[PATCH] lib: acpi: rename dsdt.c to acpi_write_dsdt.c

make[2]: *** No rule to make target 'lib/acpi/dsdt.asl', needed by 'lib/acpi/dsdt.c'. Stop. scripts/Makefile.build:394: recipe for target 'lib/acpi' failed To avoid such error, the static file dsdt.c is renamed to acpi_write_dsdt.c. Signed-off-by: Philippe Reynes --- lib/acpi/Makefile

[PATCH 3/5] nand: brcmnand: add bcm6753 support

This adds the nand support for chipset bcm6753. Signed-off-by: Philippe Reynes --- drivers/mtd/nand/raw/Kconfig | 6 + drivers/mtd/nand/raw/brcmnand/Makefile | 1 + drivers/mtd/nand/raw/brcmnand/bcm6753_nand.c | 124 +++ 3 files changed, 131 insertions

[PATCH 4/5] watchdog: bcm6345: allow to use this driver on arm bcm6753

This IP is also used on some arm SoC, so we allow to use it on arm bcm6753 too. Signed-off-by: Philippe Reynes --- drivers/watchdog/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/watchdog/Kconfig b/drivers/watchdog/Kconfig index cabac29053..1f3ca99f9a

[PATCH 2/5] gpio: bcm6345: allow to use this driver on arm bcm6753

This IP is also used on some arm SoC, so we allow to use it on arm bcm6753 too. Signed-off-by: Philippe Reynes --- drivers/gpio/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpio/Kconfig b/drivers/gpio/Kconfig index 8d0e47c67d..1c963c2c53 100644

[PATCH 5/5] bcm96753ref: add initial support

This add the initial support of the broadcom reference board bcm96753ref with a bcm6753 SoC. This board has 1 GB of RAM, 256 MB of flash (nand), 2 USB port, 1 UART, and 4 ethernet ports. Signed-off-by: Philippe Reynes --- arch/arm/Kconfig | 1 + arch/arm/dts/Makefile

[PATCH 1/5] bcm6753: add initial support

This add the initial support of the broadcom bcm6753 SoC family. Signed-off-by: Philippe Reynes --- arch/arm/Kconfig | 7 ++ arch/arm/dts/bcm6753.dtsi | 201 ++ 2 files changed, 208 insertions(+) create mode 100644 arch/arm/dts/bcm6753.dtsi diff

[PATCH] drivers: watchdog: wdt-uclass.c: add a property u-boot, noautostart

evice tree to not autostart this watchdog. Signed-off-by: Philippe Reynes --- drivers/watchdog/wdt-uclass.c | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/watchdog/wdt-uclass.c b/drivers/watchdog/wdt-uclass.c index 6d0f473867..dbf556467d 100644 --- a/drivers/watchdog/wd

[PATCH v5 14/16] test: py: vboot: add test for global image signature

Adds test units for the pre-load header signature. Signed-off-by: Philippe Reynes --- test/py/tests/test_vboot.py | 123 +++--- test/py/tests/vboot/sandbox-binman-pss.dts| 25 test/py/tests/vboot/sandbox-binman.dts| 24 .../tests/vboot

[PATCH v5 16/16] configs: sandbox_defconfig: enable config CMD_VERIFY

Enable the command verify on sandbox. Signed-off-by: Philippe Reynes --- configs/sandbox_defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 2732b05ca7..483f01ef79 100644 --- a/configs/sandbox_defconfig +++ b/configs

[PATCH v5 08/16] cmd: bootm: add a stage pre-load

Add a stage pre-load to the command bootm. Right now, this stage may be used to read a header and check the signature of the full image. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- boot/bootm.c| 33 + cmd/Kconfig | 10 ++ cmd

[PATCH v5 11/16] Makefile: provide sah-key to binman

Set the variable key-path with the shell variable KEY_PATH that contain the keys path (used for signature). This variable key-path is provided to binman. Signed-off-by: Philippe Reynes --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 1ee7089c52

[PATCH v5 00/16] image: add a stage pre-load

ot device tree - add script gen_pre_load_header.sh v2: - move the code to image-pre-load - add support of stage pre-load for spl - add support of stage pre-load on spl_ram Philippe Reynes (16): arch: Kconfig: imply BINMAN for SANDBOX lib: Kconfig: enhance help for ASN1 lib: Kconfig: enhance the

