to strings section
Cc: Peter Robinson
Cc: David Gibson
Signed-off-by: Teddy Reed
---
Note this file is not synchronized from upstream dtc when using
the scripts/dtc/update-dtc-source.sh script.
The file size of the ELF increases with sandbox_spl_defconfig.
$ bloaty spl/u-boot-spl -- spl/u-boot
is used for the offset.
Signed-off-by: Teddy Reed
---
common/image-sig.c | 7 +--
tools/image-host.c | 1 +
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/common/image-sig.c b/common/image-sig.c
index f65d883..ad571f9 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.
Suggested-by: Simon Glass
Signed-off-by: Teddy Reed
Reviewed-by: Simon
On Thu, Jun 7, 2018 at 4:28 PM, Simon Glass wrote:
> Hi Teddy,
>
> On 3 June 2018 at 10:46, Teddy Reed wrote:
>>
>> The hashed-strings signature property includes two uint32_t values.
>> The first is unneeded as there should never be a start offset into the
&g
On Thu, Jun 7, 2018 at 4:25 PM, Simon Glass wrote:
> Hi Teddy,
>
> On 3 June 2018 at 15:28, Teddy Reed wrote:
>> This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
>> max size of a FIT header's totalsize field. The max size is checked before
>> s
On Thu, Jun 7, 2018 at 3:45 PM, Sam Voss wrote:
> Teddy,
>
> On Thu, Jun 7, 2018 at 12:27 PM, Teddy Reed wrote:
>>
>> Hi all, question, is anyone using the U-Boot verified-boot in production?
>
> I have been digging into this lately as well, and actually noticed
Hi all, question, is anyone using the U-Boot verified-boot in production?
I am using configuration verification for several OpenCompute/OpenBMC
boards. After a deep-dive review I found some edge cases that in rare
circumstances could lead to a signature check bypass. I think this is
low-risk at
On Wed, Jun 6, 2018 at 4:35 AM, Jun Nie wrote:
> 2018-06-06 9:08 GMT+08:00 Teddy Reed :
>> When using verified-boot in the SPL, the FIT content must be
>> verified before it can be used.
>>
>> Currently the load_addr FIT property is read and used as input to
&g
When using verified-boot in the SPL, the FIT content must be
verified before it can be used.
Currently the load_addr FIT property is read and used as input to
memcpy before the property is verified.
Signed-off-by: Teddy Reed
---
common/spl/spl_fit.c | 19 ++-
1 file changed, 10
Ignore this patch (re: below Peter's comment).
On Mon, Jun 4, 2018 at 1:42 AM, Peter Robinson wrote:
> On Mon, Jun 4, 2018 at 1:22 AM, Teddy Reed wrote:
>> FDT property searching can overflow when comparing strings. This will
>> result in undefined behavior.
>>
FDT property searching can overflow when comparing strings. This will
result in undefined behavior.
This check assures that property name lengths do not overrun the string
region or the totalsize.
Signed-off-by: Teddy Reed
---
lib/libfdt/fdt_ro.c | 5 +
scripts/dtc/libfdt/fdt.c | 2
. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.
Suggested-by: Simon Glass
Signed-off-by: Teddy Reed
---
Kconfig
is used for the offset.
Signed-off-by: Teddy Reed
---
common/image-sig.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/common/image-sig.c b/common/image-sig.c
index f65d883..9b0a872 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -372,8 +372,7 @@ int
gt; [cid:image002.png@01D357D5.908FF380]<http://www.commscope.com/>
> Mark Nelson
> Principal Engineer
> CommScope
> 250 Apollo Drive, Suite 100
> Chelmsford, MA 01824
> Mobile: 352-444-0150
>
>
> ___
> U-Boot mailing list
> U-Boot@lists.denx.de
> https://lists.denx.de/listinfo/u-boot
>
--
Teddy Reed V
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
On 01/17/2017 09:49 PM, Luka Kovačič wrote:
That's great. I could help you to test it. Link-local and maybe
auto-configuration on the home router.
