1 Apr
2022
1 Apr
'22
1:21 a.m.
On Mon, Mar 28, 2022 at 10:56:59PM +0200, Philippe Reynes wrote:
Add a stage pre-load that could check or modify an image.
For the moment, only a header with a signature is supported. This header has the following format:
- magic : 4 bytes
- version : 4 bytes
- header size : 4 bytes
- image size : 4 bytes
- offset image signature : 4 bytes
- flags : 4 bytes
- reserved0 : 4 bytes
- reserved1 : 4 bytes
- sha256 of the image signature : 32 bytes
- signature of the first 64 bytes : n bytes
- image signature : n bytes
- padding : up to header size
The stage uses a node /image/pre-load/sig to get some informations:
- algo-name (mandatory) : name of the algo used to sign
- padding-name : name of padding used to sign
- signature-size : size of the signature (in the header)
- mandatory : set to yes if this sig is mandatory
- public-key (madatory) : value of the public key
Before running the image, the stage pre-load checks the signature provided in the header.
This is an initial support, later we could add the support of:
- ciphering
- uncompressing
- ...
Signed-off-by: Philippe Reynes philippe.reynes@softathome.com
Applied to u-boot/next, thanks!
--
Tom