1. 21 Mar, 2014 2 commits
    • Heiko Schocher's avatar
      tools, fit_check_sign: verify a signed fit image · 29a23f9d
      Heiko Schocher authored
      add host tool "fit_check_sign" which verifies, if a fit image is
      signed correct.
      Signed-off-by: default avatarHeiko Schocher <hs@denx.de>
      Cc: Simon Glass <sjg@chromium.org>
      29a23f9d
    • Heiko Schocher's avatar
      rsa: add sha256-rsa2048 algorithm · 646257d1
      Heiko Schocher authored
      based on patch from andreas@oetken.name:
      
      http://patchwork.ozlabs.org/patch/294318/
      commit message:
      I currently need support for rsa-sha256 signatures in u-boot and found out that
      the code for signatures is not very generic. Thus adding of different
      hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
      rsa-code. I attached a patch for how I think it could be better and included
      support for rsa-sha256. This is a fast first shot.
      
      aditionally work:
      - removed checkpatch warnings
      - removed compiler warnings
      - rebased against current head
      Signed-off-by: default avatarHeiko Schocher <hs@denx.de>
      Cc: andreas@oetken.name
      Cc: Simon Glass <sjg@chromium.org>
      646257d1
  2. 26 Jun, 2013 2 commits
    • Simon Glass's avatar
      image: Add support for signing of FIT configurations · 4d098529
      Simon Glass authored
      While signing images is useful, it does not provide complete protection
      against several types of attack. For example, it it possible to create a
      FIT with the same signed images, but with the configuration changed such
      that a different one is selected (mix and match attack). It is also possible
      to substitute a signed image from an older FIT version into a newer FIT
      (roll-back attack).
      
      Add support for signing of FIT configurations using the libfdt's region
      support.
      
      Please see doc/uImage.FIT/signature.txt for more information.
      Signed-off-by: default avatarSimon Glass <sjg@chromium.org>
      4d098529
    • Simon Glass's avatar
      image: Add signing infrastructure · 3e569a6b
      Simon Glass authored
      Add a structure to describe an algorithm which can sign and (later) verify
      images.
      Signed-off-by: default avatarSimon Glass <sjg@chromium.org>
      3e569a6b