V tor., 17. jan. 2017 23:19 je oseba Chris Packham
> napisala:
On 18/01/2017 5:56
Signed-off-by: Teddy Reed <teddy.r...@gmail.com>
---
tools/mkimage.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/mkimage.c b/tools/mkimage.c
index ff3024a..0e501f8 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -225,6 +225,7 @@ static void process_args(int argc, char
eys -K sandbox-u-boot.dtb \
> - -r test.fit >${tmp}
> -
> - run_uboot "signed config" "dev+"
> -
> - echo check signed config on the host
> - if ! ${fit_check_sign} -f test.fit -k sandbox-u-boot.dtb >${tmp}; then
> - echo
> - echo "Verified boot key check on host failed, output follows:"
> - cat ${tmp}
> - false
> - else
> - if ! grep -q "dev+" ${tmp}; then
> - echo
> - echo "Verified boot key check failed, output follows:"
> - cat ${tmp}
> - false
> - else
> - echo "OK"
> - fi
> - fi
> -
> - run_uboot "signed config" "dev+"
> -
> - # Increment the first byte of the signature, which should cause
> failure
> - sig=$(fdtget -t bx test.fit /configurations/conf@1/signature@1 value)
> - newbyte=$(printf %x $((0x${sig:0:2} + 1)))
> - sig="${newbyte} ${sig:2}"
> - fdtput -t bx test.fit /configurations/conf@1/signature@1 value ${sig}
> -
> - run_uboot "signed config with bad hash" "Bad Data Hash"
> -}
> -
> -sha=sha1
> -do_test
> -sha=sha256
> -do_test
> -
> -popd >/dev/null
> -
> -echo
> -if ${ok}; then
> - echo "Test passed"
> -else
> - echo "Test failed"
> -fi
> --
> 2.8.0.rc3.226.g39d4020
>
> ___
> U-Boot mailing list
> U-Boot@lists.denx.de
> http://lists.denx.de/mailman/listinfo/u-boot
Thanks for this refactor! If the comments related to the sh to Python
are too nit-picky we can certainly change and expand the test harness
within additional patches later.
--
Teddy Reed V
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
org>
> Reported-by: Tom Van Deun <tom.vand...@wapice.com>
Reviewed-by: Teddy Reed <teddy.r...@gmail.com>
> ---
>
> tools/image-host.c | 14 --
> 1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/tools/image-host.c b/tools/image-host.c
> in
_xxx name in tests with
> @pytest.mark.buildconfigspec(), since at present it is not really clear that
> the options are related.
>
> Fixes: f1f9d4fa (hush: complete renaming CONFIG_SYS_HUSH_PARSER to
> CONFIG_HUSH_PARSER)
>
> Signed-off-by: Simon Glass <s...@chromium.org>
Hi Simon,
On Sun, Jul 3, 2016 at 8:40 AM, Simon Glass <s...@chromium.org> wrote:
> Some tests want to execute a sequence of commands. Add a helper for this.
>
> Signed-off-by: Simon Glass <s...@chromium.org>
Reviewed-by: Teddy Reed <teddy.r...@gmail.
Hi Simon,
On Sun, Jul 3, 2016 at 8:40 AM, Simon Glass <s...@chromium.org> wrote:
> It is useful to be able to obtain the output from a command. Return it from
> this function.
>
> Signed-off-by: Simon Glass <s...@chromium.org>
Reviewed-by: Teddy Reed <teddy.r...@gma
ot;""Find the running U-Boot's RAM location.
> --
> 2.8.0.rc3.226.g39d4020
>
> ___
> U-Boot mailing list
> U-Boot@lists.denx.de
> http://lists.denx.de/mailman/listinfo/u-boot
Let me know if my comments about output matching are too
EXCEPT(output = doAction())
EXPECT_EQUAL(2, output)
The test harness can provide much more succinct errors when these cases fail. :)
>
> Signed-off-by: Simon Glass <s...@chromium.org>
Reviewed-by: Teddy Reed <teddy.r...@gmail.com>
> ---
>
> test/py/multiplexed
Hi Simon,
On Sun, Jul 3, 2016 at 8:40 AM, Simon Glass <s...@chromium.org> wrote:
> Tests may want to look at the output from running a command. Return it so
> that this is possible.
>
> Signed-off-by: Simon Glass <s...@chromium.org>
Reviewed-by: Teddy Reed <teddy.r...@
t; Add a shell script to help. To run the tests, type:
>
>test/run
>
> in the U-Boot directory, which should be easy to remember.
