Support RSA3072

So far, u-boot verified boot only support RSA2048 and RSA4096.
Add table to support RSA3072

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Change-Id: I98a8b2fabc2d64e5e3c7e04bc

Support RSA3072

So far, u-boot verified boot only support RSA2048 and RSA4096.
Add table to support RSA3072

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Change-Id: I98a8b2fabc2d64e5e3c7e04bc7ba78b9f10cee35

show more ...

Merge branch pull request #7 into aspeed-dev-v2019.04

Change-Id: I4c4f36b8edf63beb7b3afea6e4ba71f254b895c5

Add support for SHA384 and SHA512

The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in

Add support for SHA384 and SHA512

The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
(cherry picked from commit d16b38f42704fe3cc94fbee1601be96045013151)
Signed-off-by: Joel Stanley <joel@jms.id.au>

show more ...

image: Check hash-nodes when checking configurations

It is currently possible to use a different configuration's signature and
thus bypass the configuration check. Make sure that the configuration n

image: Check hash-nodes when checking configurations

It is currently possible to use a different configuration's signature and
thus bypass the configuration check. Make sure that the configuration node
that was hashed matches the one being checked, to catch this problem.

Also add a proper function comment to fit_config_check_sig() and make it
static.

Signed-off-by: Simon Glass <sjg@chromium.org>
(cherry picked from commit 67acad3db71bb372458fbb8a77749f5eb88aa324)
Signed-off-by: Joel Stanley <joel@jms.id.au>

show more ...

image: Return an error message from fit_config_verify_sig()

This function only returns an error message sometimes. Update it to always
return an error message if one is available. This makes it easi

image: Return an error message from fit_config_verify_sig()

This function only returns an error message sometimes. Update it to always
return an error message if one is available. This makes it easier to see
what went wrong.

Signed-off-by: Simon Glass <sjg@chromium.org>
(cherry picked from commit 472f9113dbbbed88345f3d38de3ff37ca163508e)
Signed-off-by: Joel Stanley <joel@jms.id.au>

show more ...

rsa: reject images with unknown padding

Previously we would store NULL in info->padding and jump to an illegal
instruction if an unknown value for "padding" was specified in the
device tree.

Signed

rsa: reject images with unknown padding

Previously we would store NULL in info->padding and jump to an illegal
instruction if an unknown value for "padding" was specified in the
device tree.

Signed-off-by: Patrick Doyle <pdoyle@irobot.com>
(cherry picked from commit 19495dd9b6f5f4e893b56b0c73e14b2e671c3780)
Signed-off-by: Joel Stanley <joel@jms.id.au>

show more ...

Merge branch '2018-12-03-master-imports'

- Baltos platform updates
- rtc m41t62 converted to DM.
- PowerPC MPC8xx DM conversion
- Verified boot updates

rsa: add support of padding pss

We add the support of the padding pss for rsa signature.
This new padding is often recommended instead of pkcs-1.5.

Signed-off-by: Philippe Reynes <philippe.reynes@s

rsa: add support of padding pss

We add the support of the padding pss for rsa signature.
This new padding is often recommended instead of pkcs-1.5.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

rsa: add a structure for the padding

The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to man

rsa: add a structure for the padding

The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to manage several padding algorithm.
The choice of the padding is done in the file .its.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

Merge branch '2018-11-16-master-imports'

- Initial bcm968580xref, am65x_evm_r5 support
- lpc32xx, omap3_logic/am3517_evm updates
- pinctrl command
- fs_loader available for SPL

image-sig: Ensure that hashed-nodes is null-terminated

A specially crafted FIT image leads to memory corruption in the stack
when using the verified boot feature. The function fit_config_check_sig
h

image-sig: Ensure that hashed-nodes is null-terminated

A specially crafted FIT image leads to memory corruption in the stack
when using the verified boot feature. The function fit_config_check_sig
has a logic error that makes it possible to write past the end of the
stack allocated array node_inc. This could potentially be used to bypass
the signature check when using verified boot.

This change ensures that the number of strings is correct when counted.

Signed-off-by: Konrad Beckmann <konrad.beckmann@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

vboot: Do not use hashed-strings offset

The hashed-strings signature property includes two uint32_t values.
The first is unneeded as there should never be a start offset into the
strings region. The

vboot: Do not use hashed-strings offset

The hashed-strings signature property includes two uint32_t values.
The first is unneeded as there should never be a start offset into the
strings region. The second, the size, is needed because the added
signature node appends to this region.

See tools/image-host.c, where a static 0 value is used for the offset.

Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

vboot: Add FIT_SIGNATURE_MAX_SIZE protection

This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature

vboot: Add FIT_SIGNATURE_MAX_SIZE protection

This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.

This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

show more ...

Merge git://git.denx.de/u-boot-dm

fix incorrect usage of DT node unit address in comments

The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is

fix incorrect usage of DT node unit address in comments

The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the tree where node names were mentioned in
comments, to not give bad examples to the reader.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

image-sig: use designated initializers for algorithm

Designated initializers are more readable because we do not
have to check the order in the struct definitions.

Signed-off-by: Masahiro Yamada <y

image-sig: use designated initializers for algorithm

Designated initializers are more readable because we do not
have to check the order in the struct definitions.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot

Signed-off-by: Stefano Babic <sbabic@denx.de>

image: Combine image_sig_algo with image_sign_info

Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer th

image: Combine image_sig_algo with image_sign_info

Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.

Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.

Indirectly adds support for "sha1,rsa4096" signing/verification.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

image: Add crypto_algo struct for RSA info

Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checks

image: Add crypto_algo struct for RSA info

Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checksum and crypto algos.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

rsa: Verify RSA padding programatically

Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SH

rsa: Verify RSA padding programatically

Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SHA/RSA pairings. The padding can be easily computed
according to PKCS#1v2.1 as:

EM = 0x00 || 0x01 || PS || 0x00 || T

where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding
of the hash.

Store DER prefix in checksum_algo and create rsa_verify_padding
function to handle verification of a message for any SHA/RSA pairing.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

Merge git://git.denx.de/u-boot-fdt

libfdt: Sync fdt_for_each_subnode() with upstream

The signature for this macro has changed. Bring in the upstream version and
adjust U-Boot's usages to suit.

Signed-off-by: Simon Glass <sjg@chromiu

libfdt: Sync fdt_for_each_subnode() with upstream

The signature for this macro has changed. Bring in the upstream version and
adjust U-Boot's usages to suit.

Signed-off-by: Simon Glass <sjg@chromium.org>
Update to drivers/power/pmic/palmas.c:
Signed-off-by: Keerthy <j-keerthy@ti.com>

Change-Id: I6cc9021339bfe686f9df21d61a1095ca2b3776e8

show more ...

Merge branch 'master' of git://git.denx.de/u-boot

Merge remote-tracking branch 'u-boot/master' into 'u-boot-arm/master'