summaryrefslogtreecommitdiff
path: root/doc/uImage.FIT/signature.txt
diff options
context:
space:
mode:
authorHeiko Schocher <hs@denx.de>2014-03-03 12:19:26 +0100
committerTom Rini <trini@ti.com>2014-03-21 16:39:34 -0400
commit646257d1f4004855d486024527a4784bf57c4c4d (patch)
treea16c9627f823bcb68606b621fe9ff2fe493f90ed /doc/uImage.FIT/signature.txt
parent2842c1c24269a05142802d25520e7cb9035e456c (diff)
downloadu-boot-imx-646257d1f4004855d486024527a4784bf57c4c4d.zip
u-boot-imx-646257d1f4004855d486024527a4784bf57c4c4d.tar.gz
u-boot-imx-646257d1f4004855d486024527a4784bf57c4c4d.tar.bz2
rsa: add sha256-rsa2048 algorithm
based on patch from andreas@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: Heiko Schocher <hs@denx.de> Cc: andreas@oetken.name Cc: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'doc/uImage.FIT/signature.txt')
-rw-r--r--doc/uImage.FIT/signature.txt14
1 files changed, 13 insertions, 1 deletions
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index bc9f3fa..71f8b6c 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -346,7 +346,9 @@ Simple Verified Boot Test
Please see doc/uImage.FIT/verified-boot.txt for more information
+/home/hs/ids/u-boot/sandbox/tools/mkimage -D -I dts -O dtb -p 2000
Build keys
+do sha1 test
Build FIT with signed images
Test Verified Boot Run: unsigned signatures:: OK
Sign images
@@ -355,10 +357,20 @@ Build FIT with signed configuration
Test Verified Boot Run: unsigned config: OK
Sign images
Test Verified Boot Run: signed config: OK
+Test Verified Boot Run: signed config with bad hash: OK
+do sha256 test
+Build FIT with signed images
+Test Verified Boot Run: unsigned signatures:: OK
+Sign images
+Test Verified Boot Run: signed images: OK
+Build FIT with signed configuration
+Test Verified Boot Run: unsigned config: OK
+Sign images
+Test Verified Boot Run: signed config: OK
+Test Verified Boot Run: signed config with bad hash: OK
Test passed
-
Future Work
-----------
- Roll-back protection using a TPM is done using the tpm command. This can