| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
The majority of the stuff currently in include/boot.h is about bootm
code implemented common/bootm.c. To be more consistent move it to a
new file include/bootm.h.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
| |
The verify "available" mode checks whatever is available in the
booted image, so when an image has a signature, it is checked and
must be correct and when an image is hashed, it is also checked
for correctness.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
when fit is configured to force signed images then print an error
message when an unsigned image is opened to give the user a clue
what went wrong.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
| |
When fit is configured to check hashes print an error when an image
does not contain hashes instead of failing silently.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
This implementation is inspired by U-Boot's FIT support. Instead of
using libfdt (which does not exist in barebox), configuration signatures
are verified by using a simplified DT parser based on barebox's own
code.
Currently, only signed configurations with hashed images are supported,
as the other variants are less useful for verified boot. Compatible FIT
images can be created using U-Boot's mkimage tool.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|