Merge branch pull request #7 into aspeed-dev-v2019.04

Change-Id: I4c4f36b8edf63beb7b3afea6e4ba71f254b895c5

Add support for SHA384 and SHA512

The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in

Add support for SHA384 and SHA512

The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
(cherry picked from commit d16b38f42704fe3cc94fbee1601be96045013151)
Signed-off-by: Joel Stanley <joel@jms.id.au>

show more ...

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

show more ...

Kconfig: Finish migration of hashing commands

Currently these (board agnostic) commands cannot be selected using
menuconfig and friends. Fix this the obvious way. As part of this,
don't muddle the

Kconfig: Finish migration of hashing commands

Currently these (board agnostic) commands cannot be selected using
menuconfig and friends. Fix this the obvious way. As part of this,
don't muddle the meaning of CONFIG_HASH_VERIFY to mean both 'hash -v'
and "we have a hashing command" as this makes the Kconfig logic odd.

Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
[trini: Re-apply, add imply for a few cases, run moveconfig.py, also
migrate CRC32_VERIFY]
Signed-off-by: Tom Rini <trini@konsulko.com>

show more ...

hash.c: Conditionally compile hash_command, static hash_show

The function hash_show is now only called by hash_command, so mark it as
static (and drop from hash.h). We only call hash_command when a

hash.c: Conditionally compile hash_command, static hash_show

The function hash_show is now only called by hash_command, so mark it as
static (and drop from hash.h). We only call hash_command when any of
CONFIG_CMD_CRC32, CONFIG_CMD_SHA1SUM or CONFIG_CMD_HASH are set. Since
hash.c is linked in unconditionally we must take extra care with
functions that bring in read-only strings as these will not be
discarded.

Signed-off-by: Tom Rini <trini@konsulko.com>

show more ...

Merge branch 'u-boot/master' into 'u-boot-arm/master'

autoboot.c: Add feature to stop autobooting via SHA256 encrypted password

This patch adds the feature to only stop the autobooting, and therefor
boot into the U-Boot prompt, when the input string /

autoboot.c: Add feature to stop autobooting via SHA256 encrypted password

This patch adds the feature to only stop the autobooting, and therefor
boot into the U-Boot prompt, when the input string / password matches
a values that is encypted via a SHA256 hash and saved in the environment.

This feature is enabled by defined these config options:
CONFIG_AUTOBOOT_KEYED
CONFIG_AUTOBOOT_STOP_STR_SHA256

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

Merge remote-tracking branch 'u-boot/master' into 'u-boot-arm/master'

Merge branch 'master' of git://git.denx.de/u-boot

Merge branch 'master' of git://git.denx.de/u-boot-dm

Use hash.c in mkimage

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>

hash: Add function to find hash_algo struct with progressive hash

The hash_algo structure has some implementations in which progressive hash
API's are not defined. These are basically the hardware b

hash: Add function to find hash_algo struct with progressive hash

The hash_algo structure has some implementations in which progressive hash
API's are not defined. These are basically the hardware based implementations
of SHA. An API is added to find the algo which has progressive hash API's
defined. This can then be integrated with RSA checksum library which uses
Progressive Hash API's.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot

Signed-off-by: Stefano Babic <sbabic@denx.de>

Conflicts:
boards.cfg

Merge branch 'u-boot/master' into 'u-boot-arm/master'

hash: Use uint8_t in preference to u8

This type is more readily available on the host compiler, so use it instead.

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Export the function to show a hash

This function is useful for displaying a hash value, so export it.

Signed-off-by: Simon Glass <sjg@chromium.org>

Prevent a buffer overflow in mkimage when signing with SHA256

Due to the FIT_MAX_HASH_LEN constant not having been updated
to support SHA256 signatures one will always see a buffer
overflow in fit_i

Prevent a buffer overflow in mkimage when signing with SHA256

Due to the FIT_MAX_HASH_LEN constant not having been updated
to support SHA256 signatures one will always see a buffer
overflow in fit_image_process_hash when signing images that
use this larger hash. This is exposed by vboot_test.sh.

Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Acked-by: Simon Glass <sjg@chromium.org>
[trini: Rework a bit so move the exportable parts of hash.h outside of
!USE_HOSTCC and only need that as a new include to image.h]
Signed-off-by: Tom Rini <trini@ti.com>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot-arm

Merge branch 'u-boot/master'

Conflicts:
drivers/net/Makefile

(trivial merge)

Merge branch 'next'

gen: Add progressive hash API

Add hash_init(), hash_update() and hash_finish() to the
hash_algo struct. Add hash_lookup_algo() to look up the
struct given an algorithm name.

Signed-off-by: Hung-yin

gen: Add progressive hash API

Add hash_init(), hash_update() and hash_finish() to the
hash_algo struct. Add hash_lookup_algo() to look up the
struct given an algorithm name.

Signed-off-by: Hung-ying Tyan <tyanh@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>

show more ...

Merge git://git.denx.de/u-boot-arm

Conflicts:
board/freescale/mx6qsabrelite/Makefile
board/freescale/mx6qsabrelite/mx6qsabrelite.c
include/configs/mx6qsabrelite.h

Signed-off-by: Stefano Babic <s

Merge git://git.denx.de/u-boot-arm

Conflicts:
board/freescale/mx6qsabrelite/Makefile
board/freescale/mx6qsabrelite/mx6qsabrelite.c
include/configs/mx6qsabrelite.h

Signed-off-by: Stefano Babic <sbabic@denx.de>

show more ...

Merge branch 'u-boot/master' into u-boot-arm/master

Add GPL-2.0+ SPDX-License-Identifier to source files

Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>

Merge branch 'u-boot/master' into 'u-boot-arm/master'

Conflicts:
common/cmd_fpga.c
drivers/usb/host/ohci-at91.c