[PATCH v5 15/16] cmd: verify: initial import

amp;& source $loadaddr_verified Signed-off-by: Philippe Reynes --- cmd/Kconfig | 7 +++ cmd/Makefile | 1 + cmd/verify.c | 53 3 files changed, 61 insertions(+) create mode 100644 cmd/verify.c diff --git a/cmd/Kconfig b/cmd/Kconfig

[PATCH v5 12/16] tools: binman: add support for pre-load header

Adds the support of the pre-load header with the image signature to binman. Signed-off-by: Philippe Reynes --- tools/binman/etype/pre_load.py | 156 + 1 file changed, 156 insertions(+) create mode 100644 tools/binman/etype/pre_load.py diff --git a/tools/binman

[PATCH v5 07/16] boot: image: add a stage pre-load

in the header. This is an initial support, later we could add the support of: - ciphering - uncompressing - ... Signed-off-by: Philippe Reynes --- boot/Kconfig | 55 ++ boot/Makefile | 1 + boot/image-pre-load.c | 408 ++ include/image.h

[PATCH v5 09/16] common: spl: fit_ram: allow to use image pre load

Add the support of image pre load in spl or tpl when loading an image from ram. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- common/spl/spl_ram.c | 21 - 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/common/spl/spl_ram.c b/common/spl/spl_ram.c

[PATCH v5 02/16] lib: Kconfig: enhance help for ASN1

Enhance the help for configs ASN1_COMPILER and ASN1_decoder. Signed-off-by: Philippe Reynes --- lib/Kconfig | 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/Kconfig b/lib/Kconfig index 3c6fa99b1a..b0e5d60b3d 100644 --- a/lib/Kconfig +++ b/lib/Kconfig

[PATCH v5 04/16] lib: allow to build asn1 decoder and oid registry in SPL

This commit adds the options: - SPL_ASN1_DECODER - SPL_OID_REGISTRY Signed-off-by: Philippe Reynes --- lib/Kconfig | 19 +++ lib/Makefile | 7 +-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/lib/Kconfig b/lib/Kconfig index e749826f22..effe735365 100644

[PATCH v5 03/16] lib: Kconfig: enhance the help of OID_REGISTRY

Enhance the help for the config OID_REGISTRY. Signed-off-by: Philippe Reynes --- lib/Kconfig | 4 1 file changed, 4 insertions(+) diff --git a/lib/Kconfig b/lib/Kconfig index b0e5d60b3d..e749826f22 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -812,6 +812,10 @@ config ASN1_DECODER config

[PATCH v5 06/16] lib: rsa: allow rsa verify with pkey in SPL

This commit adds the option SPL_RSA_VERIFY_WITH_PKEY. Signed-off-by: Philippe Reynes --- lib/rsa/Kconfig | 19 +++ 1 file changed, 19 insertions(+) diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index be9775bcce..b773f17c26 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig

[PATCH v5 10/16] mkimage: add public key for image pre-load stage

This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Signed-off-by: Philippe Reynes --- include/image.h| 15 ++ tools/fit_image.c | 3 ++ tools/image-host.c | 114 + 3 files changed, 132 insertions

[PATCH v5 13/16] configs: sandbox_defconfig: enable stage pre-load in bootm

Enable the support of stage pre-load in bootm. For the moment, this stage allow to verify the signature of the full image with a header. Signed-off-by: Philippe Reynes --- configs/sandbox_defconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configs/sandbox_defconfig b/configs

[PATCH v5 05/16] lib: crypto: allow to build crypyo in SPL

This commit adds the options: - SPL_ASYMMETRIC_KEY_TYPE - SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE - SPL_RSA_PUBLIC_KEY_PARSER Signed-off-by: Philippe Reynes --- lib/Makefile| 3 ++- lib/crypto/Kconfig | 29 + lib/crypto/Makefile | 19 +-- 3 files

[PATCH v5 01/16] arch: Kconfig: imply BINMAN for SANDBOX

To be able to use BINMAN on sandbox, the config SANDBOX imply BINMAN. Signed-off-by: Philippe Reynes --- arch/Kconfig | 1 + arch/sandbox/dts/sandbox.dtsi | 3 +++ arch/sandbox/dts/test.dts | 3 +++ test/py/tests/test_fit.py | 3

[PATCH] scripts: dtc: libfdt: fdt_ro.c: always define fdt_check_full

condition are not verified. To avoid this issue, the function fdt_check_full is always defined. Signed-off-by: Philippe Reynes --- scripts/dtc/libfdt/fdt_ro.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/dtc/libfdt/fdt_ro.c b/scripts/dtc/libfdt/fdt_ro.c index

