* [PATCH] FIT: make RSA signature verification configurable
@ 2016-01-08 13:24 yegorslists
2016-01-08 16:11 ` Marc Kleine-Budde
0 siblings, 1 reply; 5+ messages in thread
From: yegorslists @ 2016-01-08 13:24 UTC (permalink / raw)
To: barebox
From: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
---
commands/Kconfig | 10 ++++++++++
common/image-fit.c | 15 +++++++++++++--
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/commands/Kconfig b/commands/Kconfig
index 3e4a32a..2fe37b9 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -428,6 +428,16 @@ config CMD_BOOTM_FITIMAGE
tree in the "doc/uImage.FIT" folder for more information:
http://git.denx.de/?p=u-boot.git;a=tree;f=doc/uImage.FIT
+config CMD_BOOTM_FITIMAGE_SIGNATURE
+ bool
+ prompt "Enable signature verification of FIT images"
+ depends on CMD_BOOTM_FITIMAGE
+ help
+ This option enables signature verification of FIT uImages,
+ using a hash signed and verified using RSA. If
+ CONFIG_SHA_PROG_HW_ACCEL is defined, i.e support for progressive
+ hashing is available using hardware, RSA library will use it.
+
config CMD_BOOTU
tristate
default y
diff --git a/common/image-fit.c b/common/image-fit.c
index 296285b..96cc3e2 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -40,6 +40,7 @@
#define CHECK_LEVEL_SIG 2
#define CHECK_LEVEL_MAX 3
+#ifdef CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE
static uint32_t dt_struct_advance(struct fdt_header *f, uint32_t dt, int size)
{
dt += size;
@@ -342,6 +343,7 @@ static int fit_verify_signature(struct device_node *sig_node, void *fit)
out:
return ret;
}
+#endif
static int fit_verify_hash(struct device_node *hash, const void *data, int data_len)
{
@@ -453,10 +455,13 @@ static int fit_open_image(struct fit_handle *handle, const char* unit)
static int fit_open_configuration(struct fit_handle *handle, int num)
{
- struct device_node *conf_node = NULL, *sig_node;
+ struct device_node *conf_node = NULL;
char unit_name[10];
const char *unit, *desc;
- int ret, level;
+ int level;
+#ifdef CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE
+ struct device_node *sig_node;
+#endif
conf_node = of_get_child_by_name(handle->root, "configurations");
if (!conf_node)
@@ -482,7 +487,10 @@ static int fit_open_configuration(struct fit_handle *handle, int num)
}
level = CHECK_LEVEL_MAX;
+
+#ifdef CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE
for_each_child_of_node(conf_node, sig_node) {
+ int ret;
if (handle->verbose)
of_print_nodes(sig_node, 0);
ret = fit_verify_signature(sig_node, handle->fit);
@@ -495,6 +503,9 @@ static int fit_open_configuration(struct fit_handle *handle, int num)
if (level != CHECK_LEVEL_SIG)
return -EINVAL;
+#else
+ level = CHECK_LEVEL_SIG;
+#endif
if (of_property_read_string(conf_node, "kernel", &unit) == 0)
level = min(level, fit_open_image(handle, unit));
--
2.1.4
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] FIT: make RSA signature verification configurable
2016-01-08 13:24 [PATCH] FIT: make RSA signature verification configurable yegorslists
@ 2016-01-08 16:11 ` Marc Kleine-Budde
2016-01-08 16:43 ` Yegor Yefremov
0 siblings, 1 reply; 5+ messages in thread
From: Marc Kleine-Budde @ 2016-01-08 16:11 UTC (permalink / raw)
To: yegorslists, barebox
[-- Attachment #1.1: Type: text/plain, Size: 3482 bytes --]
On 01/08/2016 02:24 PM, yegorslists@googlemail.com wrote:
> From: Yegor Yefremov <yegorslists@googlemail.com>
>
> Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
> ---
> commands/Kconfig | 10 ++++++++++
> common/image-fit.c | 15 +++++++++++++--
> 2 files changed, 23 insertions(+), 2 deletions(-)
>
> diff --git a/commands/Kconfig b/commands/Kconfig
> index 3e4a32a..2fe37b9 100644
> --- a/commands/Kconfig
> +++ b/commands/Kconfig
> @@ -428,6 +428,16 @@ config CMD_BOOTM_FITIMAGE
> tree in the "doc/uImage.FIT" folder for more information:
> http://git.denx.de/?p=u-boot.git;a=tree;f=doc/uImage.FIT
>
> +config CMD_BOOTM_FITIMAGE_SIGNATURE
> + bool
> + prompt "Enable signature verification of FIT images"
Make signature verification mandatory.
