[PATCH] Added rsa-sha256 support.

Andreas Oetken andreas.oetken at siemens.com
Wed Nov 27 13:09:19 CET 2013


Signed-off-by: Andreas Oetken <andreas.oetken at siemens.com>
---
=C2=A0common/image-sig.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A033=
 +++++++++++++
=C2=A0include/image.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=
=A0 =C2=A020 +++++++-
=C2=A0include/rsa-checksum.h=C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A025 +++++++++=
+
=C2=A0include/rsa.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=
=C2=A0 =C2=A017 +++++++
=C2=A0lib/rsa/Makefile=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=
=A0 2 +-
=C2=A0lib/rsa/rsa-checksum.c=C2=A0 =C2=A0 =C2=A0 |=C2=A0 108 ++++++++++++++=
+++++++++++++++++++++++++++++
=C2=A0lib/rsa/rsa-sign.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A010=
 ++--
=C2=A0lib/rsa/rsa-verify.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A080 ++++=
+++++-----------------------
=C2=A0test/vboot/sign-configs.its |=C2=A0 =C2=A0 2 +-
=C2=A0test/vboot/sign-images.its=C2=A0 |=C2=A0 =C2=A0 2 +-
=C2=A010 files changed, 233 insertions(+), 66 deletions(-)
=C2=A0create mode 100644 include/rsa-checksum.h
=C2=A0create mode 100644 lib/rsa/rsa-checksum.c

diff --git a/common/image-sig.c b/common/image-sig.c
index 973b06d..5ce6b80 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -14,15 +14,48 @@ DECLARE_GLOBAL_DATA_PTR;
=C2=A0#endif /* !USE_HOSTCC*/
=C2=A0#include <image.h>
=C2=A0#include <rsa.h>
+#include <rsa-checksum.h>
=C2=A0
=C2=A0#define IMAGE_MAX_HASHED_NODES=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0100
=C2=A0
+
+struct image_hash_algo image_hash_algos[] =3D {
+=C2=A0 =C2=A0 =C2=A0 =C2=A0{
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0"sha1",
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SHA1_SUM_LEN,
+#if IMAGE_ENABLE_SIGN
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0EVP_sha1,
+#else
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0sha1_calculate,
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0padding_sha1_rsa204=
8,
+#endif
+=C2=A0 =C2=A0 =C2=A0 =C2=A0},
+=C2=A0 =C2=A0 =C2=A0 =C2=A0{
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0"sha256",
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0SHA256_SUM_LEN,
+#if IMAGE_ENABLE_SIGN
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0EVP_sha256,
+#else
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0sha256_calculate,
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0padding_sha256_rsa2=
048,
+#endif
+=C2=A0 =C2=A0 =C2=A0 =C2=A0}
+};
+
=C2=A0struct image_sig_algo image_sig_algos[] =3D {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "sha1,rsa2048",
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 rsa_sign,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 rsa_add_verify_data=
,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 rsa_verify,
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0&image_hash_algos[0=
],
+=C2=A0 =C2=A0 =C2=A0 =C2=A0},
+=C2=A0 =C2=A0 =C2=A0 =C2=A0{
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0"sha256,rsa2048",
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0rsa_sign,
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0rsa_add_verify_data=
,