Re: Compile error with SPL_FIT_FULL_CHECK and SPL_LOAD_FIT_FULL enabled

Hi Johann, Le 08/02/2022 à 16:43, Johann Neuhauser a écrit : Dear developers and Simon, we wanna run secure boot with U-Boot's SPL_FIT_SIGNATURE and FIT_SIGNATURE on our STM32MP1 boards and discovered the CVE-2021-27097. To mitigate this vulnerability we wanna enable SPL_LOAD_FIT_FULL and

[PATCH v4 18/18] configs: sandbox_defconfig: enable config CMD_VERIFY

Enable the command verify on sandbox. Signed-off-by: Philippe Reynes --- configs/sandbox_defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 95fa37869f..fa7c552b66 100644 --- a/configs/sandbox_defconfig +++ b/configs

[PATCH v4 17/18] cmd: verify: initial import

amp;& source $loadaddr_verified Signed-off-by: Philippe Reynes --- cmd/Kconfig | 7 +++ cmd/Makefile | 1 + cmd/verify.c | 53 3 files changed, 61 insertions(+) create mode 100644 cmd/verify.c diff --git a/cmd/Kconfig b/cmd/Kconfig

[PATCH v4 16/18] test: py: vboot: add test for global image signature

Adds test units for the pre-load header signature. Signed-off-by: Philippe Reynes --- test/py/tests/test_vboot.py | 119 -- test/py/tests/vboot/sandbox-binman-pss.dts| 25 test/py/tests/vboot/sandbox-binman.dts| 24 .../tests/vboot

[PATCH v4 15/18] configs: sandbox_defconfig: enable stage pre-load in bootm

Enable the support of stage pre-load in bootm. For the moment, this stage allow to verify the signature of the full image with a header. Signed-off-by: Philippe Reynes --- configs/sandbox_defconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configs/sandbox_defconfig b/configs

[PATCH v4 14/18] tools: binman: add support for pre-load header

Adds the support of the pre-load header with the image signature to binman. Signed-off-by: Philippe Reynes --- tools/binman/etype/pre_load.py | 156 + 1 file changed, 156 insertions(+) create mode 100644 tools/binman/etype/pre_load.py diff --git a/tools/binman

[PATCH v4 13/18] Makefile: provide sah-key to binman

Set the variable key-path with the shell variable KEY_PATH that contain the keys path (used for signature). This variable key-path is provided to binman. Signed-off-by: Philippe Reynes --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 10879f1f9c

[PATCH v4 09/18] boot: image: add a stage pre-load

in the header. This is an initial support, later we could add the support of: - ciphering - uncompressing - ... Signed-off-by: Philippe Reynes --- boot/Kconfig | 55 ++ boot/Makefile | 1 + boot/image-pre-load.c | 408 ++ include/image.h

[PATCH v4 11/18] common: spl: fit_ram: allow to use image pre load

Add the support of image pre load in spl or tpl when loading an image from ram. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- common/spl/spl_ram.c | 21 - 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/common/spl/spl_ram.c b/common/spl/spl_ram.c

[PATCH v4 08/18] lib: rsa: allow rsa verify with pkey in SPL

This commit adds the option SPL_RSA_VERIFY_WITH_PKEY. Signed-off-by: Philippe Reynes --- lib/rsa/Kconfig | 19 +++ 1 file changed, 19 insertions(+) diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index be9775bcce..b773f17c26 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig

[PATCH v4 07/18] lib: crypto: allow to build crypyo in SPL

This commit adds the options: - SPL_ASYMMETRIC_KEY_TYPE - SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE - SPL_RSA_PUBLIC_KEY_PARSER Signed-off-by: Philippe Reynes --- lib/Makefile| 3 ++- lib/crypto/Kconfig | 29 + lib/crypto/Makefile | 19 +-- 3 files

[PATCH v4 12/18] mkimage: add public key for image pre-load stage

This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Signed-off-by: Philippe Reynes --- include/image.h| 15 ++ tools/fit_image.c | 3 ++ tools/image-host.c | 114 + 3 files changed, 132 insertions

[PATCH v4 10/18] cmd: bootm: add a stage pre-load

Add a stage pre-load to the command bootm. Right now, this stage may be used to read a header and check the signature of the full image. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- boot/bootm.c| 33 + cmd/Kconfig | 10 ++ cmd

