* [U-Boot] [PATCH V3 2/7] rsa: add a structure for the padding
2018-11-13 16:43 [U-Boot] [PATCH V3 1/7] rsa: use new openssl API to create signature Philippe Reynes
@ 2018-11-13 16:43 ` Philippe Reynes
2018-11-13 16:43 ` [U-Boot] [PATCH V3 3/7] rsa: add support of padding pss Philippe Reynes
` (4 subsequent siblings)
5 siblings, 0 replies; 9+ messages in thread
From: Philippe Reynes @ 2018-11-13 16:43 UTC (permalink / raw)
To: u-boot
The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to manage several padding algorithm.
The choice of the padding is done in the file .its.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Clément Péron <peron.clem@gmail.com>
---
common/image-fit.c | 5 +++++
common/image-sig.c | 29 ++++++++++++++++++++++++++
include/image.h | 16 +++++++++++++++
include/u-boot/rsa.h | 13 ++++++++++++
lib/rsa/rsa-sign.c | 15 +++++++++++---
lib/rsa/rsa-verify.c | 57 ++++++++++++++++++++++++++++++++++------------------
tools/image-host.c | 4 ++++
7 files changed, 116 insertions(+), 23 deletions(-)
Changelog:
v3:
- no change
v2:
- no change
diff --git a/common/image-fit.c b/common/image-fit.c
index 8d39a24..ac901e1 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -165,6 +165,7 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p,
uint8_t *value;
int value_len;
char *algo;
+ const char *padding;
int required;
int ret, i;
@@ -184,6 +185,10 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p,
printf(" (required)");
printf("\n");
+ padding = fdt_getprop(fit, noffset, "padding", NULL);
+ if (padding)
+ printf("%s %s padding: %s\n", p, type, padding);
+
ret = fit_image_hash_get_value(fit, noffset, &value,
&value_len);
printf("%s %s value: ", p, type);
diff --git a/common/image-sig.c b/common/image-sig.c
index 5a269d3..b7ca657 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -71,6 +71,13 @@ struct crypto_algo crypto_algos[] = {
};
+struct padding_algo padding_algos[] = {
+ {
+ .name = "pkcs-1.5",
+ .verify = padding_pkcs_15_verify,
+ },
+};
+
struct checksum_algo *image_get_checksum_algo(const char *full_name)
{
int i;
@@ -106,6 +113,21 @@ struct crypto_algo *image_get_crypto_algo(const char *full_name)
return NULL;
}
+struct padding_algo *image_get_padding_algo(const char *name)
+{
+ int i;
+
+ if (!name)
+ return NULL;
+
+ for (i = 0; i < ARRAY_SIZE(padding_algos); i++) {
+ if (!strcmp(padding_algos[i].name, name))
+ return &padding_algos[i];
+ }
+
+ return NULL;
+}
+
/**
* fit_region_make_list() - Make a list of image regions
*
@@ -155,6 +177,7 @@ static int fit_image_setup_verify(struct image_sign_info *info,
char **err_msgp)
{
char *algo_name;
+ const char *padding_name;
if (fdt_totalsize(fit) > CONFIG_FIT_SIGNATURE_MAX_SIZE) {
*err_msgp = "Total size too large";
@@ -165,6 +188,11 @@ static int fit_image_setup_verify(struct image_sign_info *info,
*err_msgp = "Can't get hash algo property";
return -1;
}
+
+ padding_name = fdt_getprop(fit, noffset, "padding", NULL);
+ if (!padding_name)
+ padding_name = RSA_DEFAULT_PADDING_NAME;
+
memset(info, '\0', sizeof(*info));
info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
info->fit = (void *)fit;
@@ -172,6 +200,7 @@ static int fit_image_setup_verify(struct image_sign_info *info,
info->name = algo_name;
info->checksum = image_get_checksum_algo(algo_name);
info->crypto = image_get_crypto_algo(algo_name);
+ info->padding = image_get_padding_algo(padding_name);
info->fdt_blob = gd_fdt_blob();
info->required_keynode = required_keynode;
printf("%s:%s", algo_name, info->keyname);
diff --git a/include/image.h b/include/image.h
index 031c355..7fed0ae 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1100,6 +1100,7 @@ struct image_sign_info {
int node_offset; /* Offset of signature node */
const char *name; /* Algorithm name */
struct checksum_algo *checksum; /* Checksum algorithm information */
+ struct padding_algo *padding; /* Padding algorithm information */
struct crypto_algo *crypto; /* Crypto algorithm information */
const void *fdt_blob; /* FDT containing public keys */
int required_keynode; /* Node offset of key to use: -1=any */
@@ -1185,6 +1186,13 @@ struct crypto_algo {
uint8_t *sig, uint sig_len);
};
+struct padding_algo {
+ const char *name;
+ int (*verify)(struct image_sign_info *info,
+ uint8_t *pad, int pad_len,
+ const uint8_t *hash, int hash_len);
+};
+
/**
* image_get_checksum_algo() - Look up a checksum algorithm
*
@@ -1202,6 +1210,14 @@ struct checksum_algo *image_get_checksum_algo(const char *full_name);
struct crypto_algo *image_get_crypto_algo(const char *full_name);
/**
+ * image_get_padding_algo() - Look up a padding algorithm
+ *
+ * @param name Name of padding algorithm
+ * @return pointer to algorithm information, or NULL if not found
+ */
+struct padding_algo *image_get_padding_algo(const char *name);
+
+/**
* fit_image_verify_required_sigs() - Verify signatures marked as 'required'
*
* @fit: FIT to check
diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index 68bcb14..16b4c4c 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -97,6 +97,10 @@ static inline int rsa_add_verify_data(struct image_sign_info *info,
int rsa_verify(struct image_sign_info *info,
const struct image_region region[], int region_count,
uint8_t *sig, uint sig_len);
+
+int padding_pkcs_15_verify(struct image_sign_info *info,
+ uint8_t *msg, int msg_len,
+ const uint8_t *hash, int hash_len);
#else
static inline int rsa_verify(struct image_sign_info *info,
const struct image_region region[], int region_count,
@@ -104,8 +108,17 @@ static inline int rsa_verify(struct image_sign_info *info,
{
return -ENXIO;
}
+
+static inline int padding_pkcs_15_verify(struct image_sign_info *info,
+ uint8_t *msg, int msg_len,
+ const uint8_t *hash, int hash_len)
+{
+ return -ENXIO;
+}
#endif
+#define RSA_DEFAULT_PADDING_NAME "pkcs-1.5"
+
#define RSA2048_BYTES (2048 / 8)
#define RSA4096_BYTES (4096 / 8)
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 78e348e..6aa0e2a 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -387,11 +387,13 @@ static void rsa_engine_remove(ENGINE *e)
}
}
-static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
+static int rsa_sign_with_key(RSA *rsa, struct padding_algo *padding_algo,
+ struct checksum_algo *checksum_algo,
const struct image_region region[], int region_count,
uint8_t **sigp, uint *sig_size)
{
EVP_PKEY *key;
+ EVP_PKEY_CTX *ckey;
EVP_MD_CTX *context;
int ret = 0;
size_t size;
@@ -422,7 +424,14 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
goto err_create;
}
EVP_MD_CTX_init(context);
- if (EVP_DigestSignInit(context, NULL,
+
+ ckey = EVP_PKEY_CTX_new(key, NULL);
+ if (!ckey) {
+ ret = rsa_err("EVP key context creation failed");
+ goto err_create;
+ }
+
+ if (EVP_DigestSignInit(context, &ckey,
checksum_algo->calculate_sign(),
NULL, key) <= 0) {
ret = rsa_err("Signer setup failed");
@@ -488,7 +497,7 @@ int rsa_sign(struct image_sign_info *info,
ret = rsa_get_priv_key(info->keydir, info->keyname, e, &rsa);
if (ret)
goto err_priv;
- ret = rsa_sign_with_key(rsa, info->checksum, region,
+ ret = rsa_sign_with_key(rsa, info->padding, info->checksum, region,
region_count, sigp, sig_len);
if (ret)
goto err_sign;
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index bc83354..279a9ba 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -57,31 +57,57 @@ static int rsa_verify_padding(const uint8_t *msg, const int pad_len,
return ret;
}
+int padding_pkcs_15_verify(struct image_sign_info *info,
+ uint8_t *msg, int msg_len,
+ const uint8_t *hash, int hash_len)
+{
+ struct checksum_algo *checksum = info->checksum;
+ int ret, pad_len = msg_len - checksum->checksum_len;
+
+ /* Check pkcs1.5 padding bytes. */
+ ret = rsa_verify_padding(msg, pad_len, checksum);
+ if (ret) {
+ debug("In RSAVerify(): Padding check failed!\n");
+ return -EINVAL;
+ }
+
+ /* Check hash. */
+ if (memcmp((uint8_t *)msg + pad_len, hash, msg_len - pad_len)) {
+ debug("In RSAVerify(): Hash check failed!\n");
+ return -EACCES;
+ }
+
+ return 0;
+}
+
/**
* rsa_verify_key() - Verify a signature against some data using RSA Key
*
* Verify a RSA PKCS1.5 signature against an expected hash using
* the RSA Key properties in prop structure.
*
+ * @info: Specifies key and FIT information
* @prop: Specifies key
* @sig: Signature
* @sig_len: Number of bytes in signature
* @hash: Pointer to the expected hash
* @key_len: Number of bytes in rsa key
- * @algo: Checksum algo structure having information on DER encoding etc.
