make[2]: *** No rule to make target 'lib/acpi/dsdt.asl', needed by
'lib/acpi/dsdt.c'. Stop.
scripts/Makefile.build:394: recipe for target 'lib/acpi' failed
To avoid such error, the generated file is named
dsdt_generated.c instead of dstdt.c.
Signed-off-by:
Hi Simon,
Le 17/02/2022 à 18:55, Simon Glass a écrit :
Hi Philippe,
On Thu, 17 Feb 2022 at 09:10, Philippe Reynes
wrote:
There is a conflict between the static file
lib/acpi/dsdt.c and the file dsdt.c generated
dynamicaly by scripts/Makefile.lib. When a
mrproper is done, the static file
Add a node leds to support the LED IP in the
device tree of the bcm6753.
Signed-off-by: Philippe Reynes
---
arch/arm/dts/bcm6753.dtsi | 7 +++
1 file changed, 7 insertions(+)
diff --git a/arch/arm/dts/bcm6753.dtsi b/arch/arm/dts/bcm6753.dtsi
index bcbb8e17da..e88ab095c2 100644
--- a/arch
Enable the led in the device tree of the refboard bcm96753ref.
It also defines two leds (led_red ad led_green).
Signed-off-by: Philippe Reynes
---
arch/arm/dts/bcm96753ref.dts | 18 ++
1 file changed, 18 insertions(+)
diff --git a/arch/arm/dts/bcm96753ref.dts b/arch/arm/dts
Add the support of the LED IP for bcm6357. This
LED IP supports blinking, fading and pulsating,
but for the moment, only blinking is supported.
Signed-off-by: Philippe Reynes
---
drivers/led/Kconfig | 7 +
drivers/led/Makefile | 1 +
drivers/led/led_bcm6753.c | 270
Enable the led support on the refboard bcm96753ref.
Signed-off-by: Philippe Reynes
---
configs/bcm96753ref_ram_defconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/configs/bcm96753ref_ram_defconfig
b/configs/bcm96753ref_ram_defconfig
index 4474797e3d..2c4408313a 100644
--- a/configs
make[2]: *** No rule to make target 'lib/acpi/dsdt.asl', needed by
'lib/acpi/dsdt.c'. Stop.
scripts/Makefile.build:394: recipe for target 'lib/acpi' failed
To avoid such error, the static file dsdt.c
is renamed to acpi_write_dsdt.c.
Signed-off-by: Philippe
This adds the nand support for chipset bcm6753.
Signed-off-by: Philippe Reynes
---
drivers/mtd/nand/raw/Kconfig | 6 +
drivers/mtd/nand/raw/brcmnand/Makefile | 1 +
drivers/mtd/nand/raw/brcmnand/bcm6753_nand.c | 124 +++
3 files changed, 131 insertions
This IP is also used on some arm SoC, so we allow to
use it on arm bcm6753 too.
Signed-off-by: Philippe Reynes
---
drivers/watchdog/Kconfig | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/watchdog/Kconfig b/drivers/watchdog/Kconfig
index cabac29053..1f3ca99f9a
This IP is also used on some arm SoC, so we allow to
use it on arm bcm6753 too.
Signed-off-by: Philippe Reynes
---
drivers/gpio/Kconfig | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpio/Kconfig b/drivers/gpio/Kconfig
index 8d0e47c67d..1c963c2c53 100644
--- a
This add the initial support of the broadcom reference
board bcm96753ref with a bcm6753 SoC.
This board has 1 GB of RAM, 256 MB of flash (nand),
2 USB port, 1 UART, and 4 ethernet ports.
Signed-off-by: Philippe Reynes
---
arch/arm/Kconfig | 1 +
arch/arm/dts/Makefile
This add the initial support of the broadcom bcm6753 SoC family.
Signed-off-by: Philippe Reynes
---
arch/arm/Kconfig | 7 ++
arch/arm/dts/bcm6753.dtsi | 201 ++
2 files changed, 208 insertions(+)
create mode 100644 arch/arm/dts/bcm6753.dtsi
diff
ree to not
autostart this watchdog.
Signed-off-by: Philippe Reynes
---
drivers/watchdog/wdt-uclass.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/watchdog/wdt-uclass.c b/drivers/watchdog/wdt-uclass.c
index 6d0f473867..dbf556467d 100644
--- a/drivers/watchdog/wd
Adds test units for the pre-load header signature.
