preload_check_sign is added so that it can be used to authenticate images
signed with the pre-load signature supported by binman and U-Boot.
It could also be used to test the signature in binman tests signing
images with the pre-load.
Signed-off-by: Paul HENRYS
---
Changes for v2:
- Replace the
Use preload_check_sign to authenticate the generated image when testing the
preload signature in testPreLoad().
Signed-off-by: Paul HENRYS
---
tools/binman/ftest.py | 15 +++
1 file changed, 15 insertions(+)
diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index
Add an empty inline declaration when compiling tools for a host where
unmap_sysmem() is not defined.
Signed-off-by: Paul HENRYS
---
tools/mkimage.h | 4
1 file changed, 4 insertions(+)
diff --git a/tools/mkimage.h b/tools/mkimage.h
index 15741f250fd..5d6bcc9301a 100644
--- a/tools
pre-load related config options are enabled to have support of it in host
tools.
'CONFIG_FIT_SIGNATURE=y' is being automatically removed since it is
selected by CONFIG_IMAGE_PRE_LOAD_SIG.
Signed-off-by: Paul HENRYS
---
configs/tools-only_defconfig | 3 ++-
1 file changed, 2 insert
Signed-off-by: Paul HENRYS
---
boot/image-pre-load.c | 57 +--
1 file changed, 55 insertions(+), 2 deletions(-)
diff --git a/boot/image-pre-load.c b/boot/image-pre-load.c
index cc19017404c..adf3b341a20 100644
--- a/boot/image-pre-load.c
+++ b/boot/image
rsa_verify_openssl() is used in lib/rsa/rsa-verify.c to authenticate data
when building host tools.
Signed-off-by: Paul HENRYS
---
include/image.h | 18 ++
lib/rsa/rsa-verify.c | 5 ++
tools/image-host.c | 141 +++
3 files changed, 164
Hi Tom,
On 24/02/2025 17:31, Tom Rini wrote:
On Fri, Feb 21, 2025 at 11:38:18AM -0600, Tom Rini wrote:
On Wed, 12 Feb 2025 10:31:20 +0100, Paul HENRYS wrote:
This serie of patches adds a new tool to authenticate files signed
with a preload header.
This tool is also used in the tests to
Hi Simon,
On 15/02/2025 12:59, Simon Glass wrote:
Hi Paul,
On Thu, 21 Nov 2024 at 03:53, Paul HENRYS
wrote:
Hi Simon,
On 20/11/2024 14:35, Simon Glass wrote:
This Mail comes from Outside of SoftAtHome: Do not answer, click links or open
attachments unless you recognize the sender and know
preload_check_sign is added so that it can be used to authenticate images
signed with the pre-load signature supported by binman and U-Boot.
It could also be used to test the signature in binman tests signing
images with the pre-load.
Signed-off-by: Paul HENRYS
---
tools/.gitignore
Use preload_check_sign to authenticate the generated image when testing the
preload signature in testPreLoad().
Signed-off-by: Paul HENRYS
---
tools/binman/ftest.py | 15 +++
1 file changed, 15 insertions(+)
diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index
rsa_verify_openssl() is used in lib/rsa/rsa-verify.c to authenticate data
when building host tools.
Signed-off-by: Paul HENRYS
---
include/image.h | 18 ++
lib/rsa/rsa-verify.c | 5 ++
tools/image-host.c | 141 +++
3 files changed, 164
Signed-off-by: Paul HENRYS
---
boot/image-pre-load.c | 57 +--
1 file changed, 55 insertions(+), 2 deletions(-)
diff --git a/boot/image-pre-load.c b/boot/image-pre-load.c
index cc19017404c..adf3b341a20 100644
--- a/boot/image-pre-load.c
+++ b/boot/image
This serie of patches adds a new tool to authenticate files signed
with a preload header.
This tool is also used in the tests to actually verify the
authenticity of the file signed with such a preload header.
Paul HENRYS (6):
rsa: Add rsa_verify_openssl() to use openssl for host builds
image
pre-load related config options are enabled to have support of it in host
tools.
'CONFIG_FIT_SIGNATURE=y' is being automatically removed since it is
selected by CONFIG_IMAGE_PRE_LOAD_SIG.
Signed-off-by: Paul HENRYS
---
configs/tools-only_defconfig | 3 ++-
1 file changed, 2 insert
Add an empty inline declaration when compiling tools for a host where
unmap_sysmem() is not defined.
Signed-off-by: Paul HENRYS
---
tools/mkimage.h | 4
1 file changed, 4 insertions(+)
diff --git a/tools/mkimage.h b/tools/mkimage.h
index 15741f250fd..5d6bcc9301a 100644
--- a/tools
>
> HcmV?d1
>
>
> FYI, I also added the requested changes.
