[U-Boot] [PATCH] Implement generalised RSA public exponents for verified boot

: 3, 5, 17, 257, 39981, 50457, 65537 and 4294967297. Signed-off-by: Andrew Bott Signed-off-by: Andrew Wishart Signed-off-by: Neil Piercy Signed-off-by: Michael van der Westhuizen --- doc/uImage.FIT/signature.txt | 4 +- include/rsa.h| 1 + lib/rsa/rsa-sign.c | 56

Re: [U-Boot] [PATCH v2] Prevent a buffer overflow in mkimage when signing with SHA256

Hi Simon, That's very odd. I'll regenerate the patch and resend. I'm using git send-email, so things should not be getting mangled. Michael On 30 May 2014, at 8:42 PM, Simon Glass wrote: > Hi Michael, > > On 26 May 2014 07:09, Michael van der Westhuizen

Re: [U-Boot] [PATCH v2] Implement generalised RSA public exponents for verified boot

Hi Simon, Thanks for the feedback. I'll take care of the nits and look into removing some special casing. On 30 May 2014, at 9:04 PM, Simon Glass wrote: > Hi Michael, > >> >> /** >> + * num_pub_exponent_bits() - Number of bits in the public exponent >> + * >> + * @key: RSA key >> + *

Re: [U-Boot] [PATCH v2] Implement generalised RSA public exponents for verified boot

Hi Simon, On 30 May 2014, at 10:50 PM, Simon Glass wrote: > Hi Michael, > > On 30 May 2014 14:47, Michael van der Westhuizen > wrote: >> Hi Simon, >> >> Thanks for the feedback. >> >> I'll take care of the nits and look into removing some sp

Re: [U-Boot] [PATCH v2] Implement generalised RSA public exponents for verified boot

Hi Simon, On 30 May 2014, at 11:11 PM, Simon Glass wrote: >> This code compiles on the host, so unfortunately yes. That's the same >> reason I had to work around the lack of handy *_u64 fdt helpers when reading >> the public exponent. > > OK, although Linux might have replacements. But if not

[U-Boot] [PATCH] Prevent a stack overflow in fit_check_sign

It is trivial to crash fit_check_sign by invoking with an absolute path in a deeply nested directory. This is exposed by vboot_test.sh. Signed-off-by: Michael van der Westhuizen --- tools/fit_check_sign.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools

[U-Boot] [PATCH] Prevent a buffer overflow in mkimage when signing with SHA256

Due to the FIT_MAX_HASH_LEN constant not having been updated to support SHA256 signatures one will always see a buffer overflow in fit_image_process_hash when signing images that use this larger hash. This is exposed by vboot_test.sh. Signed-off-by: Michael van der Westhuizen --- include

[U-Boot] [PATCH v2] Prevent a buffer overflow in mkimage when signing with SHA256

Due to the FIT_MAX_HASH_LEN constant not having been updated to support SHA256 signatures one will always see a buffer overflow in fit_image_process_hash when signing images that use this larger hash. This is exposed by vboot_test.sh. Signed-off-by: Michael van der Westhuizen --- Changes in v2

Re: [U-Boot] Hi Simon, Problems about RSA public exponents for verified boot

Resurrecting this old thread… Jason, We’re presently getting CONFIG_OF_EMBED up on a 32 bit PPC target and hit a problem that made me think of this thread. What we’re seeing (in v2014.07) is that the FDT pointer is not necessarily aligned in the wrapper assembly file. We’ve worked around this

Re: [U-Boot] Hi Simon, Problems about RSA public exponents for verified boot

Hi All, Apologies for the delayed response, I’ve been on vacation. Since this was working for you (Duxiaoqiang) previously it suggests that you are using the default public exponent. If this is still the case you could, as a temporary workaround, remove the public exponent from your public key