Signed-off-by: Philippe Reynes
---
test/py/tests/test_vboot.py | 123 +++---
test/py/tests/vboot/sandbox-binman-pss.dts| 25
test/py/tests/vboot/sandbox-binman.dts| 24
.../tests/vboot
Enable the command verify on sandbox.
Signed-off-by: Philippe Reynes
---
configs/sandbox_defconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index 2732b05ca7..483f01ef79 100644
--- a/configs/sandbox_defconfig
+++ b/configs
Add a stage pre-load to the command bootm.
Right now, this stage may be used to read a
header and check the signature of the full
image.
Reviewed-by: Simon Glass
Signed-off-by: Philippe Reynes
---
boot/bootm.c| 33 +
cmd/Kconfig | 10 ++
cmd
Set the variable key-path with the shell variable
KEY_PATH that contain the keys path (used for signature).
This variable key-path is provided to binman.
Signed-off-by: Philippe Reynes
---
Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/Makefile b/Makefile
index 1ee7089c52
ot device tree
- add script gen_pre_load_header.sh
v2:
- move the code to image-pre-load
- add support of stage pre-load for spl
- add support of stage pre-load on spl_ram
Philippe Reynes (16):
arch: Kconfig: imply BINMAN for SANDBOX
lib: Kconfig: enhance help for ASN1
lib: Kconfig: enhance the
loadaddr && source $loadaddr_verified
Signed-off-by: Philippe Reynes
---
cmd/Kconfig | 7 +++
cmd/Makefile | 1 +
cmd/verify.c | 53
3 files changed, 61 insertions(+)
create mode 100644 cmd/verify.c
diff --git a/cmd/Kconfig b/cm
Adds the support of the pre-load header with the image signature
to binman.
Signed-off-by: Philippe Reynes
---
tools/binman/etype/pre_load.py | 156 +
1 file changed, 156 insertions(+)
create mode 100644 tools/binman/etype/pre_load.py
diff --git a/tools/binman
header.
This is an initial support, later we could add the
support of:
- ciphering
- uncompressing
- ...
Signed-off-by: Philippe Reynes
---
boot/Kconfig | 55 ++
boot/Makefile | 1 +
boot/image-pre-load.c | 408 ++
include/image.h
Add the support of image pre load in spl or tpl
when loading an image from ram.
Reviewed-by: Simon Glass
Signed-off-by: Philippe Reynes
---
common/spl/spl_ram.c | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/common/spl/spl_ram.c b/common/spl/spl_ram.c
Enhance the help for configs ASN1_COMPILER
and ASN1_decoder.
Signed-off-by: Philippe Reynes
---
lib/Kconfig | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/lib/Kconfig b/lib/Kconfig
index 3c6fa99b1a..b0e5d60b3d 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
This commit adds the options:
- SPL_ASN1_DECODER
- SPL_OID_REGISTRY
Signed-off-by: Philippe Reynes
---
lib/Kconfig | 19 +++
lib/Makefile | 7 +--
2 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/lib/Kconfig b/lib/Kconfig
index e749826f22..effe735365 100644
Enhance the help for the config OID_REGISTRY.
Signed-off-by: Philippe Reynes
---
lib/Kconfig | 4
1 file changed, 4 insertions(+)
diff --git a/lib/Kconfig b/lib/Kconfig
index b0e5d60b3d..e749826f22 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -812,6 +812,10 @@ config ASN1_DECODER
config
This commit adds the option SPL_RSA_VERIFY_WITH_PKEY.
Signed-off-by: Philippe Reynes
---
lib/rsa/Kconfig | 19 +++
1 file changed, 19 insertions(+)
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index be9775bcce..b773f17c26 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
This commit enhances mkimage to update the node
/image/pre-load/sig with the public key.
Signed-off-by: Philippe Reynes
---
include/image.h| 15 ++
tools/fit_image.c | 3 ++
tools/image-host.c | 114 +
3 files changed, 132 insertions
Enable the support of stage pre-load in bootm.
For the moment, this stage allow to verify the
signature of the full image with a header.
