summaryrefslogtreecommitdiff
path: root/common/image-sig.c
Commit message (Collapse)AuthorAgeLines
* includes: move openssl headers to include/u-bootJeroen Hofstee2014-06-19-2/+2
| | | | | | | | | | | | commit 18b06652cd "tools: include u-boot version of sha256.h" unconditionally forced the sha256.h from u-boot to be used for tools instead of the host version. This is fragile though as it will also include the host version. Therefore move it to include/u-boot to join u-boot/md5.h etc which were renamed for the same reason. cc: Simon Glass <sjg@chromium.org> Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
* Reverse the meaning of the fit_config_verify() return codeSimon Glass2014-06-19-2/+2
| | | | | | | It is more common to have 0 mean OK, and -ve mean error. Change this function to work the same way to avoid confusion. Signed-off-by: Simon Glass <sjg@chromium.org>
* tools, fit_check_sign: verify a signed fit imageHeiko Schocher2014-03-21-8/+10
| | | | | | | | add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org>
* rsa: add sha256,rsa4096 algorithmHeiko Schocher2014-03-21-0/+23
| | | | | | | | Add support for sha256,rsa4096 signatures in u-boot. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> Cc: andreas@oetken.name
* rsa: add sha256-rsa2048 algorithmHeiko Schocher2014-03-21-0/+38
| | | | | | | | | | | | | | | | | | | | | based on patch from andreas@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: Heiko Schocher <hs@denx.de> Cc: andreas@oetken.name Cc: Simon Glass <sjg@chromium.org>
* Add GPL-2.0+ SPDX-License-Identifier to source filesWolfgang Denk2013-07-24-14/+1
| | | | | | Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com>
* image: Add support for signing of FIT configurationsSimon Glass2013-06-26-1/+230
| | | | | | | | | | | | | | | | While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Add RSA support for image signingSimon Glass2013-06-26-0/+7
| | | | | | | | | | | | | | RSA provides a public key encryption facility which is ideal for image signing and verification. Images are signed using a private key by mkimage. Then at run-time, the images are verified using a private key. This implementation uses openssl for the host part (mkimage). To avoid bringing large libraries into the U-Boot binary, the RSA public key is encoded using a simple numeric representation in the device tree. Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Support signing of imagesSimon Glass2013-06-26-0/+144
| | | | | | | | Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Add signing infrastructureSimon Glass2013-06-26-0/+42
Add a structure to describe an algorithm which can sign and (later) verify images. Signed-off-by: Simon Glass <sjg@chromium.org>