* [PATCH 1/4] doc: signature: update algorithms support description
@ 2023-05-02 4:47 Baruch Siach
2023-05-02 4:47 ` [PATCH 2/4] doc: signature: update algorithm addition description Baruch Siach
` (3 more replies)
0 siblings, 4 replies; 10+ messages in thread
From: Baruch Siach @ 2023-05-02 4:47 UTC (permalink / raw)
To: Simon Glass; +Cc: u-boot, Baruch Siach
U-Boot supports more hash and verification algorithms these days.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
doc/uImage.FIT/signature.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index c71280b63bb6..bc123f512f7b 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -42,8 +42,8 @@ device.
Algorithms
----------
In principle any suitable algorithm can be used to sign and verify a hash.
-At present only one class of algorithms is supported: SHA1 hashing with RSA.
-This works by hashing the image to produce a 20-byte hash.
+U-Boot supports a few hashing and verification algorithms. See below for
+details.
While it is acceptable to bring in large cryptographic libraries such as
openssl on the host side (e.g. mkimage), it is not desirable for U-Boot.
--
2.39.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 2/4] doc: signature: update algorithm addition description
2023-05-02 4:47 [PATCH 1/4] doc: signature: update algorithms support description Baruch Siach
@ 2023-05-02 4:47 ` Baruch Siach
2023-05-03 1:28 ` Simon Glass
2023-05-02 4:47 ` [PATCH 3/4] doc: signature: describe how to enable ECDSA Baruch Siach
` (2 subsequent siblings)
3 siblings, 1 reply; 10+ messages in thread
From: Baruch Siach @ 2023-05-02 4:47 UTC (permalink / raw)
To: Simon Glass; +Cc: u-boot, Baruch Siach
U-Boot now uses the U_BOOT_CRYPTO_ALGO() macro.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
doc/uImage.FIT/signature.txt | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index bc123f512f7b..b6707417ff63 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -56,10 +56,10 @@ of data from the FDT and exponentiation mod n. Code size impact is a little
under 5KB on Tegra Seaboard, for example.
It is relatively straightforward to add new algorithms if required. If
-another RSA variant is needed, then it can be added to the table in
-image-sig.c. If another algorithm is needed (such as DSA) then it can be
-placed alongside rsa.c, and its functions added to the table in image-sig.c
-also.
+another RSA variant is needed, then it can be added with the
+U_BOOT_CRYPTO_ALGO() macro. If another algorithm is needed (such as DSA) then
+it can be placed in a directory alongside lib/rsa/, and its functions added
+using U_BOOT_CRYPTO_ALGO().
Creating an RSA key pair and certificate
--
2.39.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 3/4] doc: signature: describe how to enable ECDSA
2023-05-02 4:47 [PATCH 1/4] doc: signature: update algorithms support description Baruch Siach
2023-05-02 4:47 ` [PATCH 2/4] doc: signature: update algorithm addition description Baruch Siach
@ 2023-05-02 4:47 ` Baruch Siach
2023-05-03 1:28 ` Simon Glass
2023-05-02 4:47 ` [PATCH 4/4] doc: signature: trim the future work list Baruch Siach
2023-05-03 1:27 ` [PATCH 1/4] doc: signature: update algorithms support description Simon Glass
3 siblings, 1 reply; 10+ messages in thread
From: Baruch Siach @ 2023-05-02 4:47 UTC (permalink / raw)
To: Simon Glass; +Cc: u-boot, Baruch Siach
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
doc/uImage.FIT/signature.txt | 1 +
1 file changed, 1 insertion(+)
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index b6707417ff63..240244b30e63 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -439,6 +439,7 @@ be enabled:
CONFIG_FIT_SIGNATURE - enable signing and verification in FITs
CONFIG_RSA - enable RSA algorithm for signing
+CONFIG_ECDSA - enable ECDSA algorithm for signing
WARNING: When relying on signed FIT images with required signature check
the legacy image format is default disabled by not defining
--
2.39.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 4/4] doc: signature: trim the future work list
2023-05-02 4:47 [PATCH 1/4] doc: signature: update algorithms support description Baruch Siach
2023-05-02 4:47 ` [PATCH 2/4] doc: signature: update algorithm addition description Baruch Siach
2023-05-02 4:47 ` [PATCH 3/4] doc: signature: describe how to enable ECDSA Baruch Siach
@ 2023-05-02 4:47 ` Baruch Siach
2023-05-03 1:28 ` Simon Glass
2023-05-03 1:27 ` [PATCH 1/4] doc: signature: update algorithms support description Simon Glass
3 siblings, 1 reply; 10+ messages in thread
From: Baruch Siach @ 2023-05-02 4:47 UTC (permalink / raw)
To: Simon Glass; +Cc: u-boot, Baruch Siach
Since U-Boot supports more RSA/SHA variants, as well as ECDSA, remove
these items from the TODO list.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
doc/uImage.FIT/signature.txt | 2 --
1 file changed, 2 deletions(-)
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index 240244b30e63..21eb3894aada 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -695,8 +695,6 @@ bootm.
Possible Future Work
--------------------
-- Add support for other RSA/SHA variants, such as rsa4096,sha512.
-- Other algorithms besides RSA
- More sandbox tests for failure modes
- Passwords for keys/certificates
- Perhaps implement OAEP
--
2.39.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 1/4] doc: signature: update algorithms support description
2023-05-02 4:47 [PATCH 1/4] doc: signature: update algorithms support description Baruch Siach
` (2 preceding siblings ...)
