| /openbmc/u-boot/doc/uImage.FIT/ |
| H A D | signature.txt | 11 that it can be verified using a public key later. Provided that the private
13 any image can be verified in this way.
15 See verified-boot.txt for more general information on verified boot.
153 - required: If present this indicates that the key must be verified for the
155 normally verified by the FIT image booting algorithm. Valid values are
314 verified later even if the FIT has been signed with other keys in the
320 FITs are verified when loaded. After the configuration is selected a list
322 each image must be verified against those keys. This means that every image
352 Simple Verified Boot Test
355 Please see doc/uImage.FIT/verified-boot.txt for more information
[all …]
|
| H A D | verified-boot.txt | 1 U-Boot Verified Boot
6 Verified boot here means the verification of all software loaded into a
10 Verified boot extends from the moment of system reset to as far as you wish
16 which use verified boot. Since the machine will only run software that has
24 Verified boot uses cryptographic algorithms to 'sign' software images.
26 be verified using a public key. As its name suggests the public key can be
96 a standard place. Then when a FIT is loaded it can be verified using that
|
| H A D | beaglebone_vboot.txt | 1 Verified Boot on the Beaglebone Black
7 Before reading this, please read verified-boot.txt and signature.txt. These
11 verified boot works in U-Boot. There is also a test which runs through the
16 for an example of how to enable verified boot using U-Boot.
22 packaged with the kernel. In particular this is important with verified boot,
24 public keys can be changed and verified boot is useless. An attacker can
37 1. Build U-Boot for the board, with the verified boot options enabled.
68 b. Configure and build U-Boot with verified boot enabled:
199 'required' property, which tells U-Boot that this key must be verified for the
302 'dev' and the '+' means that it verified. If it showed '-' that would be bad.
[all …]
|
| /openbmc/linux/fs/verity/ |
| H A D | verify.c | 17 * @hpage, has already been verified.
22 bool verified; in is_hash_block_verified() local
29 * to directly indicate whether the page's block has been verified. in is_hash_block_verified()
40 * to indicate whether each hash block has been verified. in is_hash_block_verified()
43 * re-instantiated from the backing storage are re-verified. To do in is_hash_block_verified()
63 verified = test_bit(hblock_idx, vi->hash_block_verified); in is_hash_block_verified()
75 verified = false; in is_hash_block_verified()
78 return verified; in is_hash_block_verified()
86 * only ascend the tree until an already-verified hash block is seen, and then
140 * the way until we find a hash block that has already been verified, or in verify_data_block()
[all …]
|
| /openbmc/linux/Documentation/admin-guide/device-mapper/ |
| H A D | verity.rst | 127 Hash blocks are still verified each time they are read from the hash device,
129 blocks, and a hash block will not be verified any more after all the data
130 blocks it covers have been verified anyway.
151 dm-verity is meant to be set up as part of a verified boot path. This
157 After instantiation, all hashes will be verified on-demand during
158 disk access. If they cannot be verified up to the root node of the
168 corrupted data will be verified using the cryptographic hash of the
210 the command-line is verified.
|
| /openbmc/u-boot/lib/libavb/ |
| H A D | avb_slot_verify.h | 136 * successfully verified.
156 * The partitions loaded and verified from from the slot are
162 * Rollback indexes for the verified slot are stored in the
204 * will end up pointing to the vbmeta partition for the verified
206 * partition of the verified slot.
214 * the slot that was verified.
221 * struct is verified and descriptors will not processed. The return
296 * AVB_SLOT_VERIFY_RESULT_OK is returned if everything is verified
300 * everything is verified correctly out but one or more public keys
|
| /openbmc/u-boot/test/py/tests/ |
| H A D | test_vboot.py | 4 # U-Boot Verified Boot Test
7 This tests verified boot in the following ways:
11 - Check that verification shows that no keys are verified
13 - Check that verification shows that a key is now verified
39 """Test verified boot signing with mkimage and verification with 'bootm'.
75 with cons.log.section('Verified boot %s %s' % (sha_algo, test_type)):
130 """Test verified boot with the given hash algorithm.
|
| H A D | test_avb.py | 5 # Android Verified Boot 2.0 Test
8 This tests Android Verified Boot 2.0 support in U-boot:
|
| /openbmc/linux/crypto/asymmetric_keys/ |
| H A D | pkcs7_trust.c | 40 if (x509->verified) in pkcs7_validate_trust_one()
41 goto verified; in pkcs7_validate_trust_one()
124 verified: in pkcs7_validate_trust_one()
126 x509->verified = true; in pkcs7_validate_trust_one()
128 p->verified = true; in pkcs7_validate_trust_one()
|
| /openbmc/u-boot/post/drivers/ |
| H A D | rtc.c | 12 * The Real Time Clock (RTC) operation is verified by this test.
13 * The following features are verified:
15 * This is verified by analyzing the rtc_get() return status.
17 * This is verified by reading RTC in polling within
|
| /openbmc/linux/security/integrity/ima/ |
| H A D | Kconfig | 197 be signed and verified by a public key on the trusted IMA
200 Kernel image signatures can not be verified by the original
210 and verified by a public key on the trusted IMA keyring.
