017-10-19T10:16:21+00:00 16067e6b87293eeb1fc4bac3edc0fd675b94d1a8 Both "conf_name" and "sig_name" point to the name of config node. The latter should be the name of the signature node. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Both "conf_name" and "sig_name" point to the name of config node.
The latter should be the name of the signature node.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
mkimage: Add support for signing with pkcs11 2017-01-14T21:47:13+00:00 George McCollister george.mccollister@gmail.com 2017-01-06T19:14:17+00:00 f1ca1fdebf1cde1c37c91b3d85f8b7af111112ea Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com> 
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
image: Combine image_sig_algo with image_sign_info 2016-11-21T19:07:31+00:00 Andrew Duda aduda@meraki.com 2016-11-08T18:53:41+00:00 83dd98e012b55b494ac2bf1f9a5d66f684bfbbe8 Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.

Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.

Indirectly adds support for "sha1,rsa4096" signing/verification.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>