>
> Best regards,
> Paul
Best regards,
Paul
From: Tom Rini
Sent: Thursd
irectory in both the device tree
provided to binman and through '-I' option to binman.
Signed-off-by: Paul HENRYS
---
tools/binman/etype/fit.py | 2 ++
tools/binman/ftest.py | 5 -
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/tools/binman/etype/fit.py b/t
append_input_dirs() can be used to append a list of input directories to indir
global list.
Signed-off-by: Paul HENRYS
---
tools/u_boot_pylib/tools.py | 16
1 file changed, 16 insertions(+)
diff --git a/tools/u_boot_pylib/tools.py b/tools/u_boot_pylib/tools.py
index 187725b501
the existing list of input directories. The method avoids duplicates and the
method ReadNode() of the class Entry_fit calls tools.append_input_dirs() to add
the FDT directory to the list of input directories.
Paul HENRYS (2):
tools: u_boot_pylib: Allow to append input directories to indir
tools
ong binman include directories.
_get_priv_keys_dir() is renamed as _get_keys_dir() and adapted to support both
signing and encryption nodes in the FIT.
Signed-off-by: Paul HENRYS
---
Changes for v4:
- Add 'fit,encrypt' property to enable encryption in FIT
- Remove the previous implementati
When the initialisation vector is randomly generated, its value shall be
stored in the FIT together with the encrypted data. The changes allow to
store the IV in the FIT also in the case where the key is not stored in
the DTB but retrieved somewhere else at runtime.
Signed-off-by: Paul HENRYS
This change allows to replace both 'SEQ' and 'NAME' keywords by respectively a
sequence number and the name of the FDT to provide more flexibility in the node
name for the device trees included in the FIT.
Signed-off-by: Paul HENRYS
---
Changes for v2:
- Add a test
- Ad
Input directories can be passed to binman using the '-I' option and those
input directories are now also passed to 'dtc' when run by binman.
Signed-off-by: Paul HENRYS
---
Changes for v2:
- No change
tools/binman/control.py | 9 ++---
1 file changed, 6 insertions(+),
An optional list of input directories can be passed to EnsureCompiled() which
allows to pass a list of directories where input files can be searched.
Signed-off-by: Paul HENRYS
---
Changes for v2:
- Use 'None' instead of a list as a default argument for EnsureCompiled()
tools/dtoc/f
Test the property 'fit,encrypt' to encrypt FIT data.
Signed-off-by: Paul HENRYS
---
Changes for v4:
- Update the tests to use 'fit,encrypt'
tools/binman/ftest.py | 45 +++
tools/binman/test/343_fit_encrypt_data.dts| 53
Hi Simon,
On 20/11/2024 14:35, Simon Glass wrote:
This Mail comes from Outside of SoftAtHome: Do not answer, click links or open
attachments unless you recognize the sender and know the content is safe.
Hi Paul,
On Wed, 20 Nov 2024 at 03:40, Paul HENRYS
wrote:
This change allows to replace
Hi Simon,
On 20/11/2024 14:35, Simon Glass wrote:
This Mail comes from Outside of SoftAtHome: Do not answer, click links or open
attachments unless you recognize the sender and know the content is safe.
Hi Paul,
On Wed, 20 Nov 2024 at 03:09, Paul HENRYS
wrote:
mkimage can be used for both
The changes make it possible to pass binman input directories to dtoc.
This is useful when not running binman from the directory where the device trees
are located.
Paul HENRYS (2):
tools: dtoc: Allow passing optional input directories
tools: binman: Pass a list of input directory to
This change allows to replace both 'SEQ' and 'NAME' keywords by respectively a
sequence number and the name of the FDT to provide more flexibility in the node
name for the device trees included in the FIT.
Signed-off-by: Paul HENRYS
---
tools/binman/etype/fit.py | 1
r the inconvenience.
Best regards,
Paul HENRYS
PGP fingerprint: 1C45 321A 7830 4DCD 8453 2CE4 DF32 6222 6747 82F7
PGP key: https://pgp.mit.edu/pks/lookup?op=get&search=0xDF326222674782F7
Le mer. 20 nov. 2024 à 11:39, Paul HENRYS
a écrit :
> Support of legacy 64-bit entry point was already present
Support of legacy 64-bit entry point was already present when booting a bzimage
with 'zboot' but not supported with 'bootm' when the x86_64 Linux kernel is
embedded in a FIT image.