> + depends on CMD_BOOTM_FITIMAGE
> + help
> + This option enables signature verification of FIT uImages,
> + using a hash signed and verified using RSA. If
> + CONFIG_SHA_PROG_HW_ACCEL is defined, i.e support for progressive
> + hashing is available using hardware, RSA library will use it.
> +
> config CMD_BOOTU
> tristate
> default y
> diff --git a/common/image-fit.c b/common/image-fit.c
> index 296285b..96cc3e2 100644
> --- a/common/image-fit.c
> +++ b/common/image-fit.c
> @@ -40,6 +40,7 @@
> #define CHECK_LEVEL_SIG 2
> #define CHECK_LEVEL_MAX 3
>
> +#ifdef CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE
> static uint32_t dt_struct_advance(struct fdt_header *f, uint32_t dt, int size)
remove the ifdef.
> {
> dt += size;
> @@ -342,6 +343,7 @@ static int fit_verify_signature(struct device_node *sig_node, void *fit)
> out:
> return ret;
> }
> +#endif
>
> static int fit_verify_hash(struct device_node *hash, const void *data, int data_len)
> {
> @@ -453,10 +455,13 @@ static int fit_open_image(struct fit_handle *handle, const char* unit)
>
> static int fit_open_configuration(struct fit_handle *handle, int num)
> {
> - struct device_node *conf_node = NULL, *sig_node;
> + struct device_node *conf_node = NULL;
> char unit_name[10];
> const char *unit, *desc;
> - int ret, level;
> + int level;
> +#ifdef CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE
> + struct device_node *sig_node;
> +#endif
please remove the ifdef
>
> conf_node = of_get_child_by_name(handle->root, "configurations");
> if (!conf_node)
> @@ -482,7 +487,10 @@ static int fit_open_configuration(struct fit_handle *handle, int num)
> }
>
> level = CHECK_LEVEL_MAX;
> +
> +#ifdef CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE
please replace the ifdef by
if (IS_ENABLED(CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE))
> for_each_child_of_node(conf_node, sig_node) {
> + int ret;
> if (handle->verbose)
> of_print_nodes(sig_node, 0);
> ret = fit_verify_signature(sig_node, handle->fit);
> @@ -495,6 +503,9 @@ static int fit_open_configuration(struct fit_handle *handle, int num)
>
> if (level != CHECK_LEVEL_SIG)
> return -EINVAL;
> +#else
> + level = CHECK_LEVEL_SIG;
> +#endif
>
> if (of_property_read_string(conf_node, "kernel", &unit) == 0)
> level = min(level, fit_open_image(handle, unit));
>
Marc
--
Pengutronix e.K. | Marc Kleine-Budde |
Industrial Linux Solutions | Phone: +49-231-2826-924 |
Vertretung West/Dortmund | Fax: +49-5121-206917-5555 |
Amtsgericht Hildesheim, HRA 2686 | http://www.pengutronix.de |
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 455 bytes --]
[-- Attachment #2: Type: text/plain, Size: 149 bytes --]
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] FIT: make RSA signature verification configurable
2016-01-08 16:11 ` Marc Kleine-Budde
@ 2016-01-08 16:43 ` Yegor Yefremov
2016-01-10 18:14 ` Marc Kleine-Budde
2016-01-11 8:03 ` Sascha Hauer
0 siblings, 2 replies; 5+ messages in thread
From: Yegor Yefremov @ 2016-01-08 16:43 UTC (permalink / raw)
To: Marc Kleine-Budde; +Cc: barebox
On Fri, Jan 8, 2016 at 5:11 PM, Marc Kleine-Budde <mkl@pengutronix.de> wrote:
> On 01/08/2016 02:24 PM, yegorslists@googlemail.com wrote:
>> From: Yegor Yefremov <yegorslists@googlemail.com>
>>
>> Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
>> ---
>> commands/Kconfig | 10 ++++++++++
>> common/image-fit.c | 15 +++++++++++++--
>> 2 files changed, 23 insertions(+), 2 deletions(-)
>>
>> diff --git a/commands/Kconfig b/commands/Kconfig
>> index 3e4a32a..2fe37b9 100644
>> --- a/commands/Kconfig
>> +++ b/commands/Kconfig
>> @@ -428,6 +428,16 @@ config CMD_BOOTM_FITIMAGE
>> tree in the "doc/uImage.FIT" folder for more information:
>> http://git.denx.de/?p=u-boot.git;a=tree;f=doc/uImage.FIT
>>
>> +config CMD_BOOTM_FITIMAGE_SIGNATURE
>> + bool
>> + prompt "Enable signature verification of FIT images"
>
> Make signature verification mandatory.