* @return 0 if verified, -ve on error
*/
-static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig,
+static int rsa_verify_key(struct image_sign_info *info,
+ struct key_prop *prop, const uint8_t *sig,
const uint32_t sig_len, const uint8_t *hash,
- const uint32_t key_len, struct checksum_algo *algo)
+ const uint32_t key_len)
{
- int pad_len;
int ret;
#if !defined(USE_HOSTCC)
struct udevice *mod_exp_dev;
#endif
+ struct checksum_algo *checksum = info->checksum;
+ struct padding_algo *padding = info->padding;
+ int hash_len = checksum->checksum_len;
- if (!prop || !sig || !hash || !algo)
+ if (!prop || !sig || !hash || !checksum)
return -EIO;
if (sig_len != (prop->num_bits / 8)) {
@@ -89,7 +115,7 @@ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig,
return -EINVAL;
}
- debug("Checksum algorithm: %s", algo->name);
+ debug("Checksum algorithm: %s", checksum->name);
/* Sanity check for stack size */
if (sig_len > RSA_MAX_SIG_BITS / 8) {
@@ -116,19 +142,10 @@ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig,
return ret;
}
- pad_len = key_len - algo->checksum_len;
-
- /* Check pkcs1.5 padding bytes. */
- ret = rsa_verify_padding(buf, pad_len, algo);
+ ret = padding->verify(info, buf, key_len, hash, hash_len);
if (ret) {
- debug("In RSAVerify(): Padding check failed!\n");
- return -EINVAL;
- }
-
- /* Check hash. */
- if (memcmp((uint8_t *)buf + pad_len, hash, sig_len - pad_len)) {
- debug("In RSAVerify(): Hash check failed!\n");
- return -EACCES;
+ debug("In RSAVerify(): padding check failed!\n");
+ return ret;
}
return 0;
@@ -182,8 +199,8 @@ static int rsa_verify_with_keynode(struct image_sign_info *info,
return -EFAULT;
}
- ret = rsa_verify_key(&prop, sig, sig_len, hash,
- info->crypto->key_len, info->checksum);
+ ret = rsa_verify_key(info, &prop, sig, sig_len, hash,
+ info->crypto->key_len);
return ret;
}
diff --git a/tools/image-host.c b/tools/image-host.c
index 09e4f47..88b3295 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -157,6 +157,7 @@ static int fit_image_setup_sig(struct image_sign_info *info,
{
const char *node_name;
char *algo_name;
+ const char *padding_name;
node_name = fit_get_name(fit, noffset, NULL);
if (fit_image_hash_get_algo(fit, noffset, &algo_name)) {
@@ -165,6 +166,8 @@ static int fit_image_setup_sig(struct image_sign_info *info,
return -1;
}
+ padding_name = fdt_getprop(fit, noffset, "padding", NULL);
+
memset(info, '\0', sizeof(*info));
info->keydir = keydir;
info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
@@ -173,6 +176,7 @@ static int fit_image_setup_sig(struct image_sign_info *info,
info->name = strdup(algo_name);
info->checksum = image_get_checksum_algo(algo_name);
info->crypto = image_get_crypto_algo(algo_name);
+ info->padding = image_get_padding_algo(padding_name);
info->require_keys = require_keys;
info->engine_id = engine_id;
if (!info->checksum || !info->crypto) {
--
2.7.4
^ permalink raw reply related [flat|nested] 9+ messages in thread* [U-Boot] [PATCH V3 3/7] rsa: add support of padding pss
2018-11-13 16:43 [U-Boot] [PATCH V3 1/7] rsa: use new openssl API to create signature Philippe Reynes
2018-11-13 16:43 ` [U-Boot] [PATCH V3 2/7] rsa: add a structure for the padding Philippe Reynes
@ 2018-11-13 16:43 ` Philippe Reynes
2018-11-13 16:43 ` [U-Boot] [PATCH V3 4/7] doc: uImage.FIT: signature.txt: add option padding Philippe Reynes
` (3 subsequent siblings)
5 siblings, 0 replies; 9+ messages in thread
From: Philippe Reynes @ 2018-11-13 16:43 UTC (permalink / raw)
To: u-boot
We add the support of the padding pss for rsa signature.
This new padding is often recommended instead of pkcs-1.5.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Clément Péron <peron.clem@gmail.com>
---
Kconfig | 8 +++
common/image-sig.c | 6 ++
include/image.h | 1 +
include/u-boot/rsa.h | 15 ++++
lib/rsa/rsa-sign.c | 10 +++
lib/rsa/rsa-verify.c | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 230 insertions(+)
Changelog:
v3:
no change
v2:
- add a Kconfig option (thanks Simon Glass)
- some code cleaning (thanks Simon Glass)
diff --git a/Kconfig b/Kconfig
index dca9bb4..3120553 100644
--- a/Kconfig
+++ b/Kconfig
@@ -290,6 +290,14 @@ config FIT_SIGNATURE_MAX_SIZE
device memory. Assure this size does not extend past expected storage
space.
+config FIT_ENABLE_RSASSA_PSS_SUPPORT
+ bool "Support rsassa-pss signature scheme of FIT image contents"
+ depends on FIT_SIGNATURE
+ default n
+ help
+ Enable this to support the pss padding algorithm as described
+ in the rfc8017 (https://tools.ietf.org/html/rfc8017).
+
config FIT_VERBOSE
bool "Show verbose messages when FIT images fail"
help
diff --git a/common/image-sig.c b/common/image-sig.c
index b7ca657..f5ce3b2 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -76,6 +76,12 @@ struct padding_algo padding_algos[] = {
.name = "pkcs-1.5",
.verify = padding_pkcs_15_verify,
},
+#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+ {
+ .name = "pss",
+ .verify = padding_pss_verify,
+ }
+#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
};
struct checksum_algo *image_get_checksum_algo(const char *full_name)
diff --git a/include/image.h b/include/image.h
index 7fed0ae..f4c5a15 100644
--- a/include/image.h
+++ b/include/image.h
@@ -30,6 +30,7 @@ struct fdt_region;
#define IMAGE_ENABLE_FIT 1
#define IMAGE_ENABLE_OF_LIBFDT 1
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
+#define CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT 1
#define CONFIG_FIT_ENABLE_SHA256_SUPPORT
#define CONFIG_SHA1
#define CONFIG_SHA256
diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index 16b4c4c..2d3024d 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -101,6 +101,12 @@ int rsa_verify(struct image_sign_info *info,
int padding_pkcs_15_verify(struct image_sign_info *info,
uint8_t *msg, int msg_len,
const uint8_t *hash, int hash_len);
+
+#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+int padding_pss_verify(struct image_sign_info *info,
+ uint8_t *msg, int msg_len,
+ const uint8_t *hash, int hash_len);
+#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
#else
static inline int rsa_verify(struct image_sign_info *info,
const struct image_region region[], int region_count,
@@ -115,6 +121,15 @@ static inline int padding_pkcs_15_verify(struct image_sign_info *info,
{
return -ENXIO;
}
+
+#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+static inline int padding_pss_verify(struct image_sign_info *info,
+ uint8_t *msg, int msg_len,
+ const uint8_t *hash, int hash_len)
+{
+ return -ENXIO;
+}
+#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
#endif
#define RSA_DEFAULT_PADDING_NAME "pkcs-1.5"
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 6aa0e2a..fb5e07b 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -438,6 +438,16 @@ static int rsa_sign_with_key(RSA *rsa, struct padding_algo *padding_algo,
goto err_sign;
}
+#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+ if (padding_algo && !strcmp(padding_algo->name, "pss")) {
+ if (EVP_PKEY_CTX_set_rsa_padding(ckey,
+ RSA_PKCS1_PSS_PADDING) <= 0) {
+ ret = rsa_err("Signer padding setup failed");
+ goto err_sign;
+ }
+ }
+#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
+
for (i = 0; i < region_count; i++) {
if (!EVP_DigestSignUpdate(context, region[i].data,
region[i].size)) {
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 279a9ba..9734f6d 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -80,6 +80,196 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
return 0;
}
+#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+static void u32_i2osp(uint32_t val, uint8_t *buf)
+{
+ buf[0] = (uint8_t)((val >> 24) & 0xff);
+ buf[1] = (uint8_t)((val >> 16) & 0xff);
+ buf[2] = (uint8_t)((val >> 8) & 0xff);
+ buf[3] = (uint8_t)((val >> 0) & 0xff);
+}
+
+/**
+ * mask_generation_function1() - generate an octet string
+ *
+ * Generate an octet string used to check rsa signature.
+ * It use an input octet string and a hash function.
