From 21d29f7f9f4888a4858b58b368ae7cf8783a6ebf Mon Sep 17 00:00:00 2001
From: Heiko Schocher <hs@denx.de>
Date: Wed, 28 May 2014 11:33:33 +0200
Subject: bootm: make use of legacy image format configurable

make the use of legacy image format configurable through
the config define CONFIG_IMAGE_FORMAT_LEGACY.

When relying on signed FIT images with required signature check
the legacy image format should be disabled. Therefore introduce
this new define and enable legacy image format if CONFIG_FIT_SIGNATURE
is not set. If CONFIG_FIT_SIGNATURE is set disable per default
the legacy image format.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Lars Steubesand <lars.steubesand@philips.com>
Cc: Mike Pearce <mike@kaew.be>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Tom Rini <trini@ti.com>
Cc: Michal Simek <monstr@monstr.eu>
Acked-by: Simon Glass <sjg@chromium.org>
---
 doc/uImage.FIT/signature.txt | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'doc/uImage.FIT/signature.txt')

diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index 9502037..672dc35 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -328,6 +328,9 @@ be enabled:
 CONFIG_FIT_SIGNATURE - enable signing and verfication in FITs
 CONFIG_RSA - enable RSA algorithm for signing
 
+WARNING: When relying on signed FIT images with required signature check
+the legacy image format is default disabled by not defining
+CONFIG_IMAGE_FORMAT_LEGACY
 
 Testing
 -------
-- 
cgit v1.1


From ce1400f6949bbfec01fe381a844b14844cb3be12 Mon Sep 17 00:00:00 2001
From: Simon Glass <sjg@chromium.org>
Date: Thu, 12 Jun 2014 07:24:53 -0600
Subject: Enhance fit_check_sign to check all images

At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)
---
 doc/uImage.FIT/signature.txt | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'doc/uImage.FIT/signature.txt')

diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index 672dc35..a6ab543 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -361,6 +361,7 @@ Test Verified Boot Run: unsigned config: OK
 Sign images
 Test Verified Boot Run: signed config: OK
 check signed config on the host
+Signature check OK
 OK
 Test Verified Boot Run: signed config: OK
 Test Verified Boot Run: signed config with bad hash: OK
@@ -374,12 +375,14 @@ Test Verified Boot Run: unsigned config: OK
 Sign images
 Test Verified Boot Run: signed config: OK
 check signed config on the host
+Signature check OK
 OK
 Test Verified Boot Run: signed config: OK
 Test Verified Boot Run: signed config with bad hash: OK
 
 Test passed
 
+
 Future Work
 -----------
 - Roll-back protection using a TPM is done using the tpm command. This can
-- 
cgit v1.1