Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-04-23 22:14:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
92490 commits 9 branches 499 tags 334 MiB
Commit graph

8 commits

Author SHA1 Message Date
Bob Wolff
9522956605 Check curve_name for null to avoid crash 
If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent
into the ecdsa verify. Without the ecdsa,curve property, this function will
crash due to lack of checking the null pointer return.

Signed-off-by: Bob Wolff <bob.wolff68@gmail.com>
 2024-03-07 07:41:41 -05:00
Stefano Babic
50195a2346 mkimage: ecdsa: password for signing from environment 
Use a variable (MKIMAGE_SIGN_PASSWORD) like already done for RSA to
allow the signing process to run in batch.

Signed-off-by: Stefano Babic <sbabic@denx.de>
 2023-06-20 16:08:13 -04:00
Tom Rini
b340199f82 spl: Ensure all SPL symbols in Kconfig have some SPL dependency 
Tighten up symbol dependencies in a number of places.  Ensure that a SPL
specific option has at least a direct dependency on SPL.  In places
where it's clear that we depend on something more specific, use that
dependency instead.  This means in a very small number of places we can
drop redundant dependencies.

Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
 2022-07-07 09:29:08 -04:00
Simon Glass
c033dc8c0c image: Return destination node for add_verify_data() method 
It is useful to know where the verification data was written. Update the
API to return this.

Signed-off-by: Simon Glass <sjg@chromium.org>
 2022-01-26 08:50:44 -07:00
Heinrich Schuchardt
3a8b919932 tools: avoid OpenSSL deprecation warnings 
Our Gitlab CI buildsystem is set up to treat warnings as errors.
With OpenSSL 3.0 a lot of deprecation warnings occur.

With the patch compatibility with OpenSSL 1.1.1 is declared.
In the long run we should upgrade our code to use the current API.

A -Wdiscarded-qualifiers warning is muted by casting.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
 2021-12-26 06:57:20 +01:00
Alexandru Gagniuc
928a8be794 lib: ecdsa: Implement UCLASS_ECDSA verification on target 
Implement the crypto_algo .verify() function for ecdsa256. Because
it backends on UCLASS_ECDSA, this change is focused on parsing the
keys from devicetree and passing this information to the specific
UCLASS driver.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
 2021-08-16 10:49:35 +02:00
Alexandru Gagniuc
eb22759e2b lib/ecdsa: Use the 'keydir' argument from mkimage if appropriate 
Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the ECDSA signing path to use the appropriate one.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
 2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
ed6c9e0b66 lib: Add support for ECDSA image signing 
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.

Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
 2021-04-14 15:06:08 -04:00