+ *
+ * @checksum: A Hash function
+ * @seed: Specifies an input variable octet string
+ * @seed_len: Size of the input octet string
+ * @output: Specifies the output octet string
+ * @output_len: Size of the output octet string
+ * @return 0 if the octet string was correctly generated, others on error
+ */
+static int mask_generation_function1(struct checksum_algo *checksum,
+ uint8_t *seed, int seed_len,
+ uint8_t *output, int output_len)
+{
+ struct image_region region[2];
+ int ret = 0, i, i_output = 0, region_count = 2;
+ uint32_t counter = 0;
+ uint8_t buf_counter[4], *tmp;
+ int hash_len = checksum->checksum_len;
+
+ memset(output, 0, output_len);
+
+ region[0].data = seed;
+ region[0].size = seed_len;
+ region[1].data = &buf_counter[0];
+ region[1].size = 4;
+
+ tmp = malloc(hash_len);
+ if (!tmp) {
+ debug("%s: can't allocate array tmp\n", __func__);
+ ret = -ENOMEM;
+ goto out;
+ }
+
+ while (i_output < output_len) {
+ u32_i2osp(counter, &buf_counter[0]);
+
+ ret = checksum->calculate(checksum->name,
+ region, region_count,
+ tmp);
+ if (ret < 0) {
+ debug("%s: Error in checksum calculation\n", __func__);
+ goto out;
+ }
+
+ i = 0;
+ while ((i_output < output_len) && (i < hash_len)) {
+ output[i_output] = tmp[i];
+ i_output++;
+ i++;
+ }
+
+ counter++;
+ }
+
+out:
+ free(tmp);
+
+ return ret;
+}
+
+static int compute_hash_prime(struct checksum_algo *checksum,
+ uint8_t *pad, int pad_len,
+ uint8_t *hash, int hash_len,
+ uint8_t *salt, int salt_len,
+ uint8_t *hprime)
+{
+ struct image_region region[3];
+ int ret, region_count = 3;
+
+ region[0].data = pad;
+ region[0].size = pad_len;
+ region[1].data = hash;
+ region[1].size = hash_len;
+ region[2].data = salt;
+ region[2].size = salt_len;
+
+ ret = checksum->calculate(checksum->name, region, region_count, hprime);
+ if (ret < 0) {
+ debug("%s: Error in checksum calculation\n", __func__);
+ goto out;
+ }
+
+out:
+ return ret;
+}
+
+int padding_pss_verify(struct image_sign_info *info,
+ uint8_t *msg, int msg_len,
+ const uint8_t *hash, int hash_len)
+{
+ uint8_t *masked_db = NULL;
+ int masked_db_len = msg_len - hash_len - 1;
+ uint8_t *h = NULL, *hprime = NULL;
+ int h_len = hash_len;
+ uint8_t *db_mask = NULL;
+ int db_mask_len = masked_db_len;
+ uint8_t *db = NULL, *salt = NULL;
+ int db_len = masked_db_len, salt_len = msg_len - hash_len - 2;
+ uint8_t pad_zero[8] = { 0 };
+ int ret, i, leftmost_bits = 1;
+ uint8_t leftmost_mask;
+ struct checksum_algo *checksum = info->checksum;
+
+ /* first, allocate everything */
+ masked_db = malloc(masked_db_len);
+ h = malloc(h_len);
+ db_mask = malloc(db_mask_len);
+ db = malloc(db_len);
+ salt = malloc(salt_len);
+ hprime = malloc(hash_len);
+ if (!masked_db || !h || !db_mask || !db || !salt || !hprime) {
+ printf("%s: can't allocate some buffer\n", __func__);
+ ret = -ENOMEM;
+ goto out;
+ }
+
+ /* step 4: check if the last byte is 0xbc */
+ if (msg[msg_len - 1] != 0xbc) {
+ printf("%s: invalid pss padding (0xbc is missing)\n", __func__);
+ ret = -EINVAL;
+ goto out;
+ }
+
+ /* step 5 */
+ memcpy(masked_db, msg, masked_db_len);
+ memcpy(h, msg + masked_db_len, h_len);
+
+ /* step 6 */
+ leftmost_mask = (0xff >> (8 - leftmost_bits)) << (8 - leftmost_bits);
+ if (masked_db[0] & leftmost_mask) {
+ printf("%s: invalid pss padding ", __func__);
+ printf("(leftmost bit of maskedDB not zero)\n");
+ ret = -EINVAL;
+ goto out;
+ }
+
+ /* step 7 */
+ mask_generation_function1(checksum, h, h_len, db_mask, db_mask_len);
+
+ /* step 8 */
+ for (i = 0; i < db_len; i++)
+ db[i] = masked_db[i] ^ db_mask[i];
+
+ /* step 9 */
+ db[0] &= 0xff >> leftmost_bits;
+
+ /* step 10 */
+ if (db[0] != 0x01) {
+ printf("%s: invalid pss padding ", __func__);
+ printf("(leftmost byte of db isn't 0x01)\n");
+ ret = EINVAL;
+ goto out;
+ }
+
+ /* step 11 */
+ memcpy(salt, &db[1], salt_len);
+
+ /* step 12 & 13 */
+ compute_hash_prime(checksum, pad_zero, 8,
+ (uint8_t *)hash, hash_len,
+ salt, salt_len, hprime);
+
+ /* step 14 */
+ ret = memcmp(h, hprime, hash_len);
+
+out:
+ free(hprime);
+ free(salt);
+ free(db);
+ free(db_mask);
+ free(h);
+ free(masked_db);
+
+ return ret;
+}
+#endif
+
/**
* rsa_verify_key() - Verify a signature against some data using RSA Key
*
--
2.7.4
^ permalink raw reply related [flat|nested] 9+ messages in thread* [U-Boot] [PATCH V3 4/7] doc: uImage.FIT: signature.txt: add option padding
2018-11-13 16:43 [U-Boot] [PATCH V3 1/7] rsa: use new openssl API to create signature Philippe Reynes
2018-11-13 16:43 ` [U-Boot] [PATCH V3 2/7] rsa: add a structure for the padding Philippe Reynes
2018-11-13 16:43 ` [U-Boot] [PATCH V3 3/7] rsa: add support of padding pss Philippe Reynes
@ 2018-11-13 16:43 ` Philippe Reynes
2018-11-13 16:43 ` [U-Boot] [PATCH V3 5/7] configs: sandbox: enable padding pss for rsa signature Philippe Reynes
` (2 subsequent siblings)
5 siblings, 0 replies; 9+ messages in thread
From: Philippe Reynes @ 2018-11-13 16:43 UTC (permalink / raw)
To: u-boot
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Clément Péron <peron.clem@gmail.com>
---
doc/uImage.FIT/signature.txt | 3 +++
1 file changed, 3 insertions(+)
Changelog:
v3:
- no change
v2:
- no change
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index a765722..bfff6fd 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -106,6 +106,9 @@ When the image is signed, the following properties are optional:
- comment: Additional information about the signer or image
+- padding: The padding algorithm, it may be pkcs-1.5 or pss,
+ if no value is provided we assume pkcs-1.5
+
For config bindings (see Signed Configurations below), the following
additional properties are optional:
--
2.7.4
^ permalink raw reply related [flat|nested] 9+ messages in thread* [U-Boot] [PATCH V3 5/7] configs: sandbox: enable padding pss for rsa signature
2018-11-13 16:43 [U-Boot] [PATCH V3 1/7] rsa: use new openssl API to create signature Philippe Reynes
` (2 preceding siblings ...)
2018-11-13 16:43 ` [U-Boot] [PATCH V3 4/7] doc: uImage.FIT: signature.txt: add option padding Philippe Reynes
@ 2018-11-13 16:43 ` Philippe Reynes
2018-11-13 16:43 ` [U-Boot] [PATCH V3 6/7] test: vboot: add " Philippe Reynes
2018-11-13 16:43 ` [U-Boot] [PATCH V3 7/7] test: vboot: clean its file Philippe Reynes
5 siblings, 0 replies; 9+ messages in thread
From: Philippe Reynes @ 2018-11-13 16:43 UTC (permalink / raw)
To: u-boot
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Clément Péron <peron.clem@gmail.com>
---
configs/sandbox_defconfig | 1 +
1 file changed, 1 insertion(+)
Changelog:
v3:
- no change
v2:
- new patch in the serie
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index 2ce336f..b2565e1 100644
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -6,6 +6,7 @@ CONFIG_NR_DRAM_BANKS=1
CONFIG_ANDROID_BOOT_IMAGE=y
CONFIG_FIT=y
CONFIG_FIT_SIGNATURE=y
+CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT=y
CONFIG_FIT_VERBOSE=y
CONFIG_BOOTSTAGE=y
CONFIG_BOOTSTAGE_REPORT=y
--
2.7.4
^ permalink raw reply related [flat|nested] 9+ messages in thread* [U-Boot] [PATCH V3 6/7] test: vboot: add padding pss for rsa signature
2018-11-13 16:43 [U-Boot] [PATCH V3 1/7] rsa: use new openssl API to create signature Philippe Reynes
` (3 preceding siblings ...)
2018-11-13 16:43 ` [U-Boot] [PATCH V3 5/7] configs: sandbox: enable padding pss for rsa signature Philippe Reynes
@ 2018-11-13 16:43 ` Philippe Reynes
2018-11-13 16:43 ` [U-Boot] [PATCH V3 7/7] test: vboot: clean its file Philippe Reynes
5 siblings, 0 replies; 9+ messages in thread
From: Philippe Reynes @ 2018-11-13 16:43 UTC (permalink / raw)
To: u-boot
The padding pss is now supported for rsa signature.
This add test with padding pss on vboot test.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Clément Péron <peron.clem@gmail.com>
---
test/py/tests/test_vboot.py | 12 ++++---
test/py/tests/vboot/sign-configs-sha1-pss.its | 46 +++++++++++++++++++++++++
test/py/tests/vboot/sign-configs-sha256-pss.its | 46 +++++++++++++++++++++++++
test/py/tests/vboot/sign-images-sha1-pss.its | 44 +++++++++++++++++++++++
test/py/tests/vboot/sign-images-sha256-pss.its | 44 +++++++++++++++++++++++
5 files changed, 187 insertions(+), 5 deletions(-)
create mode 100644 test/py/tests/vboot/sign-configs-sha1-pss.its
create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss.its
create mode 100644 test/py/tests/vboot/sign-images-sha1-pss.its
create mode 100644 test/py/tests/vboot/sign-images-sha256-pss.its
Changelog:
v3:
- fix make_fit for sign-configs (should also use padding)
v2:
- new patch in the serie
- add vboot for pss padding (thanks Simon Glass)
diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
index e9cbd57..a3a3879 100644
--- a/test/py/tests/test_vboot.py
+++ b/test/py/tests/test_vboot.py
@@ -126,7 +126,7 @@ def test_vboot(u_boot_console):
handle.write(struct.pack(">I", size))
return struct.unpack(">I", total_size)[0]
- def test_with_algo(sha_algo):
+ def test_with_algo(sha_algo, padding):
"""Test verified boot with the given hash algorithm.
