| Age | Commit message (Collapse) | Author |
|---|
|
fix a typo in error printf. If FIT_CONFS_PATH is not found
print FIT_CONFS_PATH not FIT_IMAGES_PATH.
Signed-off-by: Heiko Schocher <[email protected]>
Cc: Simon Glass <[email protected]>
Acked-by: Simon Glass <[email protected]>
|
|
At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.
Signed-off-by: Simon Glass <[email protected]>
Acked-by: Heiko Schocher <[email protected]> (v1)
|
|
The original code did not cover every case and there was a missing negative
sign in one case. Expand the coverage and fix the bug.
Signed-off-by: Simon Glass <[email protected]>
|
|
When adding hashes or signatures, the target FDT may be full. Detect this
and automatically try again after making 1KB of space.
Signed-off-by: Simon Glass <[email protected]>
|
|
add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.
Signed-off-by: Heiko Schocher <[email protected]>
Cc: Simon Glass <[email protected]>
|
|
property "sign-images" is never found, fix this.
Signed-off-by: Heiko Schocher <[email protected]>
Acked-by: Simon Glass <[email protected]>
|
|
Signed-off-by: Wolfgang Denk <[email protected]>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <[email protected]>
|
|
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).
Add support for signing of FIT configurations using the libfdt's region
support.
Please see doc/uImage.FIT/signature.txt for more information.
Signed-off-by: Simon Glass <[email protected]>
|
|
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.
Signed-off-by: Simon Glass <[email protected]>
|
|
We intend to add signatures to FITs also, so rename this function so that
it is not specific to hashing. Also rename fit_image_set_hashes() and
make it static since it is not used outside this file.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Marek Vasut <[email protected]>
|
|
This function doesn't need to be exported, and with verification
we want to use it for setting the 'value' property in any node,
so rename it.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Marek Vasut <[email protected]>
|
|
This function has become quite long and much of the body is indented quite
a bit. Move it into a separate function to make it easier to work with.
Signed-off-by: Simon Glass <[email protected]>
Acked-by: Marek Vasut <[email protected]>
|
|
This code is never compiled into U-Boot, so move it into a separate
file in tools/ to avoid the large #ifdef.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Marek Vasut <[email protected]>
|