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0rsa_verify,
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0&image_hash_algos[1=
],
=C2=A0 =C2=A0 =C2=A0 =C2=A0 }
=C2=A0};
=C2=A0
diff --git a/include/image.h b/include/image.h
index ee6eb8d..1f7ca61 100644
--- a/include/image.h
+++ b/include/image.h
@@ -822,7 +822,8 @@ int calculate_hash(const void *data, int data_len, cons=
t
char *algo,
=C2=A0# ifdef USE_HOSTCC
=C2=A0#=C2=A0 define IMAGE_ENABLE_SIGN=C2=A0 =C2=A0 1
=C2=A0#=C2=A0 define IMAGE_ENABLE_VERIFY=C2=A0 0
-#else
+#=C2=A0 include=C2=A0 <openssl/evp.h>
+# else
=C2=A0#=C2=A0 define IMAGE_ENABLE_SIGN=C2=A0 =C2=A0 0
=C2=A0#=C2=A0 define IMAGE_ENABLE_VERIFY=C2=A0 1
=C2=A0# endif
@@ -861,6 +862,20 @@ struct image_region {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 int size;
=C2=A0};
=C2=A0
+struct image_hash_algo {
+=C2=A0 =C2=A0 =C2=A0 =C2=A0const char *name;
+=C2=A0 =C2=A0 =C2=A0 =C2=A0const int checksum_len;
+#if IMAGE_ENABLE_SIGN
+=C2=A0 =C2=A0 =C2=A0 =C2=A0EVP_MD *(*calculate)(void);
+#else
+#if IMAGE_ENABLE_VERIFY
+=C2=A0 =C2=A0 =C2=A0 =C2=A0void (*calculate)(const struct image_region reg=
ion[],
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0int region_count, uint8_t *checksum);
+=C2=A0 =C2=A0 =C2=A0 =C2=A0const uint8_t *rsa_padding;
+#endif
+#endif
+};
+
=C2=A0struct image_sig_algo {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 const char *name;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0/* Name of algorithm */
=C2=A0
@@ -911,6 +926,9 @@ struct image_sig_algo {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 int (*verify)(struct image_sign_info *info,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 const struct image_region region[], int region_count,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 uint8_t *sig, uint sig_len);
+
+=C2=A0 =C2=A0 =C2=A0 =C2=A0/* pointer to hash algorithm */
+=C2=A0 =C2=A0 =C2=A0 =C2=A0struct image_hash_algo *hash_algo;
=C2=A0};
=C2=A0
=C2=A0/**
diff --git a/include/rsa-checksum.h b/include/rsa-checksum.h
new file mode 100644
index 0000000..d2c6474
--- /dev/null
+++ b/include/rsa-checksum.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2013, Andreas Oetken.
+ *
+ * SPDX-License-Identifier:=C2=A0 =C2=A0 GPL-2.0+
+ */
+
+#ifndef _RSA_CHECKSUM_H
+#define _RSA_CHECKSUM_H
+
+#include <errno.h>
+#include <image.h>
+#include <sha1.h>
+#include <sha256.h>
+
+#if IMAGE_ENABLE_VERIFY
+extern const uint8_t padding_sha256_rsa2048[];
+extern const uint8_t padding_sha1_rsa2048[];
+
+void sha256_calculate(const struct image_region region[],
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0int region_count, uint8_t *checksum);
+void sha1_calculate(const struct image_region region[],
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0int r=
egion_count, uint8_t *checksum);
+#endif
+
+#endif
diff --git a/include/rsa.h b/include/rsa.h
index add4c78..12ae443 100644
--- a/include/rsa.h
+++ b/include/rsa.h
@@ -15,6 +15,23 @@
=C2=A0#include <errno.h>
=C2=A0#include <image.h>
=C2=A0
+#define RSA2048_BYTES=C2=A0 (2048 / 8)
+
+/**
+ * struct rsa_public_key - holder for a public key
+ *
+ * An RSA public key consists of a modulus (typically called N), the inver=
se
+ * and R^2, where R is 2^(# key bits).