This is the main part of the test code. The same procedure is followed
@@ -144,7 +144,7 @@ def test_vboot(u_boot_console):
# Build the FIT, but don't sign anything yet
cons.log.action('%s: Test FIT with signed images' % sha_algo)
- make_fit('sign-images-%s.its' % sha_algo)
+ make_fit('sign-images-%s%s.its' % (sha_algo , padding))
run_bootm(sha_algo, 'unsigned images', 'dev-', True)
# Sign images with our dev keys
@@ -155,7 +155,7 @@ def test_vboot(u_boot_console):
dtc('sandbox-u-boot.dts')
cons.log.action('%s: Test FIT with signed configuration' % sha_algo)
- make_fit('sign-configs-%s.its' % sha_algo)
+ make_fit('sign-configs-%s%s.its' % (sha_algo , padding))
run_bootm(sha_algo, 'unsigned config', '%s+ OK' % sha_algo, True)
# Sign images with our dev keys
@@ -226,8 +226,10 @@ def test_vboot(u_boot_console):
# afterwards.
old_dtb = cons.config.dtb
cons.config.dtb = dtb
- test_with_algo('sha1')
- test_with_algo('sha256')
+ test_with_algo('sha1','')
+ test_with_algo('sha1','-pss')
+ test_with_algo('sha256','')
+ test_with_algo('sha256','-pss')
finally:
# Go back to the original U-Boot with the correct dtb.
cons.config.dtb = old_dtb
diff --git a/test/py/tests/vboot/sign-configs-sha1-pss.its b/test/py/tests/vboot/sign-configs-sha1-pss.its
new file mode 100644
index 0000000..3c3ab20
--- /dev/null
+++ b/test/py/tests/vboot/sign-configs-sha1-pss.its
@@ -0,0 +1,46 @@
+/dts-v1/;
+
+/ {
+ description = "Chrome OS kernel image with one or more FDT blobs";
+ #address-cells = <1>;
+
+ images {
+ kernel at 1 {
+ data = /incbin/("test-kernel.bin");
+ type = "kernel_noload";
+ arch = "sandbox";
+ os = "linux";
+ compression = "none";
+ load = <0x4>;
+ entry = <0x8>;
+ kernel-version = <1>;
+ hash at 1 {
+ algo = "sha1";
+ };
+ };
+ fdt at 1 {
+ description = "snow";
+ data = /incbin/("sandbox-kernel.dtb");
+ type = "flat_dt";
+ arch = "sandbox";
+ compression = "none";
+ fdt-version = <1>;
+ hash at 1 {
+ algo = "sha1";
+ };
+ };
+ };
+ configurations {
+ default = "conf at 1";
+ conf at 1 {
+ kernel = "kernel at 1";
+ fdt = "fdt at 1";
+ signature at 1 {
+ algo = "sha1,rsa2048";
+ padding = "pss";
+ key-name-hint = "dev";
+ sign-images = "fdt", "kernel";
+ };
+ };
+ };
+};
diff --git a/test/py/tests/vboot/sign-configs-sha256-pss.its b/test/py/tests/vboot/sign-configs-sha256-pss.its
new file mode 100644
index 0000000..8e33510
--- /dev/null
+++ b/test/py/tests/vboot/sign-configs-sha256-pss.its
@@ -0,0 +1,46 @@
+/dts-v1/;
+
+/ {
+ description = "Chrome OS kernel image with one or more FDT blobs";
+ #address-cells = <1>;
+
+ images {
+ kernel at 1 {
+ data = /incbin/("test-kernel.bin");
+ type = "kernel_noload";
+ arch = "sandbox";
+ os = "linux";
+ compression = "none";
+ load = <0x4>;
+ entry = <0x8>;
+ kernel-version = <1>;
+ hash at 1 {
+ algo = "sha256";
+ };
+ };
+ fdt at 1 {
+ description = "snow";
+ data = /incbin/("sandbox-kernel.dtb");
+ type = "flat_dt";
+ arch = "sandbox";
+ compression = "none";
+ fdt-version = <1>;
+ hash at 1 {
+ algo = "sha256";
+ };
+ };
+ };
+ configurations {
+ default = "conf at 1";
+ conf at 1 {
+ kernel = "kernel at 1";
+ fdt = "fdt at 1";
+ signature at 1 {
+ algo = "sha256,rsa2048";
+ padding = "pss";
+ key-name-hint = "dev";
+ sign-images = "fdt", "kernel";
+ };
+ };
+ };
+};
diff --git a/test/py/tests/vboot/sign-images-sha1-pss.its b/test/py/tests/vboot/sign-images-sha1-pss.its
new file mode 100644
index 0000000..d19c4d7
--- /dev/null
+++ b/test/py/tests/vboot/sign-images-sha1-pss.its
@@ -0,0 +1,44 @@
+/dts-v1/;
+
+/ {
+ description = "Chrome OS kernel image with one or more FDT blobs";
+ #address-cells = <1>;
+
+ images {
+ kernel at 1 {
+ data = /incbin/("test-kernel.bin");
+ type = "kernel_noload";
+ arch = "sandbox";
+ os = "linux";
+ compression = "none";
+ load = <0x4>;
+ entry = <0x8>;
+ kernel-version = <1>;
+ signature at 1 {
+ algo = "sha1,rsa2048";
+ padding = "pss";
+ key-name-hint = "dev";
+ };
+ };
+ fdt at 1 {
+ description = "snow";
+ data = /incbin/("sandbox-kernel.dtb");
+ type = "flat_dt";
+ arch = "sandbox";
+ compression = "none";
+ fdt-version = <1>;
+ signature at 1 {
+ algo = "sha1,rsa2048";
+ padding = "pss";
+ key-name-hint = "dev";
+ };
+ };
+ };
+ configurations {
+ default = "conf at 1";
+ conf at 1 {
+ kernel = "kernel at 1";
+ fdt = "fdt at 1";
+ };
+ };
+};
diff --git a/test/py/tests/vboot/sign-images-sha256-pss.its b/test/py/tests/vboot/sign-images-sha256-pss.its
new file mode 100644
index 0000000..43612f8
--- /dev/null
+++ b/test/py/tests/vboot/sign-images-sha256-pss.its
@@ -0,0 +1,44 @@
+/dts-v1/;
+
+/ {
+ description = "Chrome OS kernel image with one or more FDT blobs";
+ #address-cells = <1>;
+
+ images {
+ kernel at 1 {
+ data = /incbin/("test-kernel.bin");
+ type = "kernel_noload";
+ arch = "sandbox";
+ os = "linux";
+ compression = "none";
+ load = <0x4>;
+ entry = <0x8>;
+ kernel-version = <1>;
+ signature at 1 {
+ algo = "sha256,rsa2048";
+ padding = "pss";
+ key-name-hint = "dev";
+ };
+ };
+ fdt at 1 {
+ description = "snow";
+ data = /incbin/("sandbox-kernel.dtb");
+ type = "flat_dt";
+ arch = "sandbox";
+ compression = "none";
+ fdt-version = <1>;
+ signature at 1 {
+ algo = "sha256,rsa2048";
+ padding = "pss";
+ key-name-hint = "dev";
+ };
+ };
+ };
+ configurations {
+ default = "conf at 1";
+ conf at 1 {
+ kernel = "kernel at 1";
+ fdt = "fdt at 1";
+ };
+ };
+};
--
2.7.4
^ permalink raw reply related [flat|nested] 9+ messages in thread* [U-Boot] [PATCH V3 7/7] test: vboot: clean its file
2018-11-13 16:43 [U-Boot] [PATCH V3 1/7] rsa: use new openssl API to create signature Philippe Reynes
` (4 preceding siblings ...)
2018-11-13 16:43 ` [U-Boot] [PATCH V3 6/7] test: vboot: add " Philippe Reynes
@ 2018-11-13 16:43 ` Philippe Reynes
2018-11-14 12:32 ` Clément Péron
5 siblings, 1 reply; 9+ messages in thread
From: Philippe Reynes @ 2018-11-13 16:43 UTC (permalink / raw)
To: u-boot
This update the its file used in vboot test to respect the new
node style name defined in doc/uImage.FIT (for example: replace
kernel at 1 by kernel and fdt at 1 by fdt-1)
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Clément Péron <peron.clem@gmail.com>
---
test/py/tests/test_vboot.py | 2 +-
test/py/tests/vboot/sign-configs-sha1-pss.its | 18 +++++++++---------
test/py/tests/vboot/sign-configs-sha1.its | 18 +++++++++---------
test/py/tests/vboot/sign-configs-sha256-pss.its | 18 +++++++++---------
test/py/tests/vboot/sign-configs-sha256.its | 18 +++++++++---------
test/py/tests/vboot/sign-images-sha1-pss.its | 16 ++++++++--------
test/py/tests/vboot/sign-images-sha1.its | 16 ++++++++--------
test/py/tests/vboot/sign-images-sha256-pss.its | 16 ++++++++--------
test/py/tests/vboot/sign-images-sha256.its | 16 ++++++++--------
9 files changed, 69 insertions(+), 69 deletions(-)
Changelog:
v3:
- new patch in the serie (feedback from Clément Péron)
diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
index a3a3879..1e6ae7a 100644
--- a/test/py/tests/test_vboot.py
+++ b/test/py/tests/test_vboot.py
@@ -204,7 +204,7 @@ def test_vboot(u_boot_console):
fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign'
dtc_args = '-I dts -O dtb -i %s' % tmpdir
dtb = '%ssandbox-u-boot.dtb' % tmpdir
- sig_node = '/configurations/conf at 1/signature at 1'
+ sig_node = '/configurations/conf-1/signature'
# Create an RSA key pair
public_exponent = 65537
diff --git a/test/py/tests/vboot/sign-configs-sha1-pss.its b/test/py/tests/vboot/sign-configs-sha1-pss.its
index 3c3ab20..72a5637 100644
--- a/test/py/tests/vboot/sign-configs-sha1-pss.its
+++ b/test/py/tests/vboot/sign-configs-sha1-pss.its
@@ -5,7 +5,7 @@
#address-cells = <1>;
images {
- kernel at 1 {
+ kernel {
data = /incbin/("test-kernel.bin");
type = "kernel_noload";
arch = "sandbox";
@@ -14,28 +14,28 @@
load = <0x4>;
entry = <0x8>;
kernel-version = <1>;
- hash at 1 {
+ hash-1 {
algo = "sha1";
};
};
- fdt at 1 {
+ fdt-1 {
description = "snow";
data = /incbin/("sandbox-kernel.dtb");
type = "flat_dt";
arch = "sandbox";
compression = "none";
fdt-version = <1>;
- hash at 1 {
+ hash-1 {
algo = "sha1";
};
};
};
configurations {
- default = "conf at 1";
- conf at 1 {
- kernel = "kernel at 1";
- fdt = "fdt at 1";