Signed-off-by: Philippe Reynes
---
configs/sandbox_defconfig | 3 +++
1 file changed, 3 insertions(+)
diff --git a/configs/sandbox_defconfig b/configs
This commit adds the options:
- SPL_ASYMMETRIC_KEY_TYPE
- SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- SPL_RSA_PUBLIC_KEY_PARSER
Signed-off-by: Philippe Reynes
---
lib/Makefile| 3 ++-
lib/crypto/Kconfig | 29 +
lib/crypto/Makefile | 19 +--
3 files
To be able to use BINMAN on sandbox, the config
SANDBOX imply BINMAN.
Signed-off-by: Philippe Reynes
---
arch/Kconfig | 1 +
arch/sandbox/dts/sandbox.dtsi | 3 +++
arch/sandbox/dts/test.dts | 3 +++
test/py/tests/test_fit.py | 3
even if this condition are not verified. To avoid this issue,
the function fdt_check_full is always defined.
Signed-off-by: Philippe Reynes
---
scripts/dtc/libfdt/fdt_ro.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/scripts/dtc/libfdt/fdt_ro.c b/scripts/dtc/li
Hi Johann,
Le 08/02/2022 à 16:43, Johann Neuhauser a écrit :
Dear developers and Simon,
we wanna run secure boot with U-Boot's SPL_FIT_SIGNATURE and FIT_SIGNATURE on
our STM32MP1 boards and discovered the CVE-2021-27097.
To mitigate this vulnerability we wanna enable SPL_LOAD_FIT_FULL and
SPL
Enable the command verify on sandbox.
Signed-off-by: Philippe Reynes
---
configs/sandbox_defconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index 95fa37869f..fa7c552b66 100644
--- a/configs/sandbox_defconfig
+++ b/configs
loadaddr && source $loadaddr_verified
Signed-off-by: Philippe Reynes
---
cmd/Kconfig | 7 +++
cmd/Makefile | 1 +
cmd/verify.c | 53
3 files changed, 61 insertions(+)
create mode 100644 cmd/verify.c
diff --git a/cmd/Kconfig b/cm
Adds test units for the pre-load header signature.
Signed-off-by: Philippe Reynes
---
test/py/tests/test_vboot.py | 119 --
test/py/tests/vboot/sandbox-binman-pss.dts| 25
test/py/tests/vboot/sandbox-binman.dts| 24
.../tests/vboot
Enable the support of stage pre-load in bootm.
For the moment, this stage allow to verify the
signature of the full image with a header.
Signed-off-by: Philippe Reynes
---
configs/sandbox_defconfig | 3 +++
1 file changed, 3 insertions(+)
diff --git a/configs/sandbox_defconfig b/configs
Adds the support of the pre-load header with the image signature
to binman.
Signed-off-by: Philippe Reynes
---
tools/binman/etype/pre_load.py | 156 +
1 file changed, 156 insertions(+)
create mode 100644 tools/binman/etype/pre_load.py
diff --git a/tools/binman
Set the variable key-path with the shell variable
KEY_PATH that contain the keys path (used for signature).
This variable key-path is provided to binman.
Signed-off-by: Philippe Reynes
---
Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/Makefile b/Makefile
index 10879f1f9c
header.
This is an initial support, later we could add the
support of:
- ciphering
- uncompressing
- ...
Signed-off-by: Philippe Reynes
---
boot/Kconfig | 55 ++
boot/Makefile | 1 +
boot/image-pre-load.c | 408 ++
include/image.h
Add the support of image pre load in spl or tpl
when loading an image from ram.
Reviewed-by: Simon Glass
Signed-off-by: Philippe Reynes
---
common/spl/spl_ram.c | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/common/spl/spl_ram.c b/common/spl/spl_ram.c
This commit adds the option SPL_RSA_VERIFY_WITH_PKEY.
Signed-off-by: Philippe Reynes
---
lib/rsa/Kconfig | 19 +++
1 file changed, 19 insertions(+)
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index be9775bcce..b773f17c26 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
This commit adds the options:
- SPL_ASYMMETRIC_KEY_TYPE
- SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- SPL_RSA_PUBLIC_KEY_PARSER
Signed-off-by: Philippe Reynes
---
lib/Makefile| 3 ++-
lib/crypto/Kconfig | 29 +
lib/crypto/Makefile | 19 +--
3 files
This commit enhances mkimage to update the node
/image/pre-load/sig with the public key.