[PATCH v4 06/18] lib: allow to build asn1 decoder and oid registry in SPL

This commit adds the options: - SPL_ASN1_DECODER - SPL_OID_REGISTRY Signed-off-by: Philippe Reynes --- lib/Kconfig | 19 +++ lib/Makefile | 7 +-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/lib/Kconfig b/lib/Kconfig index e749826f22..effe735365 100644

[PATCH v4 05/18] lib: Kconfig: enhance the help of OID_REGISTRY

Enhance the help for the config OID_REGISTRY. Signed-off-by: Philippe Reynes --- lib/Kconfig | 4 1 file changed, 4 insertions(+) diff --git a/lib/Kconfig b/lib/Kconfig index b0e5d60b3d..e749826f22 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -812,6 +812,10 @@ config ASN1_DECODER config

[PATCH v4 03/18] configs: sandbox_defconfig: enable SANDBOX_BINMAN

Enable binman on sandbox. It will be used on test unit. Signed-off-by: Philippe Reynes --- configs/sandbox_defconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 19cde87397..749b0f0155 100644 --- a/configs/sandbox_defconfig

[PATCH v4 04/18] lib: Kconfig: enhance help for ASN1

Enhance the help for configs ASN1_COMPILER and ASN1_decoder. Signed-off-by: Philippe Reynes --- lib/Kconfig | 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/Kconfig b/lib/Kconfig index 3c6fa99b1a..b0e5d60b3d 100644 --- a/lib/Kconfig +++ b/lib/Kconfig

[PATCH v4 02/18] arch: sandbox: dts: sandbox.dts: add empty binman node

Add an empty node /binman on sandbox to avoid an error on u-boot when binman is enabled. Signed-off-by: Philippe Reynes --- arch/sandbox/dts/sandbox.dts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/sandbox/dts/sandbox.dts b/arch/sandbox/dts/sandbox.dts index 127f168f02

[PATCH v4 00/18] image: add a stage pre-load

v2: - move the code to image-pre-load - add support of stage pre-load for spl - add support of stage pre-load on spl_ram Philippe Reynes (18): arch: sandbox: add an config SANDBOX_BINMAN arch: sandbox: dts: sandbox.dts: add empty binman node configs: sandbox_defconfig: enable SANDBOX_B

[PATCH v4 01/18] arch: sandbox: add an config SANDBOX_BINMAN

Add an config SANDBOX_BINMAN to enable binman on sandbox. It is useful for test. Signed-off-by: Philippe Reynes --- arch/sandbox/Kconfig | 7 +++ 1 file changed, 7 insertions(+) diff --git a/arch/sandbox/Kconfig b/arch/sandbox/Kconfig index 477c51960d..6d1f36a0e1 100644 --- a/arch/sandbox

Re: [PATCH 2/2] tools: binman: main.py: add /tmp/sandbox sys.path

Hi Simon, Le 27/01/2022 à 16:06, Simon Glass a écrit : Hi Philippe, On Thu, 27 Jan 2022 at 07:03, Philippe Reynes wrote: Adds /tmp/sandbox to sys.path to look for libfdt, otherwise ci is broken if a py_test uses binman. Signed-off-by: Philippe Reynes --- tools/binman/main.py | 1 + 1

[PATCH 2/2] tools: binman: main.py: add /tmp/sandbox sys.path

Adds /tmp/sandbox to sys.path to look for libfdt, otherwise ci is broken if a py_test uses binman. Signed-off-by: Philippe Reynes --- tools/binman/main.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/binman/main.py b/tools/binman/main.py index f62394043d..7d52482c0c 100755

[PATCH 1/2] tools: binman: main.py: add build-sandbox in sys.path

Adds build-sandbox in sys.path to look for libfdt, otherwise py_test can't use binman. Signed-off-by: Philippe Reynes --- tools/binman/main.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/binman/main.py b/tools/binman/main.py index 35944f314a..f62394043d 100755 --- a/tools/binman

[PATCH] scripts: Makefile: also clean subdir dtc

Since commit 93b196532254 ("Makefile: Only build dtc if needed"), the sub directory scripts/dtc is never cleaned. Adds the directory dtc to subdir to always clean it. Signed-off-by: Philippe Reynes --- scripts/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