- signature at 1 {
+ default = "conf-1";
+ conf-1 {
+ kernel = "kernel";
+ fdt = "fdt-1";
+ signature {
algo = "sha1,rsa2048";
padding = "pss";
key-name-hint = "dev";
diff --git a/test/py/tests/vboot/sign-configs-sha1.its b/test/py/tests/vboot/sign-configs-sha1.its
index db2ed79..d8bc1fa 100644
--- a/test/py/tests/vboot/sign-configs-sha1.its
+++ b/test/py/tests/vboot/sign-configs-sha1.its
@@ -5,7 +5,7 @@
#address-cells = <1>;
images {
- kernel at 1 {
+ kernel {
data = /incbin/("test-kernel.bin");
type = "kernel_noload";
arch = "sandbox";
@@ -14,28 +14,28 @@
load = <0x4>;
entry = <0x8>;
kernel-version = <1>;
- hash at 1 {
+ hash-1 {
algo = "sha1";
};
};
- fdt at 1 {
+ fdt-1 {
description = "snow";
data = /incbin/("sandbox-kernel.dtb");
type = "flat_dt";
arch = "sandbox";
compression = "none";
fdt-version = <1>;
- hash at 1 {
+ hash-1 {
algo = "sha1";
};
};
};
configurations {
- default = "conf at 1";
- conf at 1 {
- kernel = "kernel at 1";
- fdt = "fdt at 1";
- signature at 1 {
+ default = "conf-1";
+ conf-1 {
+ kernel = "kernel";
+ fdt = "fdt-1";
+ signature {
algo = "sha1,rsa2048";
key-name-hint = "dev";
sign-images = "fdt", "kernel";
diff --git a/test/py/tests/vboot/sign-configs-sha256-pss.its b/test/py/tests/vboot/sign-configs-sha256-pss.its
index 8e33510..7bdcc7e 100644
--- a/test/py/tests/vboot/sign-configs-sha256-pss.its
+++ b/test/py/tests/vboot/sign-configs-sha256-pss.its
@@ -5,7 +5,7 @@
#address-cells = <1>;
images {
- kernel at 1 {
+ kernel {
data = /incbin/("test-kernel.bin");
type = "kernel_noload";
arch = "sandbox";
@@ -14,28 +14,28 @@
load = <0x4>;
entry = <0x8>;
kernel-version = <1>;
- hash at 1 {
+ hash-1 {
algo = "sha256";
};
};
- fdt at 1 {
+ fdt-1 {
description = "snow";
data = /incbin/("sandbox-kernel.dtb");
type = "flat_dt";
arch = "sandbox";
compression = "none";
fdt-version = <1>;
- hash at 1 {
+ hash-1 {
algo = "sha256";
};
};
};
configurations {
- default = "conf at 1";
- conf at 1 {
- kernel = "kernel at 1";
- fdt = "fdt at 1";
- signature at 1 {
+ default = "conf-1";
+ conf-1 {
+ kernel = "kernel";
+ fdt = "fdt-1";
+ signature {
algo = "sha256,rsa2048";
padding = "pss";
key-name-hint = "dev";
diff --git a/test/py/tests/vboot/sign-configs-sha256.its b/test/py/tests/vboot/sign-configs-sha256.its
index 1b3432e..f5591aa 100644
--- a/test/py/tests/vboot/sign-configs-sha256.its
+++ b/test/py/tests/vboot/sign-configs-sha256.its
@@ -5,7 +5,7 @@
#address-cells = <1>;
images {
- kernel at 1 {
+ kernel {
data = /incbin/("test-kernel.bin");
type = "kernel_noload";
arch = "sandbox";
@@ -14,28 +14,28 @@
load = <0x4>;
entry = <0x8>;
kernel-version = <1>;
- hash at 1 {
+ hash-1 {
algo = "sha256";
};
};
- fdt at 1 {
+ fdt-1 {
description = "snow";
data = /incbin/("sandbox-kernel.dtb");
type = "flat_dt";
arch = "sandbox";
compression = "none";
fdt-version = <1>;
- hash at 1 {
+ hash-1 {
algo = "sha256";
};
};
};
configurations {
- default = "conf at 1";
- conf at 1 {
- kernel = "kernel at 1";
- fdt = "fdt at 1";
- signature at 1 {
+ default = "conf-1";
+ conf-1 {
+ kernel = "kernel";
+ fdt = "fdt-1";
+ signature {
algo = "sha256,rsa2048";
key-name-hint = "dev";
sign-images = "fdt", "kernel";
diff --git a/test/py/tests/vboot/sign-images-sha1-pss.its b/test/py/tests/vboot/sign-images-sha1-pss.its
index d19c4d7..ded7ae4 100644
--- a/test/py/tests/vboot/sign-images-sha1-pss.its
+++ b/test/py/tests/vboot/sign-images-sha1-pss.its
@@ -5,7 +5,7 @@
#address-cells = <1>;
images {
- kernel at 1 {
+ kernel {
data = /incbin/("test-kernel.bin");
type = "kernel_noload";
arch = "sandbox";
@@ -14,20 +14,20 @@
load = <0x4>;
entry = <0x8>;
kernel-version = <1>;
- signature at 1 {
+ signature {
algo = "sha1,rsa2048";
padding = "pss";
key-name-hint = "dev";
};
};
- fdt at 1 {
+ fdt-1 {
description = "snow";
data = /incbin/("sandbox-kernel.dtb");
type = "flat_dt";
arch = "sandbox";
compression = "none";
fdt-version = <1>;
- signature at 1 {
+ signature {
algo = "sha1,rsa2048";
padding = "pss";
key-name-hint = "dev";
@@ -35,10 +35,10 @@
};
};
configurations {
- default = "conf at 1";
- conf at 1 {
- kernel = "kernel at 1";
- fdt = "fdt at 1";
+ default = "conf-1";
+ conf-1 {
+ kernel = "kernel";
+ fdt = "fdt-1";
};
};
};
diff --git a/test/py/tests/vboot/sign-images-sha1.its b/test/py/tests/vboot/sign-images-sha1.its
index f69326a..18c759e 100644
--- a/test/py/tests/vboot/sign-images-sha1.its
+++ b/test/py/tests/vboot/sign-images-sha1.its
@@ -5,7 +5,7 @@
#address-cells = <1>;
images {
- kernel at 1 {
+ kernel {
data = /incbin/("test-kernel.bin");
type = "kernel_noload";
arch = "sandbox";
@@ -14,29 +14,29 @@
load = <0x4>;
entry = <0x8>;
kernel-version = <1>;
- signature at 1 {
+ signature {
algo = "sha1,rsa2048";
key-name-hint = "dev";
};
};
- fdt at 1 {
+ fdt-1 {
description = "snow";
data = /incbin/("sandbox-kernel.dtb");
type = "flat_dt";
arch = "sandbox";
compression = "none";
fdt-version = <1>;
- signature at 1 {
+ signature {
algo = "sha1,rsa2048";
key-name-hint = "dev";
};
};
};
configurations {
- default = "conf at 1";
- conf at 1 {
- kernel = "kernel at 1";
- fdt = "fdt at 1";
+ default = "conf-1";
+ conf-1 {
+ kernel = "kernel";
+ fdt = "fdt-1";
};
};
};
diff --git a/test/py/tests/vboot/sign-images-sha256-pss.its b/test/py/tests/vboot/sign-images-sha256-pss.its
index 43612f8..34850cc 100644
--- a/test/py/tests/vboot/sign-images-sha256-pss.its
+++ b/test/py/tests/vboot/sign-images-sha256-pss.its
@@ -5,7 +5,7 @@
#address-cells = <1>;
images {
- kernel at 1 {
+ kernel {
data = /incbin/("test-kernel.bin");
type = "kernel_noload";
arch = "sandbox";
@@ -14,20 +14,20 @@
load = <0x4>;
entry = <0x8>;
kernel-version = <1>;
- signature at 1 {
+ signature {
algo = "sha256,rsa2048";
padding = "pss";
key-name-hint = "dev";
};
};
- fdt at 1 {
+ fdt-1 {
description = "snow";
data = /incbin/("sandbox-kernel.dtb");
type = "flat_dt";
arch = "sandbox";
compression = "none";
fdt-version = <1>;
- signature at 1 {
+ signature {
algo = "sha256,rsa2048";
padding = "pss";
key-name-hint = "dev";
@@ -35,10 +35,10 @@
};
};
configurations {
- default = "conf at 1";
- conf at 1 {
- kernel = "kernel at 1";
- fdt = "fdt at 1";
+ default = "conf-1";
+ conf-1 {
+ kernel = "kernel";
+ fdt = "fdt-1";
};
};
};
diff --git a/test/py/tests/vboot/sign-images-sha256.its b/test/py/tests/vboot/sign-images-sha256.its
index e6aa9fc..bb0f8ee 100644
--- a/test/py/tests/vboot/sign-images-sha256.its
+++ b/test/py/tests/vboot/sign-images-sha256.its
@@ -5,7 +5,7 @@
#address-cells = <1>;
images {
- kernel at 1 {
+ kernel {
data = /incbin/("test-kernel.bin");
type = "kernel_noload";
arch = "sandbox";
@@ -14,29 +14,29 @@
load = <0x4>;
entry = <0x8>;
kernel-version = <1>;
- signature at 1 {
+ signature {
algo = "sha256,rsa2048";
key-name-hint = "dev";
};
};
- fdt at 1 {
+ fdt-1 {
description = "snow";
data = /incbin/("sandbox-kernel.dtb");
type = "flat_dt";
arch = "sandbox";
compression = "none";
fdt-version = <1>;
- signature at 1 {
+ signature {
algo = "sha256,rsa2048";
key-name-hint = "dev";
};
};
};
configurations {
- default = "conf at 1";
- conf at 1 {
- kernel = "kernel at 1";
- fdt = "fdt at 1";
+ default = "conf-1";
+ conf-1 {
+ kernel = "kernel";
+ fdt = "fdt-1";
};
};
};
--
2.7.4
^ permalink raw reply related [flat|nested] 9+ messages in thread* [U-Boot] [PATCH V3 7/7] test: vboot: clean its file
2018-11-13 16:43 ` [U-Boot] [PATCH V3 7/7] test: vboot: clean its file Philippe Reynes
@ 2018-11-14 12:32 ` Clément Péron
2018-11-14 12:54 ` Philippe REYNES
0 siblings, 1 reply; 9+ messages in thread
From: Clément Péron @ 2018-11-14 12:32 UTC (permalink / raw)
To: u-boot
Hi Philippe,
Sorry, If my explanation wasn't clear in my previous email but as your
series is still not merged you should have squash this commit...
On Tue, 13 Nov 2018 at 21:37, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> This update the its file used in vboot test to respect the new
> node style name defined in doc/uImage.FIT (for example: replace
> kernel at 1 by kernel and fdt at 1 by fdt-1)
>
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>
Please don't do that next time, you are able to keep the "Reviewed-by"
on patch already review or slightly modified.