+ */
+
+struct rsa_public_key {
+=C2=A0 =C2=A0 =C2=A0 =C2=A0uint len;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0/* Length of modulus[] in number of uint32_t */
+=C2=A0 =C2=A0 =C2=A0 =C2=A0uint32_t n0inv;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0/* -1 / modulus[0] mod 2^32 */
+=C2=A0 =C2=A0 =C2=A0 =C2=A0uint32_t *modulus;=C2=A0 =C2=A0 =C2=A0 /* modul=
us as little endian array */
+=C2=A0 =C2=A0 =C2=A0 =C2=A0uint32_t *rr;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0/* R^2 as little endian array */
+};
+
+
=C2=A0#if IMAGE_ENABLE_SIGN
=C2=A0/**
=C2=A0 * sign() - calculate and return signature for given input data
diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile
index 164ab39..a5a96cb6 100644
--- a/lib/rsa/Makefile
+++ b/lib/rsa/Makefile
@@ -7,4 +7,4 @@
=C2=A0# SPDX-License-Identifier:=C2=A0 =C2=A0 =C2=A0GPL-2.0+
=C2=A0#
=C2=A0
-obj-$(CONFIG_FIT_SIGNATURE) +=3D rsa-verify.o
+obj-$(CONFIG_FIT_SIGNATURE) +=3D rsa-verify.o rsa-checksum.o
diff --git a/lib/rsa/rsa-checksum.c b/lib/rsa/rsa-checksum.c
new file mode 100644
index 0000000..e75abb8
--- /dev/null
+++ b/lib/rsa/rsa-checksum.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2013, Andreas Oetken.
+ *
+ * SPDX-License-Identifier:=C2=A0 =C2=A0 GPL-2.0+
+ */
+
+#include <common.h>
+#include <fdtdec.h>
+#include <rsa.h>
+#include <sha1.h>
+#include <sha256.h>
+#include <asm/byteorder.h>
+#include <asm/errno.h>
+#include <asm/unaligned.h>
+
+
+/* PKCS 1.5 paddings as described in the RSA PKCS#1 v2.1 standard. */
+
+
+const uint8_t padding_sha256_rsa2048[RSA2048_BYTES - SHA256_SUM_LEN] =3D {
+=C2=A0 =C2=A0 =C2=A0 =C2=A00x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
+};
+
+const uint8_t padding_sha1_rsa2048[RSA2048_BYTES - SHA1_SUM_LEN] =3D {
+=C2=A0 =C2=A0 =C2=A0 =C2=A00x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x21, 0x30,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
+=C2=A0 =C2=A0 =C2=A0 =C2=A00x05, 0x00, 0x04, 0x14
+};
+
+
+void sha1_calculate(const struct image_region region[],
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0int r=
egion_count, uint8_t *checksum)
+{
+=C2=A0 =C2=A0 =C2=A0 =C2=A0sha1_context ctx;
+=C2=A0 =C2=A0 =C2=A0 =C2=A0uint32_t i;
+
+=C2=A0 =C2=A0 =C2=A0 =C2=A0sha1_starts(&ctx);
+=C2=A0 =C2=A0 =C2=A0 =C2=A0for (i =3D 0; i < region_count; i++)
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0sha1_update(&ctx, r=
egion[i].data, region[i].size);
+=C2=A0 =C2=A0 =C2=A0 =C2=A0sha1_finish(&ctx, checksum);
+}
+
+void sha256_calculate(const struct image_region region[],
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0int region_count, uint8_t *checksum)
+{
+=C2=A0 =C2=A0 =C2=A0 =C2=A0sha256_context ctx;
+=C2=A0 =C2=A0 =C2=A0 =C2=A0uint32_t i;
+
+=C2=A0 =C2=A0 =C2=A0 =C2=A0sha256_starts(&ctx);
+=C2=A0 =C2=A0 =C2=A0 =C2=A0for (i =3D 0; i < region_count; i++)
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0sha256_update(&ctx,=
 region[i].data, region[i].size);
+=C2=A0 =C2=A0 =C2=A0 =C2=A0sha256_finish(&ctx, checksum);
+}
+
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 549130e..e3b8790 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -159,8 +159,9 @@ static void rsa_remove(void)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 EVP_cleanup();
=C2=A0}
=C2=A0
-static int rsa_sign_with_key(RSA *rsa, const struct image_region region[],
