diff options
author | Marc Kleine-Budde <mkl@pengutronix.de> | 2015-10-25 22:03:36 +0100 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2015-11-27 08:26:43 +0100 |
commit | 34cda8c23115b3ae3aeeeba7618d5d5654536494 (patch) | |
tree | 0891557d0c437a8de3af41dc3e8c7c0537a23b1a /common/Kconfig | |
parent | bf3cb63799f47697d460300c34e970589ea91671 (diff) | |
download | barebox-34cda8c23115b3ae3aeeeba7618d5d5654536494.tar.gz barebox-34cda8c23115b3ae3aeeeba7618d5d5654536494.tar.xz |
state: backend_raw: add hmac support
This patch adds hmac support to the raw backend.
With this patch, modifications of the header or data of a state partition can
be detected, as the hmac woudln't match anymore. The hmac relies on a shared
secret, which is requested from the keystore, with keystore_get_secret() using
the name of the state partition as the "name" of the secret.
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'common/Kconfig')
-rw-r--r-- | common/Kconfig | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/common/Kconfig b/common/Kconfig index 877d3855a2..8e7950968c 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -751,6 +751,24 @@ config STATE select OFTREE select PARAMETER +config STATE_CRYPTO + bool "HMAC based authentication support" + depends on STATE + select CRYPTO_KEYSTORE + select DIGEST + select DIGEST_HMAC_GENERIC + help + This options enables HMAC based authentication support for + the state's header and data. This means the state framework + can verify both the data integrity and the authentication of + the state's header and data. + + Don't forget to select a hash algorithm in the + crypto/digests menu. + + See Documentation/devicetree/bindings/barebox/barebox,state.rst + for more information. + config RESET_SOURCE bool "detect Reset cause" depends on GLOBALVAR |