Here, you introduce a new patch in your serie and Simon didn't review
it, so you should not add a "Reviewed-by' on this commit !
> Reviewed-by: Clément Péron <peron.clem@gmail.com>
Also I don't gave you my "Reviewed-by" tag, only made a comment about
the its format, so you should not add my tag on all your patches.
Please could you repost a v4 where
This patch is squashed with the commit introducing these files.
Only the Simon Glass Reviewed-by tags are present.
Thanks for your contribution,
Clément
> ---
> test/py/tests/test_vboot.py | 2 +-
> test/py/tests/vboot/sign-configs-sha1-pss.its | 18 +++++++++---------
> test/py/tests/vboot/sign-configs-sha1.its | 18 +++++++++---------
> test/py/tests/vboot/sign-configs-sha256-pss.its | 18 +++++++++---------
> test/py/tests/vboot/sign-configs-sha256.its | 18 +++++++++---------
> test/py/tests/vboot/sign-images-sha1-pss.its | 16 ++++++++--------
> test/py/tests/vboot/sign-images-sha1.its | 16 ++++++++--------
> test/py/tests/vboot/sign-images-sha256-pss.its | 16 ++++++++--------
> test/py/tests/vboot/sign-images-sha256.its | 16 ++++++++--------
> 9 files changed, 69 insertions(+), 69 deletions(-)
>
> Changelog:
> v3:
> - new patch in the serie (feedback from Clément Péron)
>
> diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
> index a3a3879..1e6ae7a 100644
> --- a/test/py/tests/test_vboot.py
> +++ b/test/py/tests/test_vboot.py
> @@ -204,7 +204,7 @@ def test_vboot(u_boot_console):
> fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign'
> dtc_args = '-I dts -O dtb -i %s' % tmpdir
> dtb = '%ssandbox-u-boot.dtb' % tmpdir
> - sig_node = '/configurations/conf at 1/signature at 1'
> + sig_node = '/configurations/conf-1/signature'
>
> # Create an RSA key pair
> public_exponent = 65537
> diff --git a/test/py/tests/vboot/sign-configs-sha1-pss.its b/test/py/tests/vboot/sign-configs-sha1-pss.its
> index 3c3ab20..72a5637 100644
> --- a/test/py/tests/vboot/sign-configs-sha1-pss.its
> +++ b/test/py/tests/vboot/sign-configs-sha1-pss.its
> @@ -5,7 +5,7 @@
> #address-cells = <1>;
>
> images {
> - kernel at 1 {
> + kernel {
> data = /incbin/("test-kernel.bin");
> type = "kernel_noload";
> arch = "sandbox";
> @@ -14,28 +14,28 @@
> load = <0x4>;
> entry = <0x8>;
> kernel-version = <1>;
> - hash at 1 {
> + hash-1 {
> algo = "sha1";
> };
> };
> - fdt at 1 {
> + fdt-1 {
> description = "snow";
> data = /incbin/("sandbox-kernel.dtb");
> type = "flat_dt";
> arch = "sandbox";
> compression = "none";
> fdt-version = <1>;
> - hash at 1 {
> + hash-1 {
> algo = "sha1";
> };
> };
> };
> configurations {
> - default = "conf at 1";
> - conf at 1 {
> - kernel = "kernel at 1";
> - fdt = "fdt at 1";
> - signature at 1 {
> + default = "conf-1";
> + conf-1 {
> + kernel = "kernel";
> + fdt = "fdt-1";
> + signature {
> algo = "sha1,rsa2048";
> padding = "pss";
> key-name-hint = "dev";
> diff --git a/test/py/tests/vboot/sign-configs-sha1.its b/test/py/tests/vboot/sign-configs-sha1.its
> index db2ed79..d8bc1fa 100644
> --- a/test/py/tests/vboot/sign-configs-sha1.its
> +++ b/test/py/tests/vboot/sign-configs-sha1.its
> @@ -5,7 +5,7 @@
> #address-cells = <1>;
>
> images {
> - kernel at 1 {
> + kernel {
> data = /incbin/("test-kernel.bin");
> type = "kernel_noload";
> arch = "sandbox";
> @@ -14,28 +14,28 @@
> load = <0x4>;
> entry = <0x8>;
> kernel-version = <1>;
> - hash at 1 {
> + hash-1 {
> algo = "sha1";
> };
> };
> - fdt at 1 {
> + fdt-1 {
> description = "snow";
> data = /incbin/("sandbox-kernel.dtb");
> type = "flat_dt";
> arch = "sandbox";
> compression = "none";
> fdt-version = <1>;
> - hash at 1 {
> + hash-1 {
> algo = "sha1";
> };
> };
> };
> configurations {
> - default = "conf at 1";
> - conf at 1 {
> - kernel = "kernel at 1";
> - fdt = "fdt at 1";
> - signature at 1 {
> + default = "conf-1";
> + conf-1 {
> + kernel = "kernel";
> + fdt = "fdt-1";
> + signature {
> algo = "sha1,rsa2048";
> key-name-hint = "dev";
> sign-images = "fdt", "kernel";
> diff --git a/test/py/tests/vboot/sign-configs-sha256-pss.its b/test/py/tests/vboot/sign-configs-sha256-pss.its
> index 8e33510..7bdcc7e 100644
> --- a/test/py/tests/vboot/sign-configs-sha256-pss.its
> +++ b/test/py/tests/vboot/sign-configs-sha256-pss.its
> @@ -5,7 +5,7 @@
> #address-cells = <1>;
>
> images {
> - kernel at 1 {
> + kernel {
> data = /incbin/("test-kernel.bin");
> type = "kernel_noload";
> arch = "sandbox";
> @@ -14,28 +14,28 @@
> load = <0x4>;
> entry = <0x8>;
> kernel-version = <1>;
> - hash at 1 {
> + hash-1 {
> algo = "sha256";
> };
> };
> - fdt at 1 {
> + fdt-1 {
> description = "snow";
> data = /incbin/("sandbox-kernel.dtb");
> type = "flat_dt";
> arch = "sandbox";
> compression = "none";
> fdt-version = <1>;
> - hash at 1 {
> + hash-1 {
> algo = "sha256";
> };
> };
> };
> configurations {
> - default = "conf at 1";
> - conf at 1 {
> - kernel = "kernel at 1";
> - fdt = "fdt at 1";
> - signature at 1 {
> + default = "conf-1";
> + conf-1 {
> + kernel = "kernel";
> + fdt = "fdt-1";
> + signature {
> algo = "sha256,rsa2048";
> padding = "pss";
> key-name-hint = "dev";
> diff --git a/test/py/tests/vboot/sign-configs-sha256.its b/test/py/tests/vboot/sign-configs-sha256.its
> index 1b3432e..f5591aa 100644
> --- a/test/py/tests/vboot/sign-configs-sha256.its
> +++ b/test/py/tests/vboot/sign-configs-sha256.its
> @@ -5,7 +5,7 @@
> #address-cells = <1>;
>
> images {
> - kernel at 1 {
> + kernel {
> data = /incbin/("test-kernel.bin");
> type = "kernel_noload";
> arch = "sandbox";
> @@ -14,28 +14,28 @@
> load = <0x4>;
> entry = <0x8>;
> kernel-version = <1>;
> - hash at 1 {
> + hash-1 {
> algo = "sha256";
> };
> };
> - fdt at 1 {
> + fdt-1 {
> description = "snow";
> data = /incbin/("sandbox-kernel.dtb");
> type = "flat_dt";
> arch = "sandbox";
> compression = "none";
> fdt-version = <1>;
> - hash at 1 {
> + hash-1 {
> algo = "sha256";
> };
> };
> };
> configurations {
> - default = "conf at 1";
> - conf at 1 {
> - kernel = "kernel at 1";
> - fdt = "fdt at 1";
> - signature at 1 {
> + default = "conf-1";
> + conf-1 {
> + kernel = "kernel";
> + fdt = "fdt-1";
> + signature {
> algo = "sha256,rsa2048";
> key-name-hint = "dev";
> sign-images = "fdt", "kernel";
> diff --git a/test/py/tests/vboot/sign-images-sha1-pss.its b/test/py/tests/vboot/sign-images-sha1-pss.its
> index d19c4d7..ded7ae4 100644
> --- a/test/py/tests/vboot/sign-images-sha1-pss.its
> +++ b/test/py/tests/vboot/sign-images-sha1-pss.its
> @@ -5,7 +5,7 @@
> #address-cells = <1>;
>
> images {
> - kernel at 1 {
> + kernel {
> data = /incbin/("test-kernel.bin");
> type = "kernel_noload";
> arch = "sandbox";
> @@ -14,20 +14,20 @@
> load = <0x4>;
> entry = <0x8>;
> kernel-version = <1>;
> - signature at 1 {
> + signature {
> algo = "sha1,rsa2048";
> padding = "pss";
> key-name-hint = "dev";
> };
> };
> - fdt at 1 {
> + fdt-1 {
> description = "snow";
> data = /incbin/("sandbox-kernel.dtb");
> type = "flat_dt";
> arch = "sandbox";
> compression = "none";
> fdt-version = <1>;
> - signature at 1 {
> + signature {
> algo = "sha1,rsa2048";
> padding = "pss";
> key-name-hint = "dev";
> @@ -35,10 +35,10 @@
> };
> };
> configurations {
> - default = "conf at 1";
> - conf at 1 {
> - kernel = "kernel at 1";
> - fdt = "fdt at 1";
> + default = "conf-1";
> + conf-1 {
> + kernel = "kernel";
> + fdt = "fdt-1";
> };
> };
> };
> diff --git a/test/py/tests/vboot/sign-images-sha1.its b/test/py/tests/vboot/sign-images-sha1.its
> index f69326a..18c759e 100644
> --- a/test/py/tests/vboot/sign-images-sha1.its
> +++ b/test/py/tests/vboot/sign-images-sha1.its
> @@ -5,7 +5,7 @@
> #address-cells = <1>;
>
> images {
> - kernel at 1 {
> + kernel {
> data = /incbin/("test-kernel.bin");
> type = "kernel_noload";
> arch = "sandbox";
> @@ -14,29 +14,29 @@
> load = <0x4>;
> entry = <0x8>;
> kernel-version = <1>;
