Commit Graph

59 Commits

Author SHA1 Message Date
David Brown 27648b8344 Renumber the TLV type values
In preparation for moving the signature related values out of the main
image header and into the TLV, renumber the existing TLV values to be
grouped together better.

The SHA256 is moved into the first group, at 0x10, and the signature
values themselves are moved to start with 0x20.

This change is the first in a series of changes toward the new v1.0
image format.  The intermediate results are all internally consistent
(meaning that the simulator, and the builtin imgtool.py will all work
together), but until all patches are applied, the image format is not
valid with any external tools.

Based on work by Marko Kiiskila <marko@runtime.io>.

Signed-off-by: Marko Kiiskila <marko@runtime.io>
Signed-off-by: David Brown <david.brown@linaro.org>
2017-09-06 16:16:58 -06:00
David Brown 8ae61c05a5 imgtool.py: Fix some errors in ecdsa key generation
There are two easy to fix problems with the ecdsa key generation code.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-28 12:29:28 -06:00
Fabio Utzig e08f087ee5 Update imgtool to write trailer in new format
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-07-06 10:03:55 -06:00
David Brown 85d879f195 Merge pull request #60 from d3zd3z/pr/py-header
Make header padding optional
2017-06-13 15:59:27 -04:00
David Brown 2c21f7101b imgtool: Make "included header" optional
The imgtool.py program has been assuming that the input image for
signing has a zero padded place for the header at the beginning of the
image.  This is only true for some platforms.

Instead, make this included header space optional.  By default, prepend
the header to the image.  If `--included-header` is specified to the
sign command, consider the bytes at the beginning of the image to be
padded space for the header.  This option is required for Zephyr builds.
2017-06-13 15:54:45 -04:00
David Brown 0f0c6a808d imgtool: Allow --key to be optional when signing
If the --key is not specified, only the SHA256 hash is added to the TLV.
This is useful for testing configurations, where the crypto has not been
fully configured.  Note that this configuration is not secure, and this
only verifies that the image has not been corrupted.
2017-06-13 15:45:06 -04:00
David Brown efb871f4b2 imgtool: Better version parsing
When parsing versions for the --version argument, allow a field to be
zero.  Also, restrict the build to just an integer to match what we
allow (rather than allow alphabetic, and then failing to parse as an
integer).

In addition, add the missing import of argparse, so that when the
version is invalid, we get nice usage rather than an error about a
missing module.

Jira: MCUB-58
2017-06-08 09:43:55 -06:00
David Brown 07916c3155 imgtool.py: Support PKCS#1.5 v2.1 RSA-PSS
Add support for the RSA-PSS signature algorithm to imgtool.py.  This
algorithm has a strong security proof, and is recommended for all new
designs.  The new algorithm is enabled by default for RSA signatures to
match the default in the bootloader also being changed.
2017-06-07 09:19:21 -06:00
David Brown 23f91ad152 scripts: Initial version of Python imgtool
This is the start of a python implementation of imgtool.  This
implements all of the functionality that was missing in the zep2newt.py
tool, namely creation of keypairs, and converting the public version of
these keys into C code.
2017-06-07 09:19:21 -06:00