Signed-off-by: Philippe Reynes
---
include/image.h| 15 ++
tools/fit_image.c | 3 ++
tools/image-host.c | 114 +
3 files changed, 132 insertions
Add a stage pre-load to the command bootm.
Right now, this stage may be used to read a
header and check the signature of the full
image.
Reviewed-by: Simon Glass
Signed-off-by: Philippe Reynes
---
boot/bootm.c| 33 +
cmd/Kconfig | 10 ++
cmd
This commit adds the options:
- SPL_ASN1_DECODER
- SPL_OID_REGISTRY
Signed-off-by: Philippe Reynes
---
lib/Kconfig | 19 +++
lib/Makefile | 7 +--
2 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/lib/Kconfig b/lib/Kconfig
index e749826f22..effe735365 100644
Enhance the help for the config OID_REGISTRY.
Signed-off-by: Philippe Reynes
---
lib/Kconfig | 4
1 file changed, 4 insertions(+)
diff --git a/lib/Kconfig b/lib/Kconfig
index b0e5d60b3d..e749826f22 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -812,6 +812,10 @@ config ASN1_DECODER
config
Enable binman on sandbox. It will be used on test unit.
Signed-off-by: Philippe Reynes
---
configs/sandbox_defconfig | 2 ++
1 file changed, 2 insertions(+)
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index 19cde87397..749b0f0155 100644
--- a/configs/sandbox_defconfig
Enhance the help for configs ASN1_COMPILER
and ASN1_decoder.
Signed-off-by: Philippe Reynes
---
lib/Kconfig | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/lib/Kconfig b/lib/Kconfig
index 3c6fa99b1a..b0e5d60b3d 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
Add an empty node /binman on sandbox to avoid an error
on u-boot when binman is enabled.
Signed-off-by: Philippe Reynes
---
arch/sandbox/dts/sandbox.dts | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/sandbox/dts/sandbox.dts b/arch/sandbox/dts/sandbox.dts
index 127f168f02
v2:
- move the code to image-pre-load
- add support of stage pre-load for spl
- add support of stage pre-load on spl_ram
Philippe Reynes (18):
arch: sandbox: add an config SANDBOX_BINMAN
arch: sandbox: dts: sandbox.dts: add empty binman node
configs: sandbox_defconfig: enable SANDBOX_B
Add an config SANDBOX_BINMAN to enable binman
on sandbox. It is useful for test.
Signed-off-by: Philippe Reynes
---
arch/sandbox/Kconfig | 7 +++
1 file changed, 7 insertions(+)
diff --git a/arch/sandbox/Kconfig b/arch/sandbox/Kconfig
index 477c51960d..6d1f36a0e1 100644
--- a/arch/sandbox
Hi Simon,
Le 27/01/2022 à 16:06, Simon Glass a écrit :
Hi Philippe,
On Thu, 27 Jan 2022 at 07:03, Philippe Reynes
wrote:
Adds /tmp/sandbox to sys.path to look for libfdt,
otherwise ci is broken if a py_test uses binman.
Signed-off-by: Philippe Reynes
---
tools/binman/main.py | 1 +
1
Adds /tmp/sandbox to sys.path to look for libfdt,
otherwise ci is broken if a py_test uses binman.
Signed-off-by: Philippe Reynes
---
tools/binman/main.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/binman/main.py b/tools/binman/main.py
index f62394043d..7d52482c0c 100755
--- a
Adds build-sandbox in sys.path to look for libfdt,
otherwise py_test can't use binman.
Signed-off-by: Philippe Reynes
---
tools/binman/main.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/binman/main.py b/tools/binman/main.py
index 35944f314a..f62394043d 100755
--- a/tools/b
Since commit 93b196532254 ("Makefile: Only build dtc if needed"),
the sub directory scripts/dtc is never cleaned.
Adds the directory dtc to subdir to always clean it.
Signed-off-by: Philippe Reynes
---
scripts/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
Hi Rasmus,
First, thanks for the feedback.
Le 06/12/2021 à 09:23, Rasmus Villemoes a écrit :
On 17/11/2021 18.52, Philippe Reynes wrote:
This commit adds a script gen_pre_load_header.sh
that generate the header used by the image pre-load
stage.