Re: [RFC PATCH v3 8/8] tools: gen_pre_load_header.sh: initial import

Hi Rasmus, First, thanks for the feedback. Le 06/12/2021 à 09:23, Rasmus Villemoes a écrit : On 17/11/2021 18.52, Philippe Reynes wrote: This commit adds a script gen_pre_load_header.sh that generate the header used by the image pre-load stage. Signed-off-by: Philippe Reynes --- tools

Re: [RFC PATCH v3 7/8] mkimage: add public key for image pre-load stage

Hi Simon, Le 25/11/2021 à 01:13, Simon Glass a écrit : Hi Philippe, On Wed, 17 Nov 2021 at 10:52, Philippe Reynes wrote: This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Signed-off-by: Philippe Reynes --- include/image.h| 15 ++ tools

[RFC PATCH v3 7/8] mkimage: add public key for image pre-load stage

This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Signed-off-by: Philippe Reynes --- include/image.h| 15 ++ tools/fit_image.c | 3 ++ tools/image-host.c | 116 + 3 files changed, 134 insertions

[RFC PATCH v3 8/8] tools: gen_pre_load_header.sh: initial import

This commit adds a script gen_pre_load_header.sh that generate the header used by the image pre-load stage. Signed-off-by: Philippe Reynes --- tools/gen_pre_load_header.sh | 174 +++ 1 file changed, 174 insertions(+) create mode 100755 tools

[RFC PATCH v3 3/8] lib: rsa: allow rsa verify with pkey in SPL

This commit adds the option SPL_RSA_VERIFY_WITH_PKEY. Signed-off-by: Philippe Reynes --- lib/rsa/Kconfig | 8 1 file changed, 8 insertions(+) diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 469596abe7..608d51c428 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -46,6 +46,14

[RFC PATCH v3 6/8] common: spl: fit_ram: allow to use image pre load

This commit add the support of image pre load in spl or tpl when loading an image from ram. Signed-off-by: Philippe Reynes --- common/spl/spl_ram.c | 21 - 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/common/spl/spl_ram.c b/common/spl/spl_ram.c index

[RFC PATCH v3 4/8] boot: image: add a stage pre-load

(madatory) : value of the public key Before running the image, the stage pre-load check the signature provided in the header. This is an initial support, later we could add the support of: - ciphering - uncompressing - ... Signed-off-by: Philippe Reynes --- boot/Kconfig | 33 + boot

[RFC PATCH v3 5/8] cmd: bootm: add a stage pre-load

This commit adds a stage pre-load to the command bootm. Right now, this stage may be used to read a header and check the signature of the full image. Signed-off-by: Philippe Reynes --- boot/bootm.c| 33 + cmd/Kconfig | 10 ++ cmd/bootm.c | 2

[RFC PATCH v3 2/8] lib: crypto: allow to build crypyo in SPL

This commit adds the options: - SPL_ASYMMETRIC_KEY_TYPE - SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE - SPL_RSA_PUBLIC_KEY_PARSER Signed-off-by: Philippe Reynes --- lib/Makefile| 2 +- lib/crypto/Kconfig | 15 +++ lib/crypto/Makefile | 19 +-- 3 files changed, 29

[RFC PATCH v3 1/8] lib: allow to build asn1 decoder and oid registry in SPL

This commit adds the options: - SPL_ASN1_DECODER - SPL_OID_REGISTRY Signed-off-by: Philippe Reynes --- lib/Kconfig | 6 ++ lib/Makefile | 7 +-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/Kconfig b/lib/Kconfig index 70bf8e7a46..ebff84f113 100644 --- a/lib

[RFC PATCH v3 0/8] image: add a stage pre-load

- update mkimage to add public key in u-boot device tree - add script gen_pre_load_header.sh v2: - move the code to image-pre-load - add support of stage pre-load for spl - add support of stage pre-load on spl_ram Philippe Reynes (8): lib: allow to build asn1 decoder and oid registry in SPL lib

[RFC PATCH v2 6/6] common: spl: fit_ram: allow to use image pre load

This commit add the support of image pre load in spl or tpl when loading an image from ram. Signed-off-by: Philippe Reynes --- common/spl/spl_ram.c | 21 - 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/common/spl/spl_ram.c b/common/spl/spl_ram.c index

[RFC PATCH v2 5/6] cmd: bootm: add a stage pre-load

This commit adds a stage pre-load to the command bootm. Right now, this stage may be used to read a header and check the signature of the full image. Signed-off-by: Philippe Reynes --- cmd/Kconfig | 9 + cmd/bootm.c | 2 +- common/bootm.c | 33