Signed-off-by: Paul HENRYS
---
arch/x86/lib/bootm.c | 6 ++
arch/x86/lib/zimage.c | 1 -
An optional list of input directories can be passed to EnsureCompiled() which
allows to pass a list of directories where input files can be searched.
Signed-off-by: Paul HENRYS
---
tools/dtoc/fdt_util.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tools/dtoc
Input directories can be passed to binman using the '-I' option and those
input directories are now also passed to 'dtc' when run by binman.
Signed-off-by: Paul HENRYS
---
tools/binman/control.py | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff
des in the FIT.
Signed-off-by: Paul HENRYS
---
Changes for v3:
- Adapt the code after changes made in commit 133c000ca334
- Rename property 'fit,sign' as 'fit,keys-directory' since this is not only
about signing but passing a key directory to mkimage for both signing and
Test the property 'fit,keys-directory' which, when a cipher node is
present, encrypts the data stored in the FIT.
Signed-off-by: Paul HENRYS
---
Changes for v3:
- Write out IV in full for clarity as requested
- Do not replace the null byte but use fdt_util.GetString() instead
-
When the initialisation vector is randomly generated, its value shall be
stored in the FIT together with the encrypted data. The changes allow to
store the IV in the FIT also in the case where the key is not stored in
the DTB but retrieved somewhere else at runtime.
Signed-off-by: Paul HENRYS
s256.bin b/tools/binman/test/aes256.bin
new file mode 100644
index
..09b8bf6254ada5c084039f32916bc7d30233bb2c
GIT binary patch
literal 32
ncmXpsGBz
Sent: Monday, 1 July 2024 15:57
To: U-Boot Mailing List
Cc: Paul HENRYS (EXT)
Subject: Re: Allow encrypting d
Test the property 'fit,keys-directory' which, when a cipher node is
present, encrypts the data stored in the FIT.
Signed-off-by: Paul HENRYS
---
tools/binman/ftest.py | 39 +
tools/binman/test/326_fit_encrypt_data.dts| 53 ++
The property 'fit,keys-directory' can be added to the configuration file
passed to binman to specify a directory where keys are stored and can be
used by mkimage to sign and cipher data.
Signed-off-by: Paul HENRYS
---
tools/binman/btool/mkimage.py | 5 -
tools/binman/entries.rs
When the initialisation vector is randomly generated, its value shall be
stored in the FIT together with the encrypted data. The changes allow to
store the IV in the FIT also in the case where the key is not stored in
the DTB but retrieved somewhere else at runtime.
Signed-off-by: Paul HENRYS
The property 'fit,keys-directory' can be added to the configuration file
passed to binman to specify a directory where keys are stored and can be
used by mkimage to sign and cipher data.
Signed-off-by: Paul HENRYS
---
tools/binman/btool/mkimage.py | 5 -
tools/binman/etype/fit.
Test the property 'fit,keys-directory' which, when a cipher node is
present, encrypts the data stored in the FIT.
Signed-off-by: Paul HENRYS
---
tools/binman/ftest.py | 39 +
tools/binman/test/326_fit_encrypt_data.dts| 53 ++
When the initialisation vector is randomly generated, its value shall be
stored in the FIT together with the encrypted data. The changes allow to
store the IV in the FIT also in the case where the key is not stored in
the DTB but retrieved somewhere else at runtime.
Signed-off-by: Paul HENRYS
The first patch 0001 is required for patch 0002 as random IV are
currently only added to the FIT if the encryption key is also added to
the DTB. Patch 0002 then allows to use binman to encrypt data in the FIT
generated when mkimage is called by binman, when cipher information are
provided.
Paul
s affecting the
brightness are correctly initialized and should give a consistent
behaviour.
Signed-off-by: Paul HENRYS
---
Changes for v2:
- Move the call to led_set_brightness() in bcm6858_led_probe().
The brighness is now only set once in the probing function.
- Retrieve brightness se
is initialized at an earlier
boot stage, the brightness setting is not overwritten.
Thx in advance for your feedback.
Paul HENRYS
Le mer. 2 mars 2022 à 16:43, Paul HENRYS
a écrit :
>
> When setting the LED state (OFF, ON or blinking), the default
> maximum brightness is set for ON and blink
stent
behaviour.
Signed-off-by: Paul HENRYS
---
drivers/led/led_bcm6858.c | 26 ++
1 file changed, 26 insertions(+)
diff --git a/drivers/led/led_bcm6858.c b/drivers/led/led_bcm6858.c
index fbf46a114c..02a8308611 100644
--- a/drivers/led/led_bcm6858.c
+++ b/drivers/led/led_bcm6
47 matches
Mail list logo
