u-boot.git/tools/Makefile, branch master Unnamed repository; edit this file 'description' to name the repository. lib: Add support for ECDSA image signing 2021-04-14T19:06:08+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:12+00:00 ed6c9e0b6668a05d62f5d1b75aecaf246ba51042 mkimage supports rsa2048, and rsa4096 signatures. With newer silicon now supporting hardware-accelerated ECDSA, it makes sense to expand signing support to elliptic curves. Implement host-side ECDSA signing and verification with libcrypto. Device-side implementation of signature verification is beyond the scope of this patch. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.

Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib/rsa: Make fdt_add_bignum() available outside of RSA code 2021-04-14T19:06:08+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:11+00:00 4c17e5f69170bf033df7b4f1a2b87fa72f18aaf5 fdt_add_bignum() is useful for algorithms other than just RSA. To allow its use for ECDSA, move it to a common file under lib/. The new file is suffixed with '-libcrypto' because it has a direct dependency on openssl. This is due to the use of the "BIGNUM *" type. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
fdt_add_bignum() is useful for algorithms other than just RSA. To
allow its use for ECDSA, move it to a common file under lib/.

The new file is suffixed with '-libcrypto' because it has a direct
dependency on openssl. This is due to the use of the "BIGNUM *" type.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib: Rename rsa-checksum.c to hash-checksum.c 2021-04-14T19:06:08+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:10+00:00 0bcb28dfb946b32ed7550fc4c24c5dcea6718554 rsa-checksum.c sontains the hash_calculate() implementations. Despite the "rsa-" file prefix, this function is useful for other algorithms. To prevent confusion, move this file to lib/, and rename it to hash-checksum.c, to give it a more "generic" feel. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.

To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
arm: mvebu: a38x: Remove dead code ARMADA_39X 2021-03-12T06:44:21+00:00 Pali Rohár pali@kernel.org 2021-03-05T14:52:42+00:00 15942805b7efe47e186d8b30ec378666561ad1f9 Config option ARMADA_39X is never set so remove all dead code hidden under ifdef CONFIG_ARMADA_39X blocks. Also remove useless checks for CONFIG_ARMADA_38X define as this macro is always defined for a38x code path. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de> 
Config option ARMADA_39X is never set so remove all dead code hidden under
ifdef CONFIG_ARMADA_39X blocks.

Also remove useless checks for CONFIG_ARMADA_38X define as this macro is
always defined for a38x code path.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
tools/Makefile: FIT_CIPHER requires libssl 2021-01-22T21:17:52+00:00 Joel Stanley joel@jms.id.au 2020-12-08T04:12:13+00:00 5d40d5f12edac9ffccce955509f4cb4a7aa763a2 If CONFIG_FIT_CIPHER is enabled without CONFIG_FIT_SIGNATURE then mkimage/dumpimage will fail to link: /usr/bin/ld: tools/common/image-cipher.o: in function `fit_image_decrypt_data': image-cipher.c:(.text+0x9a): undefined reference to `image_get_host_blob' /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x10): undefined reference to `EVP_aes_128_cbc' /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x40): undefined reference to `EVP_aes_192_cbc' /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x70): undefined reference to `EVP_aes_256_cbc' /usr/bin/ld: tools/lib/aes/aes-encrypt.o: in function `image_aes_encrypt': aes-encrypt.c:(.text+0x22): undefined reference to `EVP_CIPHER_CTX_new' /usr/bin/ld: aes-encrypt.c:(.text+0x6f): undefined reference to `EVP_EncryptInit_ex' /usr/bin/ld: aes-encrypt.c:(.text+0x8d): undefined reference to `EVP_EncryptUpdate' /usr/bin/ld: aes-encrypt.c:(.text+0xac): undefined reference to `EVP_CIPHER_CTX_free' /usr/bin/ld: aes-encrypt.c:(.text+0xf2): undefined reference to `EVP_EncryptFinal_ex' collect2: error: ld returned 1 exit status Signed-off-by: Joel Stanley <joel@jms.id.au> 
If CONFIG_FIT_CIPHER is enabled without CONFIG_FIT_SIGNATURE then
mkimage/dumpimage will fail to link:

 /usr/bin/ld: tools/common/image-cipher.o: in function `fit_image_decrypt_data':
 image-cipher.c:(.text+0x9a): undefined reference to `image_get_host_blob'
 /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x10): undefined reference to `EVP_aes_128_cbc'
 /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x40): undefined reference to `EVP_aes_192_cbc'
 /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x70): undefined reference to `EVP_aes_256_cbc'
 /usr/bin/ld: tools/lib/aes/aes-encrypt.o: in function `image_aes_encrypt':
 aes-encrypt.c:(.text+0x22): undefined reference to `EVP_CIPHER_CTX_new'
 /usr/bin/ld: aes-encrypt.c:(.text+0x6f): undefined reference to `EVP_EncryptInit_ex'
 /usr/bin/ld: aes-encrypt.c:(.text+0x8d): undefined reference to `EVP_EncryptUpdate'
 /usr/bin/ld: aes-encrypt.c:(.text+0xac): undefined reference to `EVP_CIPHER_CTX_free'
 /usr/bin/ld: aes-encrypt.c:(.text+0xf2): undefined reference to `EVP_EncryptFinal_ex'
 collect2: error: ld returned 1 exit status

Signed-off-by: Joel Stanley <joel@jms.id.au>
tools: mkimage: Add Allwinner eGON support 2021-01-11T23:19:33+00:00 Andre Przywara andre.przywara@arm.com 2018-12-20T01:15:18+00:00 6d295099cc96ed39cd2229dad376ab00baba9a5d So far we used the separate mksunxiboot tool for generating a bootable image for Allwinner SPLs, probably just for historical reasons. Use the mkimage framework to generate a so called eGON image the Allwinner BROM expects. The new image type is called "sunxi_egon", to differentiate it from the (still to be implemented) secure boot TOC0 image. Signed-off-by: Andre Przywara <andre.przywara@arm.com> Reviewed-by: Jernej Skrabec <jernej.skrabec@siol.net> Reviewed-by: Samuel Holland <samuel@sholland.org> Reviewed-by: Simon Glass <sjg@chromium.org> 
So far we used the separate mksunxiboot tool for generating a bootable
image for Allwinner SPLs, probably just for historical reasons.

Use the mkimage framework to generate a so called eGON image the
Allwinner BROM expects.
The new image type is called "sunxi_egon", to differentiate it
from the (still to be implemented) secure boot TOC0 image.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Jernej Skrabec <jernej.skrabec@siol.net>
Reviewed-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Merge tag 'v2021.01-rc5' into next 2021-01-05T21:20:26+00:00 Tom Rini trini@konsulko.com 2021-01-05T21:20:26+00:00 720620e6916ba40b9a173bb07706d2c73f3c23e7 Prepare v2021.01-rc5 Signed-off-by: Tom Rini <trini@konsulko.com> 
Prepare v2021.01-rc5

Signed-off-by: Tom Rini <trini@konsulko.com>
mkeficapsule: Add support for embedding public key in a dtb 2020-12-31T13:41:31+00:00 Sughosh Ganu sughosh.ganu@linaro.org 2020-12-30T13:56:59+00:00 322c813f4becb6a256e0eeedd8e6a856bb075dfc Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> 
Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.

The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>

In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>

This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
tools: add mkeficapsule command for UEFI capsule update 2020-12-03T20:22:50+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-11-30T09:12:15+00:00 fab430be2f48a61eea470468ec57b0454707e2b4 This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
This is a utility mainly for test purpose.
  mkeficapsule -f: create a test capsule file for FIT image firmware

Having said that, you will be able to customize the code to fit
your specific requirements for your platform.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
mips: octeon: tools: Add update_octeon_header tool 2020-11-30T17:32:09+00:00 Stefan Roese sr@denx.de 2020-11-30T12:14:23+00:00 540a2bcec1389a3a31c23b5275e73186be6102b2 Add a tool to update or insert an Octeon specific header into the U-Boot image. This is needed e.g. for booting via SPI NOR, eMMC and NAND. While working on this, move enum cvmx_board_types_enum and cvmx_board_type_to_string() to cvmx-bootloader.h and remove the unreferenced (unsupported) board definition. Signed-off-by: Stefan Roese <sr@denx.de> Cc: Aaron Williams <awilliams@marvell.com> Cc: Chandrakala Chavva <cchavva@marvell.com> Cc: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> 
Add a tool to update or insert an Octeon specific header into the U-Boot
image. This is needed e.g. for booting via SPI NOR, eMMC and NAND.

While working on this, move enum cvmx_board_types_enum and
cvmx_board_type_to_string() to cvmx-bootloader.h and remove the
unreferenced (unsupported) board definition.

Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Aaron Williams <awilliams@marvell.com>
Cc: Chandrakala Chavva <cchavva@marvell.com>
Cc: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>