[RFC PATCH v2 4/6] common: image: add a stage pre-load

(madatory) : value of the public key Before running the image, the stage pre-load check the signature provided in the header. This is an initial support, later we could add the support of: - ciphering - uncompressing - ... Signed-off-by: Philippe Reynes --- common/Kconfig.boot | 33 + common

[RFC PATCH v2 3/6] lib: rsa: allow rsa verify with pkey in SPL

This commit adds the option SPL_RSA_VERIFY_WITH_PKEY. Signed-off-by: Philippe Reynes --- lib/rsa/Kconfig | 8 1 file changed, 8 insertions(+) diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 469596abe7..608d51c428 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -46,6 +46,14

[RFC PATCH v2 2/6] lib: crypto: allow to build crypyo in SPL

This commit adds the options: - SPL_ASYMMETRIC_KEY_TYPE - SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE - SPL_RSA_PUBLIC_KEY_PARSER Signed-off-by: Philippe Reynes --- lib/Makefile| 2 +- lib/crypto/Kconfig | 15 +++ lib/crypto/Makefile | 19 +-- 3 files changed, 29

[RFC PATCH v2 1/6] lib: allow to build asn1 decoder and oid registry in SPL

This commit adds the options: - SPL_ASN1_DECODER - SPL_OID_REGISTRY Signed-off-by: Philippe Reynes --- lib/Kconfig | 6 ++ lib/Makefile | 7 +-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/Kconfig b/lib/Kconfig index 70bf8e7a46..ebff84f113 100644 --- a/lib

[RFC PATCH v2 0/6] image: add a stage pre-load

support of stage pre-load for spl - add support of stage pre-load on spl_ram Philippe Reynes (6): lib: allow to build asn1 decoder and oid registry in SPL lib: crypto: allow to build crypyo in SPL lib: rsa: allow rsa verify with pkey in SPL common: image: add a stage pre-load cmd: bootm

[PATCH] common: Kconfig.boot: add config SPL_FIT_RSASSA_PSS

The padding pss is only supported on u-boot and tools since commit 2bbed3ff8c7f ("image: Use Kconfig to enable FIT_RSASSA_PSS on host") This commit adds the config SPL_FIT_RSASSA_PSS to support the padding pss in the SPL. Signed-off-by: Philippe Reynes --- common/Kconfig.boot | 7

[PATCH] lib: rsa: rsa-verify: also check that padding is not NULL

This commit adds a check on the padding in the function rsa_verify_key to avoid using a NULL pointer. Signed-off-by: Philippe Reynes --- lib/rsa/rsa-verify.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 600c93ab81

Re: [PATCH v2] spl: Add callback for preprocessing loaded FIT header before parsing

On Wed, 24 Mar 2021 at 06:16, Philippe REYNES mailto:philippe.rey...@softathome.com>> wrote: > > Hi Simon and Alex, > > Le 23/03/2021 à 01:56, Simon Glass a écrit : > > Hi Alex, > > > > On Tue, 23 Mar 2021 at 04:12, Alex G. mai

[RFC][PATCH 2/2] configs: sandbox: enable stage pre-load for bootm

This commit enables the stage pre-load in the bootm command. Signed-off-by: Philippe Reynes --- configs/sandbox_defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 5bc90d09a8..ab0e9213f8 100644 --- a/configs/sandbox_defconfig

[RFC][PATCH 1/2] cmd: bootm: add a stage pre-load

of the public key Before running the image, the stage pre-load check the signature provided in the header. This is an initial support, later we could add the support of: - ciphering - uncompressing - ... Signed-off-by: Philippe Reynes --- cmd/Kconfig | 9 ++ cmd/bootm.c | 2 +- common

Re: [PATCH v2] spl: Add callback for preprocessing loaded FIT header before parsing

Hi Simon and Alex, Le 23/03/2021 à 01:56, Simon Glass a écrit : Hi Alex, On Tue, 23 Mar 2021 at 04:12, Alex G. wrote: On 3/22/21 9:27 AM, Philippe REYNES wrote: Hi all, Le 11/03/2021 à 00:10, Alex G a écrit : [snip] I reach the same issue, my customers are also worried with the actual

Re: [PATCH v2] spl: Add callback for preprocessing loaded FIT header before parsing

Hi all, Le 11/03/2021 à 00:10, Alex G a écrit : On 3/10/21 2:49 PM, Farhan Ali wrote: On Wed, Mar 10, 2021 at 11:38 AM Alex G. This patch describes "how" you're trying to achieve it, but "what" you     want to achieve. I'll get later into why I think the "how" is     fundamentally flawed.