>
> Signed-off-by: Simon Glass <s...@chromium.org>
Reviewed-by: Teddy Reed <teddy.r...@gmail.com>
> ---
>
> test/README | 11
-off-by: Simon Glass <s...@chromium.org>
Reviewed-by: Teddy Reed <teddy.r...@gmail.com>
> ---
>
> arch/sandbox/lib/bootm.c | 2 +-
> common/bootm_os.c| 1 +
> 2 files changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/sandbox/lib/bootm.c b/arch/sand
Hi Simon,
On Sun, Jul 3, 2016 at 8:40 AM, Simon Glass <s...@chromium.org> wrote:
> It is sometimes inconvenient to convert a string into a list for execution
> with run_and_log(). Provide a helper function to do this.
>
> Signed-off-by: Simon Glass <s...@chromium.org>
the device-tree file a config option so that it can be adjusted by
> tests. The default is to keep the current behaviour.
>
> Signed-off-by: Simon Glass <s...@chromium.org>
Reviewed-by: Teddy Reed <teddy.r...@gmail.com>
> ---
>
> test/py/conftest.py | 1
Hi Simon,
On Sun, Jul 3, 2016 at 8:40 AM, Simon Glass <s...@chromium.org> wrote:
> Add a few notes about how testing works in U-Boot.
>
> Signed-off-by: Simon Glass <s...@chromium.org>
Reviewed-by: Teddy Reed <teddy.r...@gmail.com>
Hi Simon,
On Sun, Jul 3, 2016 at 8:40 AM, Simon Glass <s...@chromium.org> wrote:
> The error code may provide useful information for debugging. Add it to the
> error string.
>
> Signed-off-by: Simon Glass <s...@chromium.org>
Reviewed-by: Teddy Reed <teddy.r...@g
.
It is considered an error if the requested absolute position overlaps with the
initial data required for the compact FIT.
Signed-off-by: Teddy Reed <teddy.r...@gmail.com>
---
Changes in v3:
- Improved documentation
Changes in v2:
- Add -p argument to mkimage.1
- Add -E, -p arguments to mkimage usage text
CONFIG_SPL_HASH_SUPPORT
CONFIG_SPL_SHA256
In this example, SHA256 is the only selected hashing algorithm.
And the following booleans:
CONFIG_SPL=y
CONFIG_SPL_DM=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_SPL_OF_LIBFDT=y
CONFIG_SPL_FIT_SIGNATURE=y
Signed-off-by: Teddy Reed <tedd
Thanks for the review Simon!
On Thu, Jun 9, 2016 at 6:03 PM, Simon Glass <s...@chromium.org> wrote:
> Hi Teddy,
>
> On 5 June 2016 at 15:18, Teddy Reed <teddy.r...@gmail.com> wrote:
>>
>> When building a FIT with external data (-E), an SPL may require abso
https://patchwork.ozlabs.org/patch/628987/
> [2] https://patchwork.ozlabs.org/patch/628971/
>
> Thanks and regards,
> Sumit
>
>> -Original Message-
>> From: Teddy Reed [mailto:teddy.r...@gmail.com]
>> Sent: Monday, June 06, 2016 2:58 AM
>> To: Sumit Garg
When building a FIT with external data (-E), an SPL may require absolute
positioning for executing the external firmware. To acheive this use the
(-p) switch, which will replace the amended 'data-offset' with 'data-position'
indicating the absolute position of external data.
It is considered an
On Wed, Jun 1, 2016 at 9:40 PM, Sumit Garg <sumit.g...@nxp.com> wrote:
>> -Original Message-----
>> From: Teddy Reed [mailto:teddy.r...@gmail.com]
>> Sent: Tuesday, May 31, 2016 2:23 AM
>> To: Sumit Garg <sumit.g...@nxp.com>
>> Cc: s...@chromium.or
in mainline too. And, in the near future a newer
AST2500 will come on online-- and would benefit from having the
AST2400 code to iterate upon. The AST2400 boards will remain in a
production capacity for next 3/4 years so we need both.
Thanks so much in advance!
-Teddy
--
Teddy Reed V
ation may be needed.
[1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html
>> -Original Message-
>> From: Teddy Reed [mailto:teddy.r...@gmail.com]
>> Sent: Sunday, May 29, 2016 7:28 AM
>> To: u-boot@lists.denx.de
>> Cc: s...@chromium.org; dannenb...