Signed-off-by: Philippe Reynes
---
tools
Hi Simon,
Le 25/11/2021 à 01:13, Simon Glass a écrit :
Hi Philippe,
On Wed, 17 Nov 2021 at 10:52, Philippe Reynes
wrote:
This commit enhances mkimage to update the node
/image/pre-load/sig with the public key.
Signed-off-by: Philippe Reynes
---
include/image.h| 15 ++
tools
This commit enhances mkimage to update the node
/image/pre-load/sig with the public key.
Signed-off-by: Philippe Reynes
---
include/image.h| 15 ++
tools/fit_image.c | 3 ++
tools/image-host.c | 116 +
3 files changed, 134 insertions
This commit adds a script gen_pre_load_header.sh
that generate the header used by the image pre-load
stage.
Signed-off-by: Philippe Reynes
---
tools/gen_pre_load_header.sh | 174 +++
1 file changed, 174 insertions(+)
create mode 100755 tools
This commit adds the option SPL_RSA_VERIFY_WITH_PKEY.
Signed-off-by: Philippe Reynes
---
lib/rsa/Kconfig | 8
1 file changed, 8 insertions(+)
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index 469596abe7..608d51c428 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -46,6 +46,14
This commit add the support of image pre load in spl or tpl
when loading an image from ram.
Signed-off-by: Philippe Reynes
---
common/spl/spl_ram.c | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/common/spl/spl_ram.c b/common/spl/spl_ram.c
index
(madatory) : value of the public key
Before running the image, the stage pre-load check
the signature provided in the header.
This is an initial support, later we could add the
support of:
- ciphering
- uncompressing
- ...
Signed-off-by: Philippe Reynes
---
boot/Kconfig | 33 +
boot
This commit adds a stage pre-load to the command
bootm. Right now, this stage may be used to read
a header and check the signature of the full
image.
Signed-off-by: Philippe Reynes
---
boot/bootm.c| 33 +
cmd/Kconfig | 10 ++
cmd/bootm.c | 2
This commit adds the options:
- SPL_ASYMMETRIC_KEY_TYPE
- SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- SPL_RSA_PUBLIC_KEY_PARSER
Signed-off-by: Philippe Reynes
---
lib/Makefile| 2 +-
lib/crypto/Kconfig | 15 +++
lib/crypto/Makefile | 19 +--
3 files changed, 29
This commit adds the options:
- SPL_ASN1_DECODER
- SPL_OID_REGISTRY
Signed-off-by: Philippe Reynes
---
lib/Kconfig | 6 ++
lib/Makefile | 7 +--
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/lib/Kconfig b/lib/Kconfig
index 70bf8e7a46..ebff84f113 100644
--- a/lib
- update mkimage to add public key in u-boot device tree
- add script gen_pre_load_header.sh
v2:
- move the code to image-pre-load
- add support of stage pre-load for spl
- add support of stage pre-load on spl_ram
Philippe Reynes (8):
lib: allow to build asn1 decoder and oid registry in SPL
lib
This commit add the support of image pre load in spl or tpl
when loading an image from ram.
Signed-off-by: Philippe Reynes
---
common/spl/spl_ram.c | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/common/spl/spl_ram.c b/common/spl/spl_ram.c
index
This commit adds a stage pre-load to the command
bootm. Right now, this stage may be used to read
a header and check the signature of the full
image.
Signed-off-by: Philippe Reynes
---
cmd/Kconfig | 9 +
cmd/bootm.c | 2 +-
common/bootm.c | 33
(madatory) : value of the public key
Before running the image, the stage pre-load check
the signature provided in the header.
This is an initial support, later we could add the
support of:
- ciphering
- uncompressing
- ...
Signed-off-by: Philippe Reynes
---
common/Kconfig.boot | 33 +
common
This commit adds the option SPL_RSA_VERIFY_WITH_PKEY.