OK
>> + depends on CMD_BOOTM_FITIMAGE
>> + help
>> + This option enables signature verification of FIT uImages,
>> + using a hash signed and verified using RSA. If
>> + CONFIG_SHA_PROG_HW_ACCEL is defined, i.e support for progressive
>> + hashing is available using hardware, RSA library will use it.
>> +
>> config CMD_BOOTU
>> tristate
>> default y
>> diff --git a/common/image-fit.c b/common/image-fit.c
>> index 296285b..96cc3e2 100644
>> --- a/common/image-fit.c
>> +++ b/common/image-fit.c
>> @@ -40,6 +40,7 @@
>> #define CHECK_LEVEL_SIG 2
>> #define CHECK_LEVEL_MAX 3
>>
>> +#ifdef CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE
>> static uint32_t dt_struct_advance(struct fdt_header *f, uint32_t dt, int size)
>
> remove the ifdef.
What about compile warnings, i.e. function defined, but not used?
>> {
>> dt += size;
>> @@ -342,6 +343,7 @@ static int fit_verify_signature(struct device_node *sig_node, void *fit)
>> out:
>> return ret;
>> }
>> +#endif
>>
>> static int fit_verify_hash(struct device_node *hash, const void *data, int data_len)
>> {
>> @@ -453,10 +455,13 @@ static int fit_open_image(struct fit_handle *handle, const char* unit)
>>
>> static int fit_open_configuration(struct fit_handle *handle, int num)
>> {
>> - struct device_node *conf_node = NULL, *sig_node;
>> + struct device_node *conf_node = NULL;
>> char unit_name[10];
>> const char *unit, *desc;
>> - int ret, level;
>> + int level;
>> +#ifdef CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE
>> + struct device_node *sig_node;
>> +#endif
>
> please remove the ifdef
>
>>
>> conf_node = of_get_child_by_name(handle->root, "configurations");
>> if (!conf_node)
>> @@ -482,7 +487,10 @@ static int fit_open_configuration(struct fit_handle *handle, int num)
>> }
>>
>> level = CHECK_LEVEL_MAX;
>> +
>> +#ifdef CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE
>
> please replace the ifdef by
>
> if (IS_ENABLED(CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE))
>
>> for_each_child_of_node(conf_node, sig_node) {
>> + int ret;
>> if (handle->verbose)
>> of_print_nodes(sig_node, 0);
>> ret = fit_verify_signature(sig_node, handle->fit);
>> @@ -495,6 +503,9 @@ static int fit_open_configuration(struct fit_handle *handle, int num)
>>
>> if (level != CHECK_LEVEL_SIG)
>> return -EINVAL;
>> +#else
>> + level = CHECK_LEVEL_SIG;
>> +#endif
>>
>> if (of_property_read_string(conf_node, "kernel", &unit) == 0)
>> level = min(level, fit_open_image(handle, unit));
>>
Will you include my patch in your patch series, if you'll send v3 or
are you just going to squash my patch into your FIT patch?
Yegor
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] FIT: make RSA signature verification configurable
2016-01-08 16:43 ` Yegor Yefremov
@ 2016-01-10 18:14 ` Marc Kleine-Budde
2016-01-11 8:03 ` Sascha Hauer
1 sibling, 0 replies; 5+ messages in thread
From: Marc Kleine-Budde @ 2016-01-10 18:14 UTC (permalink / raw)
To: Yegor Yefremov; +Cc: barebox
[-- Attachment #1.1: Type: text/plain, Size: 3219 bytes --]
On 01/08/2016 05:43 PM, Yegor Yefremov wrote:
> On Fri, Jan 8, 2016 at 5:11 PM, Marc Kleine-Budde <mkl@pengutronix.de> wrote:
>> On 01/08/2016 02:24 PM, yegorslists@googlemail.com wrote:
>>> From: Yegor Yefremov <yegorslists@googlemail.com>
>>>
>>> Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[...]
>>> diff --git a/common/image-fit.c b/common/image-fit.c
>>> index 296285b..96cc3e2 100644
>>> --- a/common/image-fit.c
>>> +++ b/common/image-fit.c
>>> @@ -40,6 +40,7 @@
>>> #define CHECK_LEVEL_SIG 2
>>> #define CHECK_LEVEL_MAX 3
>>>
>>> +#ifdef CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE
>>> static uint32_t dt_struct_advance(struct fdt_header *f, uint32_t dt, int size)
>>
>> remove the ifdef.