Re: [PATCH] lib: rsa: rsa-verify: don't look for keys in the FIT image

Hi Alex Le 12/01/2021 à 19:30, Alex G. a écrit : On 1/12/21 12:18 PM, Philippe Reynes wrote: Hi Philippe, In the function rsa_verify_hash, if the "main" key doesn't work, u-boot try others keys. But it searches those keys in the FIT image instead of the u-boot device tree.

[PATCH] lib: rsa: rsa-verify: don't look for keys in the FIT image

In the function rsa_verify_hash, if the "main" key doesn't work, u-boot try others keys. But it searches those keys in the FIT image instead of the u-boot device tree. Signed-off-by: Philippe Reynes --- lib/rsa/rsa-verify.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

[PATCH] cmd: ubi: don't allow to rename a volume to a name that already exist

This commits add a check on the command ubi rename. This check avoids to rename a volume to with a name that is already used on another ubi volume. If two volumes has the same name, then the ubi device can't be mounted anymore. Signed-off-by: Philippe Reynes --- cmd/ubi.c | 5 + 1 file

[PATCH] bootcount: allow to use this feature on TPL

This commit add an option TPL_BOOTCOUNT_LIMIT to use bootcount on TPL. Signed-off-by: Philippe Reynes --- common/spl/Kconfig | 9 - common/spl/spl.c| 4 +++- drivers/Makefile| 1 + include/bootcount.h | 6 +++--- 4 files changed, 15 insertions(+), 5 deletions(-) diff --git

Re: [PATCH v2 4/4] mkimge: Reject signing-related flags without FIT_SIGNATURE

Hi Joel Le 08/12/2020 à 05:12, Joel Stanley a écrit : When CONFIG_FIT_SIGNATURE=n the signing options are not available. If a user is careful they will notice this when looking at the help output. If they are not careful they will waste several hours wondering why their FIT doesn't contain a

Re: [PATCH v2 3/4] mkimage: Move padding commands outside of FIT_SIGNATURE

Hi Joel Le 08/12/2020 à 05:12, Joel Stanley a écrit : These commands were disabled when CONFIG_FIT_SIGNATURE is disabled, but they do not depend on crypto support so they can be unconditionally enabled. Signed-off-by: Joel Stanley -- v2: New patch --- tools/mkimage.c | 11 ++- 1

Re: [PATCH v2 2/4] image-fit: Fix FIT_CIPHER linking

): undefined reference to `image_get_host_blob' Move the implementation to a common file so it can be shaed between image-cipher.c and image-fit-sig.c. Signed-off-by: Joel Stanley     Reviewed-by: Philippe Reynes --- v2: Fix compilation when signature and ciphering are both enabled

Re: [PATCH v2 1/4] tools/Makefile: FIT_CIPHER requires libssl

-by: Joel Stanley     Reviewed-by: Philippe Reynes --- tools/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/Makefile b/tools/Makefile index 253a6b97065b..99a931312cd8 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -154,7 +154,7 @@ HOSTCFLAGS_kwbimage.o

Re: [PATCH 3/3] mkimge: Reject signing-related flags without FIT_SIGNATURE

Hi Joel, Sorry for this very late answer. You're right, this is a bad behaviour, but I think that this solution remove too many options. For example, If signature is disabled, this solution also disable the padding in the fit image. Looking a bit deeper, this patch removes all options that are

Re: [PATCH 2/3] image-cipher: Fix FIT_CIPHER linking

Hi Joel, sorry for this very late answer .. This patch fix this issue when only the ciphering is enabled. But it breaks the compilation when signature and ciphering are enabled, because both functions image_set_host_blob and image_get_host_blob are defined twice. So it is a NAK for me. A

Re: [PATCH 1/3] tools/Makefile: FIT_CIPHER requires libssl

exit status Signed-off-by: Joel Stanley Reviewed-by: Philippe Reynes --- tools/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/Makefile b/tools/Makefile index 51123fd92983..103b3ab8a7f2 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -154,7 +154,7

[PATCH] common: spl: spl_fit.c: report an error on hash check fail

When the hash check fails on a loadable image, the SPL/TPL simply jump to the next one. This commit changes this behaviour, when the hash check fails on a loadable image, the function spl_load_simple_fit stops and report an error. Signed-off-by: Philippe Reynes --- common/spl/spl_fit.c | 7