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0int region_count, u=
int8_t **sigp, uint *sig_size)
+static int rsa_sign_with_key(RSA *rsa, struct image_hash_algo *hash_algo,
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0const struct image_region region[],
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0int region_count, uint8_t **sigp, uint *sig_size)
=C2=A0{
=C2=A0 =C2=A0 =C2=A0 =C2=A0 EVP_PKEY *key;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 EVP_MD_CTX *context;
@@ -192,7 +193,7 @@ static int rsa_sign_with_key(RSA *rsa, const struct
image_region region[],
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 goto err_create;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 }
=C2=A0 =C2=A0 =C2=A0 =C2=A0 EVP_MD_CTX_init(context);
-=C2=A0 =C2=A0 =C2=A0 =C2=A0if (!EVP_SignInit(context, EVP_sha1())) {
+=C2=A0 =C2=A0 =C2=A0 =C2=A0if (!EVP_SignInit(context, hash_algo->calculate=
())) {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ret =3D rsa_err("Si=
gner setup failed");
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 goto err_sign;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 }
@@ -242,7 +243,8 @@ int rsa_sign(struct image_sign_info *info,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 ret =3D rsa_get_priv_key(info->keydir, info->ke=
yname, &rsa);
=C2=A0 =C2=A0 =C2=A0 =C2=A0 if (ret)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 goto err_priv;
-=C2=A0 =C2=A0 =C2=A0 =C2=A0ret =3D rsa_sign_with_key(rsa, region, region_c=
ount, sigp, sig_len);
+=C2=A0 =C2=A0 =C2=A0 =C2=A0ret =3D rsa_sign_with_key(rsa, info->algo->hash=
_algo,
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0region, region_count, sigp, sig_len);
=C2=A0 =C2=A0 =C2=A0 =C2=A0 if (ret)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 goto err_sign;
=C2=A0
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 02cc4e3..9a42641 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -7,28 +7,14 @@
=C2=A0#include <common.h>
=C2=A0#include <fdtdec.h>
=C2=A0#include <rsa.h>
-#include <sha1.h>
=C2=A0#include <asm/byteorder.h>
=C2=A0#include <asm/errno.h>
=C2=A0#include <asm/unaligned.h>
=C2=A0
-/**
- * struct rsa_public_key - holder for a public key
- *
- * An RSA public key consists of a modulus (typically called N), the inver=
se
- * and R^2, where R is 2^(# key bits).
- */
-struct rsa_public_key {
-=C2=A0 =C2=A0 =C2=A0 =C2=A0uint len;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0/* Length of modulus[] in number of uint32_t */
-=C2=A0 =C2=A0 =C2=A0 =C2=A0uint32_t n0inv;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0/* -1 / modulus[0] mod 2^32 */
-=C2=A0 =C2=A0 =C2=A0 =C2=A0uint32_t *modulus;=C2=A0 =C2=A0 =C2=A0 /* modul=
us as little endian array */
-=C2=A0 =C2=A0 =C2=A0 =C2=A0uint32_t *rr;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0/* R^2 as little endian array */
-};
+#define MAXIMUM_CHECKSUM_LEN 512
=C2=A0
=C2=A0#define UINT64_MULT32(v, multby)=C2=A0 (((uint64_t)(v)) * ((uint32_t)=
(multby)))
=C2=A0
-#define RSA2048_BYTES=C2=A0 (2048 / 8)
-
=C2=A0/* This is the minimum/maximum key size we support, in bits */
=C2=A0#define RSA_MIN_KEY_BITS=C2=A0 =C2=A0 =C2=A0 =C2=A02048
=C2=A0#define RSA_MAX_KEY_BITS=C2=A0 =C2=A0 =C2=A0 =C2=A02048
@@ -36,38 +22,6 @@ struct rsa_public_key {
=C2=A0/* This is the maximum signature length that we support, in bits */
=C2=A0#define RSA_MAX_SIG_BITS=C2=A0 =C2=A0 =C2=A0 =C2=A02048
