doc/uImage.FIT/signature.txt

10 The signature feature allows the hash to be signed with a private key such
11 that it can be verified using a public key later. Provided that the private
12 key is kept secret and the public key is stored in a non-volatile place,
25    - sign the hash with a private key to produce a signature
37 The signing is generally performed by mkimage, as part of making a firmware
44 In principle any suitable algorithm can be used to sign and verify a hash.
46 This works by hashing the image to produce a 20-byte hash.
54 which can be used with a very small amount of code - just some extraction
55 of data from the FDT and exponentiation mod n. Code size impact is a little
67 To create a new public/private key pair, size 2048 bits:
72 To create a certificate for this containing the public key:
91 a single directory (parameter -k to mkimage). For a given key <name>, its
115 - sign-images: A list of images to sign, each being a property of the conf
121 - hashed-nodes: A list of nodes which were hashed by the signer. Each is
122 	a string - the full path to node. A typical value might be:
137 In order to verify an image that has been signed with a public key we need to
138 have a trusted public key. This cannot be stored in the signed image, since
142 Public keys should be stored as sub-nodes in a /signature node. Required
149 - key-name-hint: Name of key used for signing. This is only a hint since it
165 - rsa,modulus: Modulus (N) as a big-endian multi-word integer
166 - rsa,exponent: Public exponent (E) as a 64 bit unsigned integer
167 - rsa,r-squared: (2^num-bits)^2 as a big-endian multi-word integer
174 against several types of attack. For example, it it possible to create a
176 that a different one is selected (mix and match attack). It is also possible
177 to substitute a signed image from an older FIT version into a newer FIT
226 Since both kernels are signed it is easy for an attacker to add a new
308 longer signed), and a signature to each configuration. In the above example,
320 FITs are verified when loaded. After the configuration is selected a list
325 This happens automatically as part of a bootm command when FITs are used.
343 provided in test/vboot/vboot_test.sh. This uses sandbox (a special version
344 of U-Boot which runs under Linux) to show the operation of a 'bootm'
347 A sample run is show below:
395 keys are stored on the file system of a computer that is connected to the
400 device like a smartcard, USB token or Hardware Security Module (HSM) and have
452 The card will now be re-configured to generate a key of 4096 bits
457 The card will now be re-configured to generate a key of 4096 bits
459 The card will now be re-configured to generate a key of 4096 bits
470 GnuPG needs to construct a user ID to identify your key.
487 URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%2…
497 URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%2…
511 "pkcs11:model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20car…
512 … URL 'pkcs11:model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP…
515 …KCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20…
530 "model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28…
536 - Roll-back protection using a TPM is done using the tpm command. This can
537 be scripted, but we might consider a default way of doing this, built into
548 - Enhance bootm to permit scripted signature verification (so that a script