- add sha256,rsa2048 and sha256,rsa4098 support to u-boot. - add "fdt checksign" command to u-boot cmdshell. This command checks, if a fdt is correct signed. - add hosttool "fit_info" which prints the offset and the len of a property from in a fdt file. This values can be used, to extract the data from a property (for example with "dd") - add hosttool "fit_check_sign". This does the same as the u-boot cmdshell tool "fdt sign". It checks, if fit image is correct signed
- changes for v2: - add comments from Simon Glass - add new patch: "[PATCH v2 6/8] gen: Add progressive hash API" from Hung-ying Tyan <tyanh at chromium.org> as Simon Glass mentioned
- changes for v3: - add comments from Simon Glass: - rebased against current head eeb72e67619b98d2502fe634a3a5d9953de92ad0 -> Makefile adaptions necessary introduced from kbuild changes
Heiko Schocher (8): tools/image-host: fix sign-images bug fdt: add "fdt checksign" command fit: add sha256 support rsa: add sha256-rsa2048 algorithm rsa: add sha256,rsa4096 algorithm gen: Add progressive hash API tools, fit: add fit_info host command tools, fit_check_sign: verify a signed fit image
common/cmd_fdt.c | 42 +++++- common/hash.c | 116 +++++++++++++-- common/image-fit.c | 5 + common/image-sig.c | 63 ++++++++ doc/uImage.FIT/signature.txt | 20 ++- include/fdt_support.h | 5 + include/hash.h | 48 ++++++ include/image.h | 38 ++++- include/rsa-checksum.h | 24 +++ include/rsa.h | 24 +++ lib/fdtdec.c | 20 +++ lib/rsa/Makefile | 2 +- lib/rsa/rsa-checksum.c | 163 +++++++++++++++++++++ lib/rsa/rsa-sign.c | 10 +- lib/rsa/rsa-verify.c | 107 +++++--------- lib/sha256.c | 5 +- .../{sign-configs.its => sign-configs-sha1.its} | 0 test/vboot/sign-configs-sha256.its | 45 ++++++ .../{sign-images.its => sign-images-sha1.its} | 0 test/vboot/sign-images-sha256.its | 42 ++++++ test/vboot/vboot_test.sh | 86 +++++++---- tools/.gitignore | 2 + tools/Makefile | 16 +- tools/fdt_host.h | 2 + tools/fdtdec.c | 1 + tools/fit_check_sign.c | 85 +++++++++++ tools/fit_common.c | 86 +++++++++++ tools/fit_common.h | 22 +++ tools/fit_image.c | 62 +------- tools/fit_info.c | 96 ++++++++++++ tools/image-host.c | 17 ++- tools/rsa-checksum.c | 1 + tools/rsa-verify.c | 1 + tools/sha256.c | 1 + 34 files changed, 1076 insertions(+), 181 deletions(-) create mode 100644 include/rsa-checksum.h create mode 100644 lib/rsa/rsa-checksum.c rename test/vboot/{sign-configs.its => sign-configs-sha1.its} (100%) create mode 100644 test/vboot/sign-configs-sha256.its rename test/vboot/{sign-images.its => sign-images-sha1.its} (100%) create mode 100644 test/vboot/sign-images-sha256.its create mode 100644 tools/fdtdec.c create mode 100644 tools/fit_check_sign.c create mode 100644 tools/fit_common.c create mode 100644 tools/fit_common.h create mode 100644 tools/fit_info.c create mode 100644 tools/rsa-checksum.c create mode 100644 tools/rsa-verify.c create mode 100644 tools/sha256.c
Cc: Simon Glass sjg@chromium.org Cc: Hung-ying Tyan tyanh@chromium.org Cc: andreas@oetken.name