=C2=A0
-static const uint8_t padding_sha1_rsa2048[RSA2048_BYTES - SHA1_SUM_LEN] =
=3D {
-=C2=A0 =C2=A0 =C2=A0 =C2=A00x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x21, 0x30,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
-=C2=A0 =C2=A0 =C2=A0 =C2=A00x05, 0x00, 0x04, 0x14
-};
=C2=A0
=C2=A0/**
=C2=A0 * subtract_modulus() - subtract modulus from the given value
@@ -209,7 +163,8 @@ static int pow_mod(const struct rsa_public_key *key,
uint32_t *inout)
=C2=A0}
=C2=A0
=C2=A0static int rsa_verify_key(const struct rsa_public_key *key, const uin=
t8_t *sig,
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0const uint32_t sig_=
len, const uint8_t *hash)
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 const uint3=
2_t sig_len, const uint8_t *hash,
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 struct imag=
e_hash_algo *hash_algo)
=C2=A0{
=C2=A0 =C2=A0 =C2=A0 =C2=A0 const uint8_t *padding;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 int pad_len;
@@ -223,6 +178,8 @@ static int rsa_verify_key(const struct rsa_public_key *=
key,
const uint8_t *sig,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return -EINVAL;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 }
=C2=A0
+=C2=A0 =C2=A0 =C2=A0 =C2=A0debug("Hash-algorithm: %s", hash_algo->name);
+
=C2=A0 =C2=A0 =C2=A0 =C2=A0 /* Sanity check for stack size */
=C2=A0 =C2=A0 =C2=A0 =C2=A0 if (sig_len > RSA_MAX_SIG_BITS / 8) {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 debug("Signature le=
ngth %u exceeds maximum %d\n", sig_len,
@@ -239,8 +196,8 @@ static int rsa_verify_key(const struct rsa_public_key *=
key,
const uint8_t *sig,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return ret;
=C2=A0
=C2=A0 =C2=A0 =C2=A0 =C2=A0 /* Determine padding to use depending on the si=
gnature type. */
-=C2=A0 =C2=A0 =C2=A0 =C2=A0padding =3D padding_sha1_rsa2048;
-=C2=A0 =C2=A0 =C2=A0 =C2=A0pad_len =3D RSA2048_BYTES - SHA1_SUM_LEN;
+=C2=A0 =C2=A0 =C2=A0 =C2=A0padding =3D hash_algo->rsa_padding;
+=C2=A0 =C2=A0 =C2=A0 =C2=A0pad_len =3D RSA2048_BYTES - hash_algo->checksum=
_len;
=C2=A0
=C2=A0 =C2=A0 =C2=A0 =C2=A0 /* Check pkcs1.5 padding bytes. */
=C2=A0 =C2=A0 =C2=A0 =C2=A0 if (memcmp(buf, padding, pad_len)) {
@@ -309,7 +266,7 @@ static int rsa_verify_with_keynode(struct image_sign_in=
fo
*info,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 }
=C2=A0
=C2=A0 =C2=A0 =C2=A0 =C2=A0 debug("key length %d\n", key.len);
-=C2=A0 =C2=A0 =C2=A0 =C2=A0ret =3D rsa_verify_key(&key, sig, sig_len, hash=
);
+=C2=A0 =C2=A0 =C2=A0 =C2=A0ret =3D rsa_verify_key(&key, sig, sig_len, hash=
, info->algo->hash_algo);
=C2=A0 =C2=A0 =C2=A0 =C2=A0 if (ret) {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 printf("%s: RSA fai=
led to verify: %d\n", __func__, ret);
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return ret;
@@ -323,12 +280,21 @@ int rsa_verify(struct image_sign_info *info,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0uint8_t *sig, uint s=
ig_len)
=C2=A0{
=C2=A0 =C2=A0 =C2=A0 =C2=A0 const void *blob =3D info->fdt_blob;
-=C2=A0 =C2=A0 =C2=A0 =C2=A0uint8_t hash[SHA1_SUM_LEN];
+=C2=A0 =C2=A0 =C2=A0 =C2=A0/* Reserve memory for a maximum checksum-length=
 of 512 bytes */
+=C2=A0 =C2=A0 =C2=A0 =C2=A0uint8_t hash[MAXIMUM_CHECKSUM_LEN];
=C2=A0 =C2=A0 =C2=A0 =C2=A0 int ndepth, noffset;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 int sig_node, node;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 char name[100];