[PATCH 1/2] tools: image-host: clean function fit_config_get_hash_list

This commit creates a function fit_config_add_hash that will be used in the next commit to support several 'sub-images'. Signed-off-by: Philippe Reynes --- tools/image-host.c | 132 ++--- 1 file changed, 76 insertions(+), 56 deletions(-) diff --git

[PATCH 2/2] tools: image-host: add support for several sub-images

The propoerty sign-images points to images in the configuration node. But thoses images may references severals "sub-images" (for example for images loadable). This commit adds the support of severals sub-images. Signed-off-by: Philippe Reynes --- tools/image-h

[PATCH] tools: image-host.c: use random instead of rand

According to the manpage of rand, it is recommended to use random instead of rand. This commit updates the function get_random_data to use random. Reported-by: Coverity (CID: 312953) Signed-off-by: Philippe Reynes --- tools/image-host.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions

[PATCH] tools: image-host.c: use correct variable for strerrno

In the function get_random_data, strerrno is called with the variable ret (which is the return of the function clock_gettime). It should be called with errnor. This commit fixes this mistake. Reported-by: Coverity (CID: 312956) Signed-off-by: Philippe Reynes --- tools/image-host.c | 2 +- 1

Re: [PATCH] drivers: led: bcm6858: set the correct led polarity register

Lawrance Reviewed-by: Philippe Reynes --- drivers/led/led_bcm6858.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/led/led_bcm6858.c b/drivers/led/led_bcm6858.c index b415d8b2b4..511185ffad 100644 --- a/drivers/led/led_bcm6858.c +++ b/drivers/led/led_bcm6858.c

[PATCH] spl: spl_fit.c: enable check of signature for config node in spl/tpl

This commit add the support of signature check for config node in spl/tpl when the function spl_load_simple_fit is used. Signed-off-by: Philippe Reynes --- common/spl/spl_fit.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index

[PATCH v4 3/3] sntp: use udp framework

This commits update the support of sntp to use the framework udp. This change allows to remove all the reference to sntp in the main network file net/net.c. Signed-off-by: Philippe Reynes --- Changelog: v4: - new patch in the serie cmd/Kconfig| 1 + cmd/net.c | 10

[PATCHv4 2/3] sandbox: enable support of generic udp protocol

This commit enable the support of the generic udp protocol. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- Changelog: v4: - no change v3: - no change v2: - new patch in the serie configs/sandbox_defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/configs

[PATCH v4 1/3] net: add a generic udp protocol

This commit adds a generic udp protocol framework in the network loop. So protocol based on udp may be implemented without modifying the network loop (for example custom wait magic packet). Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- Changelog: v4: - no change v3: - add file

[PATCH 2/2] fit: cipher: aes: allow to read the IV in the FIT image

This commit add the support in u-boot to read the IV in the FIT image instead of u-boot device tree. Signed-off-by: Philippe Reynes --- common/image-cipher.c | 22 +++--- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/common/image-cipher.c b/common/image-cipher.c

[PATCH 1/2] fit: cipher: aes: allow to store the IV in the FIT image

-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes --- include/image.h | 2 +- include/u-boot/aes.h | 6 +++-- lib/aes/aes-encrypt.c | 22 +++ tools/image-host.c| 61

Re: U-Boot FIT Signature Verification

Hi Heinrich, > On 9/11/20 7:26 PM, Andrii Voloshyn wrote: >> Hi there, >> >> Does U-boot take into account certificate expiration date when verifying >> signed >> images in FIT? In other words, is date stored along with the public key in >> DTB >> file? >> >> Cheers, >> Andy >> > > Hello

Re: [PATCH v2 3/3] cmd/button: return button status

gt; > Signed-off-by: Heinrich Schuchardt Reviewed-by: Philippe Reynes > --- > v2: > adjust Python unit test > --- > cmd/button.c | 4 ++-- > test/py/tests/test_button.py | 34 ++ > 2 files changed, 28 insertions(+), 10 deletions(-) > >

Re: [PATCH v2 1/3] test: sharpen button label unit test

> Using different strings for the device tree node labels and the label > property of buttons sharpens the button label unit test. > > Signed-off-by: Heinrich Schuchardt Reviewed-by: Philippe Reynes > --- > v2: > new patch > --- > arch/sandbox/dts/sandbox.dtsi

<    1   2   3   4   5   6   >