>
> What about compile warnings, i.e. function defined, but not used?
add __maybe_unused if needed.
>
>>> {
>>> dt += size;
>>> @@ -342,6 +343,7 @@ static int fit_verify_signature(struct device_node *sig_node, void *fit)
>>> out:
>>> return ret;
>>> }
>>> +#endif
>>>
>>> static int fit_verify_hash(struct device_node *hash, const void *data, int data_len)
>>> {
>>> @@ -453,10 +455,13 @@ static int fit_open_image(struct fit_handle *handle, const char* unit)
>>>
>>> static int fit_open_configuration(struct fit_handle *handle, int num)
>>> {
>>> - struct device_node *conf_node = NULL, *sig_node;
>>> + struct device_node *conf_node = NULL;
>>> char unit_name[10];
>>> const char *unit, *desc;
>>> - int ret, level;
>>> + int level;
>>> +#ifdef CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE
>>> + struct device_node *sig_node;
>>> +#endif
>>
>> please remove the ifdef
>>
>>>
>>> conf_node = of_get_child_by_name(handle->root, "configurations");
>>> if (!conf_node)
>>> @@ -482,7 +487,10 @@ static int fit_open_configuration(struct fit_handle *handle, int num)
>>> }
>>>
>>> level = CHECK_LEVEL_MAX;
>>> +
>>> +#ifdef CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE
>>
>> please replace the ifdef by
>>
>> if (IS_ENABLED(CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE))
>>
>>> for_each_child_of_node(conf_node, sig_node) {
>>> + int ret;
>>> if (handle->verbose)
>>> of_print_nodes(sig_node, 0);
>>> ret = fit_verify_signature(sig_node, handle->fit);
>>> @@ -495,6 +503,9 @@ static int fit_open_configuration(struct fit_handle *handle, int num)
>>>
>>> if (level != CHECK_LEVEL_SIG)
>>> return -EINVAL;
>>> +#else
>>> + level = CHECK_LEVEL_SIG;
>>> +#endif
>>>
>>> if (of_property_read_string(conf_node, "kernel", &unit) == 0)
>>> level = min(level, fit_open_image(handle, unit));
>>>
>
> Will you include my patch in your patch series, if you'll send v3 or
> are you just going to squash my patch into your FIT patch?
I'll take your patch as a separate patch in my series.
Marc
--
Pengutronix e.K. | Marc Kleine-Budde |
Industrial Linux Solutions | Phone: +49-231-2826-924 |
Vertretung West/Dortmund | Fax: +49-5121-206917-5555 |
Amtsgericht Hildesheim, HRA 2686 | http://www.pengutronix.de |
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 455 bytes --]
[-- Attachment #2: Type: text/plain, Size: 149 bytes --]
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] FIT: make RSA signature verification configurable
2016-01-08 16:43 ` Yegor Yefremov
2016-01-10 18:14 ` Marc Kleine-Budde
@ 2016-01-11 8:03 ` Sascha Hauer
1 sibling, 0 replies; 5+ messages in thread
From: Sascha Hauer @ 2016-01-11 8:03 UTC (permalink / raw)
To: Yegor Yefremov; +Cc: barebox
Hi Yegor,
On Fri, Jan 08, 2016 at 05:43:56PM +0100, Yegor Yefremov wrote:
> On Fri, Jan 8, 2016 at 5:11 PM, Marc Kleine-Budde <mkl@pengutronix.de> wrote:
> > On 01/08/2016 02:24 PM, yegorslists@googlemail.com wrote:
> >> From: Yegor Yefremov <yegorslists@googlemail.com>
> >> diff --git a/common/image-fit.c b/common/image-fit.c
> >> index 296285b..96cc3e2 100644
> >> --- a/common/image-fit.c
> >> +++ b/common/image-fit.c
> >> @@ -40,6 +40,7 @@
> >> #define CHECK_LEVEL_SIG 2
> >> #define CHECK_LEVEL_MAX 3
> >>
> >> +#ifdef CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE
> >> static uint32_t dt_struct_advance(struct fdt_header *f, uint32_t dt, int size)
> >
> > remove the ifdef.
>
> What about compile warnings, i.e. function defined, but not used?
This won't happen when you use IS_ENABLED().
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-01-11 8:04 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-08 13:24 [PATCH] FIT: make RSA signature verification configurable yegorslists
2016-01-08 16:11 ` Marc Kleine-Budde
2016-01-08 16:43 ` Yegor Yefremov
2016-01-10 18:14 ` Marc Kleine-Budde
2016-01-11 8:03 ` Sascha Hauer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox