* [PATCH u-boot v2019.04-aspeed-openbmc 0/7] Blackport SHA512 for FIT
@ 2021-01-28 10:49 Joel Stanley
2021-01-28 10:49 ` [PATCH u-boot v2019.04-aspeed-openbmc 1/7] rsa: reject images with unknown padding Joel Stanley
0 siblings, 1 reply; 4+ messages in thread
From: Joel Stanley @ 2021-01-28 10:49 UTC (permalink / raw)
To: Andrew Jeffery, openbmc
These patches bring SHA512 support to the FIT in u-boot, SPL and
mkimage. The majority of the feature comes in with "Add support for
SHA384 and SHA512", while the rest are relevant bugfixes that have been
made to master since v2019.04.
There is not yet a change to the configuration to enable the new
algorithm and therefore only a minor image size change (an increase of
247 bytes due to "image: Check hash-nodes when checking configurations").
Harald Seiler (1):
common: hash: Remove a debug printf statement
Heinrich Schuchardt (1):
image-fit: fit_check_format check for valid FDT
Patrick Doyle (1):
rsa: reject images with unknown padding
Reuben Dowle (1):
Add support for SHA384 and SHA512
Simon Glass (3):
image: Be a little more verbose when checking signatures
image: Return an error message from fit_config_verify_sig()
image: Check hash-nodes when checking configurations
Kconfig | 26 ++-
common/hash.c | 83 +++++++-
common/image-fit.c | 17 +-
common/image-sig.c | 69 +++++-
common/spl/Kconfig | 34 ++-
include/hash.h | 4 +
include/image.h | 18 ++
include/u-boot/rsa-checksum.h | 1 +
include/u-boot/sha512.h | 38 ++++
lib/Kconfig | 23 ++
lib/Makefile | 1 +
lib/sha512.c | 383 ++++++++++++++++++++++++++++++++++
tools/Makefile | 2 +
tools/image-host.c | 3 +-
14 files changed, 677 insertions(+), 25 deletions(-)
create mode 100644 include/u-boot/sha512.h
create mode 100644 lib/sha512.c
--
2.29.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH u-boot v2019.04-aspeed-openbmc 1/7] rsa: reject images with unknown padding
2021-01-28 10:49 [PATCH u-boot v2019.04-aspeed-openbmc 0/7] Blackport SHA512 for FIT Joel Stanley
@ 2021-01-28 10:49 ` Joel Stanley
0 siblings, 0 replies; 4+ messages in thread
From: Joel Stanley @ 2021-01-28 10:49 UTC (permalink / raw)
To: Andrew Jeffery, openbmc; +Cc: Patrick Doyle, Patrick Doyle
From: Patrick Doyle <wpdster@gmail.com>
Previously we would store NULL in info->padding and jump to an illegal
instruction if an unknown value for "padding" was specified in the
device tree.
Signed-off-by: Patrick Doyle <pdoyle@irobot.com>
(cherry picked from commit 19495dd9b6f5f4e893b56b0c73e14b2e671c3780)
Signed-off-by: Joel Stanley <joel@jms.id.au>
---
common/image-sig.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/image-sig.c b/common/image-sig.c
index 4f6b4ec412c3..004fbc525b5c 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -211,7 +211,7 @@ static int fit_image_setup_verify(struct image_sign_info *info,
info->required_keynode = required_keynode;
printf("%s:%s", algo_name, info->keyname);
- if (!info->checksum || !info->crypto) {
+ if (!info->checksum || !info->crypto || !info->padding) {
*err_msgp = "Unknown signature algorithm";
return -1;
}
--
2.29.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH u-boot v2019.04-aspeed-openbmc 1/7] rsa: reject images with unknown padding
2021-01-28 10:52 ` [PATCH u-boot v2019.04-aspeed-openbmc 1/7] rsa: reject images with unknown padding Joel Stanley
@ 2021-01-28 19:48 ` Klaus Heinrich Kiwi
0 siblings, 0 replies; 4+ messages in thread
From: Klaus Heinrich Kiwi @ 2021-01-28 19:48 UTC (permalink / raw)
To: Joel Stanley, Andrew Jeffery, openbmc
On 1/28/2021 7:52 AM, Joel Stanley wrote:
> From: Patrick Doyle <wpdster@gmail.com>
>
> Previously we would store NULL in info->padding and jump to an illegal
> instruction if an unknown value for "padding" was specified in the
> device tree.
>
> printf("%s:%s", algo_name, info->keyname);
>
> - if (!info->checksum || !info->crypto) {
> + if (!info->checksum || !info->crypto || !info->padding) {
Reviewed-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
> *err_msgp = "Unknown signature algorithm";
> return -1;
> }
>
--
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH u-boot v2019.04-aspeed-openbmc 1/7] rsa: reject images with unknown padding
2021-01-28 10:52 [PATCH u-boot v2019.04-aspeed-openbmc 0/7] Blackport SHA512 for FIT Joel Stanley
@ 2021-01-28 10:52 ` Joel Stanley
2021-01-28 19:48 ` Klaus Heinrich Kiwi
0 siblings, 1 reply; 4+ messages in thread
From: Joel Stanley @ 2021-01-28 10:52 UTC (permalink / raw)
To: Andrew Jeffery, openbmc
From: Patrick Doyle <wpdster@gmail.com>
Previously we would store NULL in info->padding and jump to an illegal
instruction if an unknown value for "padding" was specified in the
device tree.
Signed-off-by: Patrick Doyle <pdoyle@irobot.com>
(cherry picked from commit 19495dd9b6f5f4e893b56b0c73e14b2e671c3780)
Signed-off-by: Joel Stanley <joel@jms.id.au>
---
common/image-sig.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/image-sig.c b/common/image-sig.c
index 4f6b4ec412c3..004fbc525b5c 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -211,7 +211,7 @@ static int fit_image_setup_verify(struct image_sign_info *info,
info->required_keynode = required_keynode;
printf("%s:%s", algo_name, info->keyname);
- if (!info->checksum || !info->crypto) {
+ if (!info->checksum || !info->crypto || !info->padding) {
*err_msgp = "Unknown signature algorithm";
return -1;
}
--
2.29.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-01-28 19:49 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-28 10:49 [PATCH u-boot v2019.04-aspeed-openbmc 0/7] Blackport SHA512 for FIT Joel Stanley
2021-01-28 10:49 ` [PATCH u-boot v2019.04-aspeed-openbmc 1/7] rsa: reject images with unknown padding Joel Stanley
2021-01-28 10:52 [PATCH u-boot v2019.04-aspeed-openbmc 0/7] Blackport SHA512 for FIT Joel Stanley
2021-01-28 10:52 ` [PATCH u-boot v2019.04-aspeed-openbmc 1/7] rsa: reject images with unknown padding Joel Stanley
2021-01-28 19:48 ` Klaus Heinrich Kiwi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).