Lines Matching full:signature
1 U-Boot FIT Signature Verification
10 The signature feature allows the hash to be signed with a private key such
25 - sign the hash with a private key to produce a signature
26 - store the resulting signature in the FIT
32 - extract the signature from the FIT
34 - verify (with the public key) that the extracted signature matches the
83 The following properties are required in the FIT's signature node(s) to
85 Signature nodes sit at the same level as hash nodes and are called
86 signature-1, signature-2, etc.
97 - value: The signature data (e.g. 256 bytes for 2048-bit RSA)
142 Public keys should be stored as sub-nodes in a /signature node. Required
186 signature-1 {
188 value = <...kernel signature 1...>
193 signature-1 {
195 value = <...kernel signature 2...>
200 signature-1 {
202 vaue = <...fdt signature 1...>
207 signature-1 {
209 vaue = <...fdt signature 2...>
250 own hash, and we include the hash in the configuration signature.
290 signature-1 {
292 value = <...conf 1 signature...>;
298 signature-1 {
300 value = <...conf 1 signature...>;
308 longer signed), and a signature to each configuration. In the above example,
312 (so that it isn't possible to add or remove root nodes). The signature is
313 written into /configurations/conf-1/signature-1/value. It can easily be
336 WARNING: When relying on signed FIT images with required signature check
369 Signature check OK
383 Signature check OK
434 Signature PIN ....: forced
438 Signature counter : 0
439 Signature key ....: [none]
451 What keysize do you want for the Signature key? (2048) 4096
505 Use the portion of the signature token URL after "pkcs11:" as the keydir argument (-k) to mkimage b…
515 …xxxxx;token=OpenPGP%20card%20%28User%20PIN%20%28sig%29%29;id=%01;object=Signature%20key;type=priva…
517 Label: Signature key
521 Use the label, in this case "Signature key" as the key-name-hint in your FIT.
548 - Enhance bootm to permit scripted signature verification (so that a script