212 Kernel module signatures can only be verified by IMA-appraisal,
222 and verified by a key on the trusted IMA keyring.
|
| /openbmc/linux/Documentation/firmware-guide/acpi/ |
| H A D | chromeos-acpi-device.rst | 40 - Chrome OS verified boot data
284 - Offset in CMOS bank 0 of the verified boot non-volatile storage block, counting from
290 - Size in bytes of the verified boot non-volatile storage block.
306 VDTA (Chrome OS verified boot data)
308 This control method returns the verified boot data block shared between the firmware
317 A buffer containing the verified boot data block.
|
| /openbmc/libpldm/tests/fuzz/ |
| H A D | fd-fuzz.cpp | 58 bool verified; member
193 fuzz_ctx->verified = false; in cb_update_component()
226 assert(!fuzz_ctx->verified); in cb_firmware_data()
255 assert(!fuzz_ctx->verified); in cb_verify()
272 fuzz_ctx->verified = true; in cb_verify()
288 assert(fuzz_ctx->verified); in cb_apply()
|
| /openbmc/u-boot/doc/SPL/ |
| H A D | README.spl-secure-boot | 1 Overview of SPL verified boot on powerpc/mpc85xx & arm/layerscape platforms
7 This document provides an overview of how SPL verified boot works on powerpc/
|
| /openbmc/u-boot/common/ |
| H A D | image-sig.c | 289 int verified = 0; in fit_image_verify_sig() local
304 verified = 1; in fit_image_verify_sig()
315 return verified ? 0 : -EPERM; in fit_image_verify_sig()
377 * @return 0 if all verified ok, <0 on error
508 int verified = 0; in fit_config_verify_sig() local
523 verified = 1; in fit_config_verify_sig()
534 if (verified) in fit_config_verify_sig()
|
| /openbmc/qemu/crypto/ |
| H A D | cipher-builtin.c.inc | 68 /* We have already verified that len % AES_BLOCK_SIZE == 0. */
84 /* We have already verified that len % AES_BLOCK_SIZE == 0. */
102 /* We have already verified that len % AES_BLOCK_SIZE == 0. */
124 /* We have already verified that len % AES_BLOCK_SIZE == 0. */
|
| /openbmc/u-boot/doc/ |
| H A D | README.avb2 | 1 Android Verified Boot 2.0
3 This file contains information about the current support of Android Verified
8 Verified Boot establishes a chain of trust from the bootloader to system images
|
| H A D | README.uniphier | 110 Verified Boot
113 U-Boot supports an image verification method called "Verified Boot".
212 To use the Verified Boot, you need to enable the following two options:
252 Please note the "u-boot.bin" must be signed, and verified by someone when it is
256 the system reset. If the Chain of Trust has a breakage somewhere, the verified
259 7. Boot verified kernel
332 If they are not displayed, the Verified Boot is not working.
|
| /openbmc/openbmc-test-automation/lib/ |
| H A D | redfish_request.py | 120 else in case of true, certificate needs to be verified.
167 else in case of true, certificate needs to be verified.
216 else in case of true, certificate needs to be verified.
274 else in case of true, certificate needs to be verified.
330 else in case of true, certificate needs to be verified.
|
| /openbmc/linux/tools/testing/selftests/bpf/progs/ |
| H A D | test_stack_var_off.c | 40 * read would be rejected because the stack slot cannot be verified as in probe()
42 * stack slot still cannot be verified, but the write inhibits the in probe()
|
| /openbmc/linux/drivers/mtd/tests/ |
| H A D | subpagetest.c | 258 pr_info("verified up to eraseblock %u\n", i); in verify_all_eraseblocks_ff()
264 pr_info("verified %u eraseblocks\n", i); in verify_all_eraseblocks_ff()
355 pr_info("verified up to eraseblock %u\n", i); in mtd_subpagetest_init()
361 pr_info("verified %u eraseblocks\n", i); in mtd_subpagetest_init()
399 pr_info("verified up to eraseblock %u\n", i); in mtd_subpagetest_init()
405 pr_info("verified %u eraseblocks\n", i); in mtd_subpagetest_init()
|
| /openbmc/openbmc/poky/meta/recipes-core/initscripts/initscripts-1.0/ |
| H A D | volatiles | 1 # This configuration file lists filesystem objects that should get verified
21 # Thus, if a link is in the place to be verified, the object will be created
|
| /openbmc/u-boot/tools/binman/etype/ |
| H A D | vblock.py | 6 # Support for a Chromium OS verified boot block, used to sign a read-write
18 """An entry which contains a Chromium OS verified boot block
|
| /openbmc/linux/Documentation/ABI/testing/ |
| H A D | sysfs-driver-chromeos-acpi | 132 Returns offset in CMOS bank 0 of the verified boot non-volatile
142 Return the size in bytes of the verified boot non-volatile
150 Returns the verified boot data block shared between the
|
| /openbmc/linux/drivers/md/ |
| H A D | dm-verity-verify-sig.c | 100 * @root_hash: For verity, the roothash/data to be verified.
101 * @root_hash_len: Size of the roothash/data to be verified.
|