www.infradead.org Git - mtd-utils.git/commit

author	Sascha Hauer <s.hauer@pengutronix.de>
	Tue, 6 Aug 2019 10:49:28 +0000 (12:49 +0200)
committer	David Oberhollenzer <david.oberhollenzer@sigma-star.at>
	Mon, 19 Aug 2019 07:27:00 +0000 (09:27 +0200)
commit	a739b59efe7996e3bdcbe8b17743dc05ac7c110a
tree	863ad65c25a5bcb9be3e5a170465ddc384d7b87b	tree
parent	3ef262739a826deb27262929b88f36db6f923e7f	commit \| diff

mkfs.ubifs: Add authentication support

This adds support for authenticated UBIFS images. In authenticated
images all UBIFS nodes are hashed as described in the UBIFS
authentication whitepaper. Additionally the superblock node contains a
hash of the master node and itself is cryptographically signed in a node
following the superblock node. The signature is in PKCS #7 CMS format.

To generate an authenticated image these options are necessary:

--hash-algo=NAME     hash algorithm to use for signed images
                     (Valid options include sha1, sha256, sha512)
--auth-key=FILE      filename or PKCS #11 uri containing the authentication key
                     for signing
--auth-cert=FILE     Authentication certificate filename for signing. Unused
                     when certificate is provided via PKCS #11

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>

ubifs-utils/Makemodule.am		diff \| blob \| history
ubifs-utils/mkfs.ubifs/lpt.c		diff \| blob \| history
ubifs-utils/mkfs.ubifs/mkfs.ubifs.c		diff \| blob \| history
ubifs-utils/mkfs.ubifs/mkfs.ubifs.h		diff \| blob \| history
ubifs-utils/mkfs.ubifs/sign.c	[new file with mode: 0644]	blob
ubifs-utils/mkfs.ubifs/sign.h	[new file with mode: 0644]	blob
ubifs-utils/mkfs.ubifs/ubifs.h		diff \| blob \| history