commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.
cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
It is more common to have 0 mean OK, and -ve mean error. Change this
function to work the same way to avoid confusion.
Signed-off-by: Simon Glass <sjg@chromium.org>
add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.
Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Add support for sha256,rsa4096 signatures in u-boot.
Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
Cc: andreas@oetken.name
based on patch from andreas@oetken.name:
http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.
aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head
Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: andreas@oetken.name
Cc: Simon Glass <sjg@chromium.org>
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).
Add support for signing of FIT configurations using the libfdt's region
support.
Please see doc/uImage.FIT/signature.txt for more information.
Signed-off-by: Simon Glass <sjg@chromium.org>
RSA provides a public key encryption facility which is ideal for image
signing and verification.
Images are signed using a private key by mkimage. Then at run-time, the
images are verified using a private key.
This implementation uses openssl for the host part (mkimage). To avoid
bringing large libraries into the U-Boot binary, the RSA public key
is encoded using a simple numeric representation in the device tree.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.
Signed-off-by: Simon Glass <sjg@chromium.org>
This helps to clean up the include/ directory so that it only contains
non-architecture-specific headers and also matches Linux's directory
layout which many U-Boot developers are already familiar with.
Signed-off-by: Peter Tyser <ptyser@xes-inc.com>
The appropriate include/asm-$ARCH directory should already by symlinked
to include/asm so using the whole "asm-$ARCH" path is unnecessary.
This change should also allow us to move the include/asm-$ARCH
directories into their appropriate lib/$ARCH/ directories.
Signed-off-by: Peter Tyser <ptyser@xes-inc.com>
- DDR Ram support for PM520 (MPC5200)
- support for different flash types (PM520)
- USB / IDE / CF-Card / DiskOnChip support for PM520
- 8 bit boot rom support for PM520/CE520
- Add auto SDRAM module detection for MicroSys CPC45 board (MPC8245)
- I2C and RTC support for CPC45
- support of new flash type (28F160C3T) for CPC45
- Correct flash and JFFS2 support for MPC8260ADS
- fix PVR values and clock generation for PowerQUICC II family
(8270/8275/8280)
* Patch by Bernhard Kuhn, 08 Jul 2003:
- add support for M68K targets
* Patch by Ken Chou, 3 Jul:
- Fix PCI config table for A3000
- Fix iobase for natsemi.c
(PCI_BASE_ADDRESS_0 is the IO base register for DP83815)
* Allow to enable "slow" POST routines by key press on power-on
* Fix temperature dependend switching of LCD backlight on LWMON
* Tweak output format for LWMON
Jeroen Hofstee
Simon Glass
Heiko Schocher
Wolfgang Denk
Marek Vasut
Peter Tyser
Jean-Christophe PLAGNIOL-VILLARD
Peter Pearse
Gary Jennejohn
Wolfgang Denk
Wolfgang Denk
wdenk