]> git.sur5r.net Git - u-boot/commit
Implement generalised RSA public exponents for verified boot
authorMichael van der Westhuizen <michael@smart-africa.com>
Wed, 2 Jul 2014 08:17:26 +0000 (10:17 +0200)
committerTom Rini <trini@ti.com>
Sat, 9 Aug 2014 15:17:01 +0000 (11:17 -0400)
commite0f2f15534146729fdf2ce58b740121fd67eea1c
tree87cd55f630088b177050457ed0f3a3059997da17
parent53022c3113a6670d21f55262f511ae6a07bb3dc4
Implement generalised RSA public exponents for verified boot

Remove the verified boot limitation that only allows a single
RSA public exponent of 65537 (F4).  This change allows use with
existing PKI infrastructure and has been tested with HSM-based
PKI.

Change the configuration OF tree format to store the RSA public
exponent as a 64 bit integer and implement backward compatibility
for verified boot configuration trees without this extra field.

Parameterise vboot_test.sh to test different public exponents.

Mathematics and other hard work by Andrew Bott.

Tested with the following public exponents: 3, 5, 17, 257, 39981,
50457, 65537 and 4294967297.

Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com>
Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com>
Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com>
Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Cc: Simon Glass <sjg@chromium.org>
doc/uImage.FIT/signature.txt
include/u-boot/rsa.h
lib/rsa/rsa-sign.c
lib/rsa/rsa-verify.c
test/vboot/vboot_test.sh