2023-05-02 4:47 ` [PATCH 4/4] doc: signature: trim the future work list Baruch Siach
@ 2023-05-03 1:27 ` Simon Glass
2023-05-03 3:50 ` Baruch Siach
3 siblings, 1 reply; 10+ messages in thread
From: Simon Glass @ 2023-05-03 1:27 UTC (permalink / raw)
To: Baruch Siach; +Cc: u-boot
On Mon, 1 May 2023 at 22:47, Baruch Siach <baruch@tkos.co.il> wrote:
>
> U-Boot supports more hash and verification algorithms these days.
>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
> doc/uImage.FIT/signature.txt | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Simon Glass <sjg@chromium.org>
Would you be interested in moving this documentation to doc/develop in
the rST format?
Regards,
Simon
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 2/4] doc: signature: update algorithm addition description
2023-05-02 4:47 ` [PATCH 2/4] doc: signature: update algorithm addition description Baruch Siach
@ 2023-05-03 1:28 ` Simon Glass
2023-05-05 12:23 ` Heinrich Schuchardt
0 siblings, 1 reply; 10+ messages in thread
From: Simon Glass @ 2023-05-03 1:28 UTC (permalink / raw)
To: Baruch Siach; +Cc: u-boot
On Mon, 1 May 2023 at 22:47, Baruch Siach <baruch@tkos.co.il> wrote:
>
> U-Boot now uses the U_BOOT_CRYPTO_ALGO() macro.
>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
> doc/uImage.FIT/signature.txt | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 3/4] doc: signature: describe how to enable ECDSA
2023-05-02 4:47 ` [PATCH 3/4] doc: signature: describe how to enable ECDSA Baruch Siach
@ 2023-05-03 1:28 ` Simon Glass
0 siblings, 0 replies; 10+ messages in thread
From: Simon Glass @ 2023-05-03 1:28 UTC (permalink / raw)
To: Baruch Siach; +Cc: u-boot
On Mon, 1 May 2023 at 22:47, Baruch Siach <baruch@tkos.co.il> wrote:
>
Missing commit message
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
> doc/uImage.FIT/signature.txt | 1 +
> 1 file changed, 1 insertion(+)
>
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 4/4] doc: signature: trim the future work list
2023-05-02 4:47 ` [PATCH 4/4] doc: signature: trim the future work list Baruch Siach
@ 2023-05-03 1:28 ` Simon Glass
0 siblings, 0 replies; 10+ messages in thread
From: Simon Glass @ 2023-05-03 1:28 UTC (permalink / raw)
To: Baruch Siach; +Cc: u-boot
On Mon, 1 May 2023 at 22:47, Baruch Siach <baruch@tkos.co.il> wrote:
>
> Since U-Boot supports more RSA/SHA variants, as well as ECDSA, remove
> these items from the TODO list.
>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
> doc/uImage.FIT/signature.txt | 2 --
> 1 file changed, 2 deletions(-)
>
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/4] doc: signature: update algorithms support description
2023-05-03 1:27 ` [PATCH 1/4] doc: signature: update algorithms support description Simon Glass
@ 2023-05-03 3:50 ` Baruch Siach
0 siblings, 0 replies; 10+ messages in thread
From: Baruch Siach @ 2023-05-03 3:50 UTC (permalink / raw)
To: Simon Glass; +Cc: u-boot
Hi Simon,
On Tue, May 02 2023, Simon Glass wrote:
> On Mon, 1 May 2023 at 22:47, Baruch Siach <baruch@tkos.co.il> wrote:
>>
>> U-Boot supports more hash and verification algorithms these days.
>>
>> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
>> ---
>> doc/uImage.FIT/signature.txt | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> Reviewed-by: Simon Glass <sjg@chromium.org>
Thanks.
> Would you be interested in moving this documentation to doc/develop in
> the rST format?
I hope to find some time to help with that.
baruch
--
~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 2/4] doc: signature: update algorithm addition description
2023-05-03 1:28 ` Simon Glass
@ 2023-05-05 12:23 ` Heinrich Schuchardt
0 siblings, 0 replies; 10+ messages in thread
From: Heinrich Schuchardt @ 2023-05-05 12:23 UTC (permalink / raw)
To: Baruch Siach; +Cc: u-boot, Simon Glass
On 5/3/23 03:28, Simon Glass wrote:
> On Mon, 1 May 2023 at 22:47, Baruch Siach <baruch@tkos.co.il> wrote:
>>
>> U-Boot now uses the U_BOOT_CRYPTO_ALGO() macro.
>>
>> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
>> ---
>> doc/uImage.FIT/signature.txt | 8 ++++----
>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>
>
> Reviewed-by: Simon Glass <sjg@chromium.org>
Thanks Baruch for updating the FIT documents.
The information in folder uImage.FIT should be moved to /doc/usage/
except for the its files. A few parts may have to split out into
/doc/devel/.
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2023-05-05 12:24 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-02 4:47 [PATCH 1/4] doc: signature: update algorithms support description Baruch Siach
2023-05-02 4:47 ` [PATCH 2/4] doc: signature: update algorithm addition description Baruch Siach
2023-05-03 1:28 ` Simon Glass
2023-05-05 12:23 ` Heinrich Schuchardt
2023-05-02 4:47 ` [PATCH 3/4] doc: signature: describe how to enable ECDSA Baruch Siach
2023-05-03 1:28 ` Simon Glass
2023-05-02 4:47 ` [PATCH 4/4] doc: signature: trim the future work list Baruch Siach
2023-05-03 1:28 ` Simon Glass
2023-05-03 1:27 ` [PATCH 1/4] doc: signature: update algorithms support description Simon Glass
2023-05-03 3:50 ` Baruch Siach
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.