summaryrefslogtreecommitdiff
path: root/test/vboot
Commit message (Collapse)AuthorAgeLines
* Implement generalised RSA public exponents for verified bootMichael van der Westhuizen2014-08-09-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | Remove the verified boot limitation that only allows a single RSA public exponent of 65537 (F4). This change allows use with existing PKI infrastructure and has been tested with HSM-based PKI. Change the configuration OF tree format to store the RSA public exponent as a 64 bit integer and implement backward compatibility for verified boot configuration trees without this extra field. Parameterise vboot_test.sh to test different public exponents. Mathematics and other hard work by Andrew Bott. Tested with the following public exponents: 3, 5, 17, 257, 39981, 50457, 65537 and 4294967297. Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com> Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com> Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com> Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com> Cc: Simon Glass <sjg@chromium.org>
* sandbox: restore ability to access host fs through standard commandsStephen Warren2014-06-23-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Commit 95fac6ab4589 "sandbox: Use os functions to read host device tree" removed the ability for get_device_and_partition() to handle the "host" device type, and redirect accesses to it to the host filesystem. This broke some unit tests that use this feature. So, revert that change. The code added back by this patch is slightly different to pacify checkpatch. However, we're then left with "host" being both: - A pseudo device that accesses the hosts real filesystem. - An emulated block device, which accesses "sectors" inside a file stored on the host. In order to resolve this discrepancy, rename the pseudo device from host to hostfs, and adjust the unit-tests for this change. The "help sb" output is modified to reflect this rename, and state where the host and hostfs devices should be used. Signed-off-by: Stephen Warren <swarren@nvidia.com> Tested-by: Josh Wu <josh.wu@atmel.com> Acked-by: Simon Glass <sjg@chromium.org> Tested-by: Simon Glass <sjg@chromium.org>
* test: vboot: explicitly request bashStephen Warren2014-06-19-1/+1
| | | | | | | | vboot_test.sh uses Bashisms. Explicitly use #!/bin/bash so the script doesn't fail if /bin/sh isn't Bash. Signed-off-by: Stephen Warren <swarren@nvidia.com> Acked-by: Simon Glass <sjg@chromium.org>
* tools, fit_check_sign: verify a signed fit imageHeiko Schocher2014-03-21-0/+20
| | | | | | | | add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org>
* rsa: add sha256-rsa2048 algorithmHeiko Schocher2014-03-21-28/+125
| | | | | | | | | | | | | | | | | | | | | based on patch from andreas@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: Heiko Schocher <hs@denx.de> Cc: andreas@oetken.name Cc: Simon Glass <sjg@chromium.org>
* Add GPL-2.0+ SPDX-License-Identifier to source filesWolfgang Denk2013-07-24-14/+1
| | | | | | Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com>
* Add verified boot information and testSimon Glass2013-06-26-0/+230
Add a description of how to implement verified boot using signed FIT images, and a simple test which verifies operation on sandbox. The test signs a FIT image and verifies it, then signs a FIT configuration and verifies it. Then it corrupts the signature to check that this is detected. Signed-off-by: Simon Glass <sjg@chromium.org>