[PATCH 1/4] doc: signature: update algorithms support description

[PATCH 1/4] doc: signature: update algorithms support description

[Baruch Siach]

U-Boot supports more hash and verification algorithms these days.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 doc/uImage.FIT/signature.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index c71280b63bb6..bc123f512f7b 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -42,8 +42,8 @@ device.
 Algorithms
 ----------
 In principle any suitable algorithm can be used to sign and verify a hash.
-At present only one class of algorithms is supported: SHA1 hashing with RSA.
-This works by hashing the image to produce a 20-byte hash.
+U-Boot supports a few hashing and verification algorithms. See below for
+details.
 
 While it is acceptable to bring in large cryptographic libraries such as
 openssl on the host side (e.g. mkimage), it is not desirable for U-Boot.
-- 
2.39.2

[PATCH 2/4] doc: signature: update algorithm addition description

[Baruch Siach]

U-Boot now uses the U_BOOT_CRYPTO_ALGO() macro.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 doc/uImage.FIT/signature.txt | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index bc123f512f7b..b6707417ff63 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -56,10 +56,10 @@ of data from the FDT and exponentiation mod n. Code size impact is a little
 under 5KB on Tegra Seaboard, for example.
 
 It is relatively straightforward to add new algorithms if required. If
-another RSA variant is needed, then it can be added to the table in
-image-sig.c. If another algorithm is needed (such as DSA) then it can be
-placed alongside rsa.c, and its functions added to the table in image-sig.c
-also.
+another RSA variant is needed, then it can be added with the
+U_BOOT_CRYPTO_ALGO() macro. If another algorithm is needed (such as DSA) then
+it can be placed in a directory alongside lib/rsa/, and its functions added
+using U_BOOT_CRYPTO_ALGO().
 
 
 Creating an RSA key pair and certificate
-- 
2.39.2

[PATCH 3/4] doc: signature: describe how to enable ECDSA

[Baruch Siach]

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 doc/uImage.FIT/signature.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index b6707417ff63..240244b30e63 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -439,6 +439,7 @@ be enabled:
 
 CONFIG_FIT_SIGNATURE - enable signing and verification in FITs
 CONFIG_RSA - enable RSA algorithm for signing
+CONFIG_ECDSA - enable ECDSA algorithm for signing
 
 WARNING: When relying on signed FIT images with required signature check
 the legacy image format is default disabled by not defining
-- 
2.39.2

[PATCH 4/4] doc: signature: trim the future work list

[Baruch Siach]

Since U-Boot supports more RSA/SHA variants, as well as ECDSA, remove
these items from the TODO list.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 doc/uImage.FIT/signature.txt | 2 --
 1 file changed, 2 deletions(-)

diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index 240244b30e63..21eb3894aada 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -695,8 +695,6 @@ bootm.
 
 Possible Future Work
 --------------------
-- Add support for other RSA/SHA variants, such as rsa4096,sha512.
-- Other algorithms besides RSA
 - More sandbox tests for failure modes
 - Passwords for keys/certificates
 - Perhaps implement OAEP
-- 
2.39.2

Re: [PATCH 1/4] doc: signature: update algorithms support description

[Simon Glass]

On Mon, 1 May 2023 at 22:47, Baruch Siach <baruch@tkos.co.il> wrote:
>
> U-Boot supports more hash and verification algorithms these days.
>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
>  doc/uImage.FIT/signature.txt | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

Reviewed-by: Simon Glass <sjg@chromium.org>

Would you be interested in moving this documentation to doc/develop in
the rST format?

Regards,
Simon

Re: [PATCH 2/4] doc: signature: update algorithm addition description

[Simon Glass]

On Mon, 1 May 2023 at 22:47, Baruch Siach <baruch@tkos.co.il> wrote:
>
> U-Boot now uses the U_BOOT_CRYPTO_ALGO() macro.
>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
>  doc/uImage.FIT/signature.txt | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>

Reviewed-by: Simon Glass <sjg@chromium.org>

Re: [PATCH 3/4] doc: signature: describe how to enable ECDSA

[Simon Glass]

On Mon, 1 May 2023 at 22:47, Baruch Siach <baruch@tkos.co.il> wrote:
>

Missing commit message

> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
>  doc/uImage.FIT/signature.txt | 1 +
>  1 file changed, 1 insertion(+)
>

Reviewed-by: Simon Glass <sjg@chromium.org>

Re: [PATCH 4/4] doc: signature: trim the future work list

[Simon Glass]

On Mon, 1 May 2023 at 22:47, Baruch Siach <baruch@tkos.co.il> wrote:
>
> Since U-Boot supports more RSA/SHA variants, as well as ECDSA, remove
> these items from the TODO list.
>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
>  doc/uImage.FIT/signature.txt | 2 --
>  1 file changed, 2 deletions(-)
>

Reviewed-by: Simon Glass <sjg@chromium.org>

Re: [PATCH 1/4] doc: signature: update algorithms support description

[Baruch Siach]

Hi Simon,

On Tue, May 02 2023, Simon Glass wrote:
> On Mon, 1 May 2023 at 22:47, Baruch Siach <baruch@tkos.co.il> wrote:
>>
>> U-Boot supports more hash and verification algorithms these days.
>>
>> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
>> ---
>>  doc/uImage.FIT/signature.txt | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> Reviewed-by: Simon Glass <sjg@chromium.org>

Thanks.

> Would you be interested in moving this documentation to doc/develop in
> the rST format?

I hope to find some time to help with that.

baruch

-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -

Re: [PATCH 2/4] doc: signature: update algorithm addition description

[Heinrich Schuchardt]

On 5/3/23 03:28, Simon Glass wrote:
> On Mon, 1 May 2023 at 22:47, Baruch Siach <baruch@tkos.co.il> wrote:
>>
>> U-Boot now uses the U_BOOT_CRYPTO_ALGO() macro.
>>
>> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
>> ---
>>   doc/uImage.FIT/signature.txt | 8 ++++----
>>   1 file changed, 4 insertions(+), 4 deletions(-)
>>
>
> Reviewed-by: Simon Glass <sjg@chromium.org>

Thanks Baruch for updating the FIT documents.

The information in folder uImage.FIT should be moved to /doc/usage/
except for the its files. A few parts may have to split out into
/doc/devel/.

Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>