Signed-off-by: Philippe Reynes
---
lib/rsa/Kconfig | 8
1 file changed, 8 insertions(+)
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index 469596abe7..608d51c428 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -46,6 +46,14
This commit adds the options:
- SPL_ASYMMETRIC_KEY_TYPE
- SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- SPL_RSA_PUBLIC_KEY_PARSER
Signed-off-by: Philippe Reynes
---
lib/Makefile| 2 +-
lib/crypto/Kconfig | 15 +++
lib/crypto/Makefile | 19 +--
3 files changed, 29
This commit adds the options:
- SPL_ASN1_DECODER
- SPL_OID_REGISTRY
Signed-off-by: Philippe Reynes
---
lib/Kconfig | 6 ++
lib/Makefile | 7 +--
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/lib/Kconfig b/lib/Kconfig
index 70bf8e7a46..ebff84f113 100644
--- a/lib
support of stage pre-load for spl
- add support of stage pre-load on spl_ram
Philippe Reynes (6):
lib: allow to build asn1 decoder and oid registry in SPL
lib: crypto: allow to build crypyo in SPL
lib: rsa: allow rsa verify with pkey in SPL
common: image: add a stage pre-load
cmd: bootm
The padding pss is only supported on u-boot and tools since
commit 2bbed3ff8c7f ("image: Use Kconfig to enable FIT_RSASSA_PSS on host")
This commit adds the config SPL_FIT_RSASSA_PSS to support
the padding pss in the SPL.
Signed-off-by: Philippe Reynes
---
common/Kconfig.boot | 7
This commit adds a check on the padding in the function rsa_verify_key
to avoid using a NULL pointer.
Signed-off-by: Philippe Reynes
---
lib/rsa/rsa-verify.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 600c93ab81
Hi Philippe,
On Wed, 24 Mar 2021 at 06:16, Philippe REYNES
mailto:philippe.rey...@softathome.com>> wrote:
>
> Hi Simon and Alex,
>
> Le 23/03/2021 à 01:56, Simon Glass a écrit :
> > Hi Alex,
> >
> > On Tue, 23 Mar 2021 a
This commit enables the stage pre-load in the bootm command.
Signed-off-by: Philippe Reynes
---
configs/sandbox_defconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index 5bc90d09a8..ab0e9213f8 100644
--- a/configs/sandbox_defconfig
the public key
Before running the image, the stage pre-load check
the signature provided in the header.
This is an initial support, later we could add the
support of:
- ciphering
- uncompressing
- ...
Signed-off-by: Philippe Reynes
---
cmd/Kconfig | 9 ++
cmd/bootm.c | 2 +-
common
Hi Simon and Alex,
Le 23/03/2021 à 01:56, Simon Glass a écrit :
Hi Alex,
On Tue, 23 Mar 2021 at 04:12, Alex G. wrote:
On 3/22/21 9:27 AM, Philippe REYNES wrote:
Hi all,
Le 11/03/2021 à 00:10, Alex G a écrit :
[snip]
I reach the same issue, my customers are also worried with the actual
Hi all,
Le 11/03/2021 à 00:10, Alex G a écrit :
On 3/10/21 2:49 PM, Farhan Ali wrote:
On Wed, Mar 10, 2021 at 11:38 AM Alex G. This patch describes "how" you're trying to achieve it, but "what" you
want to achieve. I'll get later into why I think the "how" is
fundamentally flawed.
The
Hi Alex
Le 12/01/2021 à 19:30, Alex G. a écrit :
On 1/12/21 12:18 PM, Philippe Reynes wrote:
Hi Philippe,
In the function rsa_verify_hash, if the "main" key doesn't
work, u-boot try others keys. But it searches those keys
in the FIT image instead of the u-boot device tree.
In the function rsa_verify_hash, if the "main" key doesn't
work, u-boot try others keys. But it searches those keys
in the FIT image instead of the u-boot device tree.
Signed-off-by: Philippe Reynes
---
lib/rsa/rsa-verify.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-
This commits add a check on the command ubi rename. This check avoids
to rename a volume to with a name that is already used on another ubi
volume. If two volumes has the same name, then the ubi device can't be
mounted anymore.
Signed-off-by: Philippe Reynes
---
cmd/ubi.c | 5 +
1
This commit add an option TPL_BOOTCOUNT_LIMIT to
use bootcount on TPL.
Signed-off-by: Philippe Reynes
---
common/spl/Kconfig | 9 -
common/spl/spl.c| 4 +++-
drivers/Makefile| 1 +
include/bootcount.h | 6 +++---
4 files changed, 15 insertions(+), 5 deletions(-)
diff --git a
Hi Joel
Le 08/12/2020 à 05:12, Joel Stanley a écrit :
When CONFIG_FIT_SIGNATURE=n the signing options are not available. If a
user is careful they will notice this when looking at the help output.