> - signature at 1 {
> + signature {
> algo = "sha1,rsa2048";
> key-name-hint = "dev";
> };
> };
> - fdt at 1 {
> + fdt-1 {
> description = "snow";
> data = /incbin/("sandbox-kernel.dtb");
> type = "flat_dt";
> arch = "sandbox";
> compression = "none";
> fdt-version = <1>;
> - signature at 1 {
> + signature {
> algo = "sha1,rsa2048";
> key-name-hint = "dev";
> };
> };
> };
> configurations {
> - default = "conf at 1";
> - conf at 1 {
> - kernel = "kernel at 1";
> - fdt = "fdt at 1";
> + default = "conf-1";
> + conf-1 {
> + kernel = "kernel";
> + fdt = "fdt-1";
> };
> };
> };
> diff --git a/test/py/tests/vboot/sign-images-sha256-pss.its b/test/py/tests/vboot/sign-images-sha256-pss.its
> index 43612f8..34850cc 100644
> --- a/test/py/tests/vboot/sign-images-sha256-pss.its
> +++ b/test/py/tests/vboot/sign-images-sha256-pss.its
> @@ -5,7 +5,7 @@
> #address-cells = <1>;
>
> images {
> - kernel at 1 {
> + kernel {
> data = /incbin/("test-kernel.bin");
> type = "kernel_noload";
> arch = "sandbox";
> @@ -14,20 +14,20 @@
> load = <0x4>;
> entry = <0x8>;
> kernel-version = <1>;
> - signature at 1 {
> + signature {
> algo = "sha256,rsa2048";
> padding = "pss";
> key-name-hint = "dev";
> };
> };
> - fdt at 1 {
> + fdt-1 {
> description = "snow";
> data = /incbin/("sandbox-kernel.dtb");
> type = "flat_dt";
> arch = "sandbox";
> compression = "none";
> fdt-version = <1>;
> - signature at 1 {
> + signature {
> algo = "sha256,rsa2048";
> padding = "pss";
> key-name-hint = "dev";
> @@ -35,10 +35,10 @@
> };
> };
> configurations {
> - default = "conf at 1";
> - conf at 1 {
> - kernel = "kernel at 1";
> - fdt = "fdt at 1";
> + default = "conf-1";
> + conf-1 {
> + kernel = "kernel";
> + fdt = "fdt-1";
> };
> };
> };
> diff --git a/test/py/tests/vboot/sign-images-sha256.its b/test/py/tests/vboot/sign-images-sha256.its
> index e6aa9fc..bb0f8ee 100644
> --- a/test/py/tests/vboot/sign-images-sha256.its
> +++ b/test/py/tests/vboot/sign-images-sha256.its
> @@ -5,7 +5,7 @@
> #address-cells = <1>;
>
> images {
> - kernel at 1 {
> + kernel {
> data = /incbin/("test-kernel.bin");
> type = "kernel_noload";
> arch = "sandbox";
> @@ -14,29 +14,29 @@
> load = <0x4>;
> entry = <0x8>;
> kernel-version = <1>;
> - signature at 1 {
> + signature {
> algo = "sha256,rsa2048";
> key-name-hint = "dev";
> };
> };
> - fdt at 1 {
> + fdt-1 {
> description = "snow";
> data = /incbin/("sandbox-kernel.dtb");
> type = "flat_dt";
> arch = "sandbox";
> compression = "none";
> fdt-version = <1>;
> - signature at 1 {
> + signature {
> algo = "sha256,rsa2048";
> key-name-hint = "dev";
> };
> };
> };
> configurations {
> - default = "conf at 1";
> - conf at 1 {
> - kernel = "kernel at 1";
> - fdt = "fdt at 1";
> + default = "conf-1";
> + conf-1 {
> + kernel = "kernel";
> + fdt = "fdt-1";
> };
> };
> };
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 9+ messages in thread* [U-Boot] [PATCH V3 7/7] test: vboot: clean its file
2018-11-14 12:32 ` Clément Péron
@ 2018-11-14 12:54 ` Philippe REYNES
0 siblings, 0 replies; 9+ messages in thread
From: Philippe REYNES @ 2018-11-14 12:54 UTC (permalink / raw)
To: u-boot
Hi Clément,
You're right, I've done several mistake on the tag for the serie 3.
I shouldn't add a reviewed by simon on the new patch, and sorry, I've
understood that you provide a reviewed by on the whole serie.
I've send a v4 with clean tag.
Regards,
Philippe
----- Mail original -----
De: "Clément Péron" <peron.clem@gmail.com>
À: "philippe reynes" <philippe.reynes@softathome.com>
Cc: sjg at chromium.org, "joe hershberger" <joe.hershberger@ni.com>, "michal simek" <michal.simek@xilinx.com>, "yamada masahiro" <yamada.masahiro@socionext.com>, "Marek Vasut" <marex@denx.de>, "Adam Ford" <aford173@gmail.com>, "woods technical" <woods.technical@gmail.com>, "Teddy Reed V" <teddy.reed@gmail.com>, "jun nie" <jun.nie@linaro.org>, "Kelvin Cheung" <keguang.zhang@gmail.com>, "peng fan" <peng.fan@nxp.com>, "andre przywara" <andre.przywara@arm.com>, "Philipp Tomsich" <philipp.tomsich@theobroma-systems.com>, "Bin Chen" <bin.chen@linaro.org>, jsg at jsg.id.au, nomble at palism.com, "paul burton" <paul.burton@mips.com>, "Alex Kiernan" <alex.kiernan@gmail.com>, "u-boot" <u-boot@lists.denx.de>
Envoyé: Mercredi 14 Novembre 2018 13:32:32
Objet: Re: [PATCH V3 7/7] test: vboot: clean its file
Hi Philippe,
Sorry, If my explanation wasn't clear in my previous email but as your
series is still not merged you should have squash this commit...
On Tue, 13 Nov 2018 at 21:37, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> This update the its file used in vboot test to respect the new
> node style name defined in doc/uImage.FIT (for example: replace
> kernel at 1 by kernel and fdt at 1 by fdt-1)
>
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>
Please don't do that next time, you are able to keep the "Reviewed-by"
on patch already review or slightly modified.
Here, you introduce a new patch in your serie and Simon didn't review
it, so you should not add a "Reviewed-by' on this commit !
> Reviewed-by: Clément Péron <peron.clem@gmail.com>
Also I don't gave you my "Reviewed-by" tag, only made a comment about
the its format, so you should not add my tag on all your patches.
Please could you repost a v4 where
This patch is squashed with the commit introducing these files.
Only the Simon Glass Reviewed-by tags are present.
Thanks for your contribution,
Clément
> ---
> test/py/tests/test_vboot.py | 2 +-
> test/py/tests/vboot/sign-configs-sha1-pss.its | 18 +++++++++---------
> test/py/tests/vboot/sign-configs-sha1.its | 18 +++++++++---------
> test/py/tests/vboot/sign-configs-sha256-pss.its | 18 +++++++++---------
> test/py/tests/vboot/sign-configs-sha256.its | 18 +++++++++---------
> test/py/tests/vboot/sign-images-sha1-pss.its | 16 ++++++++--------
> test/py/tests/vboot/sign-images-sha1.its | 16 ++++++++--------
> test/py/tests/vboot/sign-images-sha256-pss.its | 16 ++++++++--------
> test/py/tests/vboot/sign-images-sha256.its | 16 ++++++++--------
> 9 files changed, 69 insertions(+), 69 deletions(-)
>
> Changelog:
> v3:
> - new patch in the serie (feedback from Clément Péron)
>
> diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
> index a3a3879..1e6ae7a 100644
> --- a/test/py/tests/test_vboot.py
> +++ b/test/py/tests/test_vboot.py
> @@ -204,7 +204,7 @@ def test_vboot(u_boot_console):
> fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign'
> dtc_args = '-I dts -O dtb -i %s' % tmpdir
> dtb = '%ssandbox-u-boot.dtb' % tmpdir
> - sig_node = '/configurations/conf at 1/signature at 1'
> + sig_node = '/configurations/conf-1/signature'
>
> # Create an RSA key pair
> public_exponent = 65537
> diff --git a/test/py/tests/vboot/sign-configs-sha1-pss.its b/test/py/tests/vboot/sign-configs-sha1-pss.its
> index 3c3ab20..72a5637 100644
> --- a/test/py/tests/vboot/sign-configs-sha1-pss.its
> +++ b/test/py/tests/vboot/sign-configs-sha1-pss.its
> @@ -5,7 +5,7 @@
> #address-cells = <1>;
>
> images {
> - kernel at 1 {
> + kernel {
> data = /incbin/("test-kernel.bin");
> type = "kernel_noload";
> arch = "sandbox";
> @@ -14,28 +14,28 @@
> load = <0x4>;
> entry = <0x8>;
> kernel-version = <1>;
> - hash at 1 {
> + hash-1 {
> algo = "sha1";
> };
> };
> - fdt at 1 {
> + fdt-1 {
> description = "snow";
> data = /incbin/("sandbox-kernel.dtb");
> type = "flat_dt";
> arch = "sandbox";
> compression = "none";
> fdt-version = <1>;
> - hash at 1 {
> + hash-1 {
> algo = "sha1";
> };
> };
> };
> configurations {
> - default = "conf at 1";
> - conf at 1 {
> - kernel = "kernel at 1";
> - fdt = "fdt at 1";
> - signature at 1 {
> + default = "conf-1";
> + conf-1 {
> + kernel = "kernel";
> + fdt = "fdt-1";
> + signature {
> algo = "sha1,rsa2048";
> padding = "pss";
> key-name-hint = "dev";