-=C2=A0 =C2=A0 =C2=A0 =C2=A0sha1_context ctx;
-=C2=A0 =C2=A0 =C2=A0 =C2=A0int ret, i;
+=C2=A0 =C2=A0 =C2=A0 =C2=A0int ret;
+
+=C2=A0 =C2=A0 =C2=A0 =C2=A0/* Verify that checksum-length is lower than MA=
XIMUM_CHECKSUM_LEN */
+=C2=A0 =C2=A0 =C2=A0 =C2=A0if (info->algo->hash_algo->checksum_len > MAXIM=
UM_CHECKSUM_LEN) {
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0debug("%s: invlaid =
checksum-length %s, a maximum \
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0of %d is currently set.\n",
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 __func__, info->algo->hash_algo->name,
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0MAXIMUM_CHECKSUM_LEN);
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return -EINVAL;
+=C2=A0 =C2=A0 =C2=A0 =C2=A0}
=C2=A0
=C2=A0 =C2=A0 =C2=A0 =C2=A0 sig_node =3D fdt_subnode_offset(blob, 0, FIT_SI=
G_NODENAME);
=C2=A0 =C2=A0 =C2=A0 =C2=A0 if (sig_node < 0) {
@@ -336,10 +302,8 @@ int rsa_verify(struct image_sign_info *info,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return -ENOENT;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 }
=C2=A0
-=C2=A0 =C2=A0 =C2=A0 =C2=A0sha1_starts(&ctx);
-=C2=A0 =C2=A0 =C2=A0 =C2=A0for (i =3D 0; i < region_count; i++)
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0sha1_update(&ctx, r=
egion[i].data, region[i].size);
-=C2=A0 =C2=A0 =C2=A0 =C2=A0sha1_finish(&ctx, hash);
+=C2=A0 =C2=A0 =C2=A0 =C2=A0/* Calculate checksum with checksum-algorithm *=
/
+=C2=A0 =C2=A0 =C2=A0 =C2=A0info->algo->hash_algo->calculate(region, region=
_count, hash);
=C2=A0
=C2=A0 =C2=A0 =C2=A0 =C2=A0 /* See if we must use a particular key */
=C2=A0 =C2=A0 =C2=A0 =C2=A0 if (info->required_keynode !=3D -1) {
diff --git a/test/vboot/sign-configs.its b/test/vboot/sign-configs.its
index db2ed79..5b315f3 100644
--- a/test/vboot/sign-configs.its
+++ b/test/vboot/sign-configs.its
@@ -36,7 +36,7 @@
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 kernel =3D "kernel at 1";
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 fdt =3D "fdt at 1";
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 signature at 1 {
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0algo =3D "sha1,rsa2048";
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0algo =3D "sha256,rsa2048";
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 key-name-hint =3D "dev";
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 sign-images =3D "fdt", "kernel";
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 };
diff --git a/test/vboot/sign-images.its b/test/vboot/sign-images.its
index f69326a..e2b0446 100644
--- a/test/vboot/sign-images.its
+++ b/test/vboot/sign-images.its
@@ -27,7 +27,7 @@
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 compression =3D "none";
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 fdt-version =3D <1>;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 signature at 1 {
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0algo =3D "sha1,rsa2048";
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0algo =3D "sha256,rsa2048";
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 key-name-hint =3D "dev";
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 };
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 };
--
1.7.10.4


More information about the U-Boot mailing list