On Mon, 2 May 2016 16:29:12 -0600
Simon Glass <s...@chromium.org> wrote:
Hey Simon, sorry for the delayed response!
> Hi Teddy,
>
> On 2 May 2016 at 02:57, Teddy Reed <teddy.r...@gmail.com> wrote:
> > On Sun, May 1, 2016 at 11:56 AM, Simon Glass <s...@chro
CONFIG_SPL_HASH_SUPPORT
CONFIG_SPL_SHA256
In this example, SHA256 is the only selected hashing algorithm.
And the following booleans:
CONFIG_SPL=y
CONFIG_SPL_DM=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_SPL_OF_LIBFDT=y
CONFIG_SPL_FIT_SIGNATURE=y
Signed-off-by: Teddy Reed <tedd
/
> +#endif
> +
> uboot = (void *)CONFIG_SYS_NAND_U_BOOT_START;
> uboot();
> }
> diff --git a/include/fsl_validate.h b/include/fsl_validate.h
> index a71e1ce..7695b30 100644
> --- a/include/fsl_validate.h
> +++ b/include/fsl_validate.h
> @@ -254,4 +254
> On May 23, 2016, at 1:15 PM, Andreas Dannenberg <dannenb...@ti.com> wrote:
>
>> On Sun, May 08, 2016 at 06:13:50PM -0700, Teddy Reed wrote:
>>> On Sun, May 1, 2016 at 11:12 AM, Teddy Reed <teddy.r...@gmail.com> wrote:
>>> I've been using the following
On Sun, May 1, 2016 at 11:12 AM, Teddy Reed <teddy.r...@gmail.com> wrote:
> I've been using the following patch for my configurations, please excuse the
> top-posting. I think the only difference is enabling the uclass mod_exp
> driver to initialize without needing relocation.
&
On Mon, May 2, 2016 at 7:06 AM, Simon Glass <s...@chromium.org> wrote:
> Hi Teddy,
>
> On 29 April 2016 at 18:44, Teddy Reed <teddy.r...@gmail.com> wrote:
>> On Fri, Apr 29, 2016 at 4:09 PM, Simon Glass <s...@chromium.org> wrote:
>>> Hi Teddy,
>>>
On Sun, May 1, 2016 at 11:56 AM, Simon Glass <s...@chromium.org> wrote:
> Hi Teddy,
>
> On 27 April 2016 at 11:32, Teddy Reed <teddy.r...@gmail.com> wrote:
>> Hello all,
>>
>> I'm looking to support "multiple levels" of keys within u-boot's
>>
Hey Simon!
On Sun, May 1, 2016 at 12:32 PM, Simon Glass <s...@chromium.org> wrote:
> Hi Teddy,
>
> On 1 May 2016 at 11:10, Teddy Reed <teddy.r...@gmail.com> wrote:
>> When building a FIT with external data (-E), an SPL may require absolute
>> positioning fo
.
And the following booleans:
CONFIG_SPL=y
CONFIG_SPL_DM=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_SPL_OF_LIBFDT=y
CONFIG_SPL_FIT_SIGNATURE=y
Signed-off-by: Teddy Reed <teddy.r...@gmail.com>
---
Kconfig | 11 +++
common/Ma
a.
It is considered an error if the requested absolute position overlaps with the
initial data required for the compact FIT.
Signed-off-by: Teddy Reed <teddy.r...@gmail.com>
Cc: Simon Glass <s...@chromium.org>
---
tools/fit_image.c | 19 ++-
tools/imagetool.h | 1 +
too
On Fri, Apr 29, 2016 at 4:09 PM, Simon Glass <s...@chromium.org> wrote:
> Hi Teddy,
>
> On 25 April 2016 at 10:25, Teddy Reed <teddy.r...@gmail.com> wrote:
>> Hi all,
>>
>> I'm curious if anyone has a script (or if I've missed something within
>> the
s + hashes and
the on-line key-signed kernels/rootfs/configurations.
P.S. This may be strongly linked to the need for a TPM to prevent
rollbacks. But as far as I can tell, the two features are distinct and
a TPM is not completely required for a multi-level key approach to
signing FITs.
Thanks!
--
Te
the actual signing.
I'm happy to write something, just want to ask first!
Thanks!
--
Teddy Reed V
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
51 matches
Mail list logo