> diff --git a/test/py/tests/vboot/sign-configs-sha1.its b/test/py/tests/vboot/sign-configs-sha1.its
> index db2ed79..d8bc1fa 100644
> --- a/test/py/tests/vboot/sign-configs-sha1.its
> +++ b/test/py/tests/vboot/sign-configs-sha1.its
> @@ -5,7 +5,7 @@
> #address-cells = <1>;
>
> images {
> - kernel at 1 {
> + kernel {
> data = /incbin/("test-kernel.bin");
> type = "kernel_noload";
> arch = "sandbox";
> @@ -14,28 +14,28 @@
> load = <0x4>;
> entry = <0x8>;
> kernel-version = <1>;
> - hash at 1 {
> + hash-1 {
> algo = "sha1";
> };
> };
> - fdt at 1 {
> + fdt-1 {
> description = "snow";
> data = /incbin/("sandbox-kernel.dtb");
> type = "flat_dt";
> arch = "sandbox";
> compression = "none";
> fdt-version = <1>;
> - hash at 1 {
> + hash-1 {
> algo = "sha1";
> };
> };
> };
> configurations {
> - default = "conf at 1";
> - conf at 1 {
> - kernel = "kernel at 1";
> - fdt = "fdt at 1";
> - signature at 1 {
> + default = "conf-1";
> + conf-1 {
> + kernel = "kernel";
> + fdt = "fdt-1";
> + signature {
> algo = "sha1,rsa2048";
> key-name-hint = "dev";
> sign-images = "fdt", "kernel";
> diff --git a/test/py/tests/vboot/sign-configs-sha256-pss.its b/test/py/tests/vboot/sign-configs-sha256-pss.its
> index 8e33510..7bdcc7e 100644
> --- a/test/py/tests/vboot/sign-configs-sha256-pss.its
> +++ b/test/py/tests/vboot/sign-configs-sha256-pss.its
> @@ -5,7 +5,7 @@
> #address-cells = <1>;
>
> images {
> - kernel at 1 {
> + kernel {
> data = /incbin/("test-kernel.bin");
> type = "kernel_noload";
> arch = "sandbox";
> @@ -14,28 +14,28 @@
> load = <0x4>;
> entry = <0x8>;
> kernel-version = <1>;
> - hash at 1 {
> + hash-1 {
> algo = "sha256";
> };
> };
> - fdt at 1 {
> + fdt-1 {
> description = "snow";
> data = /incbin/("sandbox-kernel.dtb");
> type = "flat_dt";
> arch = "sandbox";
> compression = "none";
> fdt-version = <1>;
> - hash at 1 {
> + hash-1 {
> algo = "sha256";
> };
> };
> };
> configurations {
> - default = "conf at 1";
> - conf at 1 {
> - kernel = "kernel at 1";
> - fdt = "fdt at 1";
> - signature at 1 {
> + default = "conf-1";
> + conf-1 {
> + kernel = "kernel";
> + fdt = "fdt-1";
> + signature {
> algo = "sha256,rsa2048";
> padding = "pss";
> key-name-hint = "dev";
> diff --git a/test/py/tests/vboot/sign-configs-sha256.its b/test/py/tests/vboot/sign-configs-sha256.its
> index 1b3432e..f5591aa 100644
> --- a/test/py/tests/vboot/sign-configs-sha256.its
> +++ b/test/py/tests/vboot/sign-configs-sha256.its
> @@ -5,7 +5,7 @@
> #address-cells = <1>;
>
> images {
> - kernel at 1 {
> + kernel {
> data = /incbin/("test-kernel.bin");
> type = "kernel_noload";
> arch = "sandbox";
> @@ -14,28 +14,28 @@
> load = <0x4>;
> entry = <0x8>;
> kernel-version = <1>;
> - hash at 1 {
> + hash-1 {
> algo = "sha256";
> };
> };
> - fdt at 1 {
> + fdt-1 {
> description = "snow";
> data = /incbin/("sandbox-kernel.dtb");
> type = "flat_dt";
> arch = "sandbox";
> compression = "none";
> fdt-version = <1>;
> - hash at 1 {
> + hash-1 {
> algo = "sha256";
> };
> };
> };
> configurations {
> - default = "conf at 1";
> - conf at 1 {
> - kernel = "kernel at 1";
> - fdt = "fdt at 1";
> - signature at 1 {
> + default = "conf-1";
> + conf-1 {
> + kernel = "kernel";
> + fdt = "fdt-1";
> + signature {
> algo = "sha256,rsa2048";
> key-name-hint = "dev";
> sign-images = "fdt", "kernel";
> diff --git a/test/py/tests/vboot/sign-images-sha1-pss.its b/test/py/tests/vboot/sign-images-sha1-pss.its
> index d19c4d7..ded7ae4 100644
> --- a/test/py/tests/vboot/sign-images-sha1-pss.its
> +++ b/test/py/tests/vboot/sign-images-sha1-pss.its
> @@ -5,7 +5,7 @@
> #address-cells = <1>;
>
> images {
> - kernel at 1 {
> + kernel {
> data = /incbin/("test-kernel.bin");
> type = "kernel_noload";
> arch = "sandbox";
> @@ -14,20 +14,20 @@
> load = <0x4>;
> entry = <0x8>;
> kernel-version = <1>;
> - signature at 1 {
> + signature {
> algo = "sha1,rsa2048";
> padding = "pss";
> key-name-hint = "dev";
> };
> };
> - fdt at 1 {
> + fdt-1 {
> description = "snow";
> data = /incbin/("sandbox-kernel.dtb");
> type = "flat_dt";
> arch = "sandbox";
> compression = "none";
> fdt-version = <1>;
> - signature at 1 {
> + signature {
> algo = "sha1,rsa2048";
> padding = "pss";
> key-name-hint = "dev";
> @@ -35,10 +35,10 @@
> };
> };
> configurations {
> - default = "conf at 1";
> - conf at 1 {
> - kernel = "kernel at 1";
> - fdt = "fdt at 1";
> + default = "conf-1";
> + conf-1 {
> + kernel = "kernel";
> + fdt = "fdt-1";
> };
> };
> };
> diff --git a/test/py/tests/vboot/sign-images-sha1.its b/test/py/tests/vboot/sign-images-sha1.its
> index f69326a..18c759e 100644
> --- a/test/py/tests/vboot/sign-images-sha1.its
> +++ b/test/py/tests/vboot/sign-images-sha1.its
> @@ -5,7 +5,7 @@
> #address-cells = <1>;
>
> images {
> - kernel at 1 {
> + kernel {
> data = /incbin/("test-kernel.bin");
> type = "kernel_noload";
> arch = "sandbox";
> @@ -14,29 +14,29 @@
> load = <0x4>;
> entry = <0x8>;
> kernel-version = <1>;
> - signature at 1 {
> + signature {
> algo = "sha1,rsa2048";
> key-name-hint = "dev";
> };
> };
> - fdt at 1 {
> + fdt-1 {
> description = "snow";
> data = /incbin/("sandbox-kernel.dtb");
> type = "flat_dt";
> arch = "sandbox";
> compression = "none";
> fdt-version = <1>;
> - signature at 1 {
> + signature {
> algo = "sha1,rsa2048";
> key-name-hint = "dev";
> };
> };
> };
> configurations {
> - default = "conf at 1";
> - conf at 1 {
> - kernel = "kernel at 1";
> - fdt = "fdt at 1";
> + default = "conf-1";
> + conf-1 {
> + kernel = "kernel";
> + fdt = "fdt-1";
> };
> };
> };
> diff --git a/test/py/tests/vboot/sign-images-sha256-pss.its b/test/py/tests/vboot/sign-images-sha256-pss.its
> index 43612f8..34850cc 100644
> --- a/test/py/tests/vboot/sign-images-sha256-pss.its
> +++ b/test/py/tests/vboot/sign-images-sha256-pss.its
> @@ -5,7 +5,7 @@
> #address-cells = <1>;
>
> images {
> - kernel at 1 {
> + kernel {
> data = /incbin/("test-kernel.bin");
> type = "kernel_noload";
> arch = "sandbox";
> @@ -14,20 +14,20 @@
> load = <0x4>;
> entry = <0x8>;
> kernel-version = <1>;
> - signature at 1 {
> + signature {
> algo = "sha256,rsa2048";
> padding = "pss";
> key-name-hint = "dev";
> };
> };
> - fdt at 1 {
> + fdt-1 {
> description = "snow";
> data = /incbin/("sandbox-kernel.dtb");
> type = "flat_dt";
> arch = "sandbox";
> compression = "none";
> fdt-version = <1>;
> - signature at 1 {
> + signature {
> algo = "sha256,rsa2048";
> padding = "pss";
> key-name-hint = "dev";
> @@ -35,10 +35,10 @@
> };
> };
> configurations {
> - default = "conf at 1";
> - conf at 1 {
> - kernel = "kernel at 1";
> - fdt = "fdt at 1";
> + default = "conf-1";
> + conf-1 {
> + kernel = "kernel";
> + fdt = "fdt-1";
> };
> };
> };
> diff --git a/test/py/tests/vboot/sign-images-sha256.its b/test/py/tests/vboot/sign-images-sha256.its
> index e6aa9fc..bb0f8ee 100644
> --- a/test/py/tests/vboot/sign-images-sha256.its
> +++ b/test/py/tests/vboot/sign-images-sha256.its
> @@ -5,7 +5,7 @@
> #address-cells = <1>;
>
> images {
> - kernel at 1 {
> + kernel {
> data = /incbin/("test-kernel.bin");
> type = "kernel_noload";
> arch = "sandbox";
> @@ -14,29 +14,29 @@
> load = <0x4>;
> entry = <0x8>;
> kernel-version = <1>;
> - signature at 1 {
> + signature {
> algo = "sha256,rsa2048";
> key-name-hint = "dev";
> };
> };
> - fdt at 1 {
> + fdt-1 {
> description = "snow";
> data = /incbin/("sandbox-kernel.dtb");
> type = "flat_dt";
> arch = "sandbox";
> compression = "none";
> fdt-version = <1>;
> - signature at 1 {
> + signature {
> algo = "sha256,rsa2048";
> key-name-hint = "dev";
> };
> };
> };
> configurations {
> - default = "conf at 1";
> - conf at 1 {
> - kernel = "kernel at 1";
> - fdt = "fdt at 1";
> + default = "conf-1";
> + conf-1 {
> + kernel = "kernel";
> + fdt = "fdt-1";
> };
> };
> };
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 9+ messages in thread