If they are not careful they will waste several hours wondering why
their FIT doesn't contain a /
Hi Joel
Le 08/12/2020 à 05:12, Joel Stanley a écrit :
These commands were disabled when CONFIG_FIT_SIGNATURE is disabled, but
they do not depend on crypto support so they can be unconditionally
enabled.
Signed-off-by: Joel Stanley
--
v2: New patch
---
tools/mkimage.c | 11 ++-
1 fi
+0x9a): undefined reference to `image_get_host_blob'
Move the implementation to a common file so it can be shaed between
image-cipher.c and image-fit-sig.c.
Signed-off-by: Joel Stanley
Reviewed-by: Philippe Reynes
---
v2: Fix compilation when signature and ciphering are bo
llect2: error: ld returned 1 exit status
Signed-off-by: Joel Stanley
Reviewed-by: Philippe Reynes
---
tools/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/Makefile b/tools/Makefile
index 253a6b97065b..99a931312cd8 100644
--- a/tools/Makefile
+++ b/t
Hi Joel,
Sorry for this very late answer.
You're right, this is a bad behaviour, but I think that this
solution remove too many options. For example, If signature
is disabled, this solution also disable the padding in the fit image.
Looking a bit deeper, this patch removes all options that are
Hi Joel,
sorry for this very late answer ..
This patch fix this issue when only the ciphering is enabled.
But it breaks the compilation when signature and ciphering are
enabled, because both functions image_set_host_blob and
image_get_host_blob are defined twice.
So it is a NAK for me.
A simpl
_EncryptFinal_ex'
collect2: error: ld returned 1 exit status
Signed-off-by: Joel Stanley
Reviewed-by: Philippe Reynes
---
tools/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/Makefile b/tools/Makefile
index 51123fd92983..103b3ab8a7f2 100644
---
When the hash check fails on a loadable image, the SPL/TPL simply
jump to the next one. This commit changes this behaviour, when the
hash check fails on a loadable image, the function spl_load_simple_fit
stops and report an error.
Signed-off-by: Philippe Reynes
---
common/spl/spl_fit.c | 7
This commit creates a function fit_config_add_hash that will be
used in the next commit to support several 'sub-images'.
Signed-off-by: Philippe Reynes
---
tools/image-host.c | 132 ++---
1 file changed, 76 insertions(+), 56 deletions(-)
di
The propoerty sign-images points to images in the configuration
node. But thoses images may references severals "sub-images" (for
example for images loadable). This commit adds the support of
severals sub-images.
Signed-off-by: Philippe Reynes
---
tools/image-h
According to the manpage of rand, it is recommended
to use random instead of rand. This commit updates
the function get_random_data to use random.
Reported-by: Coverity (CID: 312953)
Signed-off-by: Philippe Reynes
---
tools/image-host.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions
In the function get_random_data, strerrno is called with
the variable ret (which is the return of the function
clock_gettime). It should be called with errnor. This
commit fixes this mistake.
Reported-by: Coverity (CID: 312956)
Signed-off-by: Philippe Reynes
---
tools/image-host.c | 2 +-
1
Lawrance
Reviewed-by: Philippe Reynes
---
drivers/led/led_bcm6858.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/led/led_bcm6858.c b/drivers/led/led_bcm6858.c
index b415d8b2b4..511185ffad 100644
--- a/drivers/led/led_bcm6858.c
+++ b/drivers/led/led_bcm6858.c
This commit add the support of signature check for config node
in spl/tpl when the function spl_load_simple_fit is used.
Signed-off-by: Philippe Reynes
---
common/spl/spl_fit.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index
This commits update the support of sntp to use
the framework udp. This change allows to remove
all the reference to sntp in the main network
file net/net.c.
Signed-off-by: Philippe Reynes
---
Changelog:
v4:
- new patch in the serie
cmd/Kconfig| 1 +
cmd/net.c | 10
This commit enable the support of the generic udp protocol.
Signed-off-by: Philippe Reynes
Reviewed-by: Simon Glass
---
Changelog:
v4:
- no change
v3:
- no change
v2:
- new patch in the serie
configs/sandbox_defconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/configs
101 - 200 of 583 matches
Mail list logo