Age | Commit message (Collapse) | Author | Files | Lines |
|
There's a bug in socsec that prevents the IBM's configuration from
successfully building an OTP image.
I have got the fix merged upstream:
https://github.com/AspeedTech-BMC/socsec/pull/18
However, Aspeed do not plan on doing a release until October:
> [ 17:51 ] arj: @Troy Lee any chance Neal can tag a new socsec release so we can bump it in OpenBMC and pick up some recent fixes?
> [ 18:25 ] Troy Lee: Current schedule is October.
https://discord.com/channels/775381525260664832/922871693008068638/1144547174286377062
For now, fix otptool using a recipe patch, in violation of the usual
guidelines.
I prefer we do this over switching to a "git" version for the recipe as
instability with these tools really cannot be tolerated.
Change-Id: I65b1992b5479ea257cfa65fd8b3cfc021b7d3dea
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
Change-Id: I95010b4925632b4384b90b2f113b9b826b5b63bd
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
This removes support for the v1 OTP format and introduces v2, which uses
SHA384 checksums.
Johnny Huang (6):
socsec: add ecdsa sign helper
otp_info: update ast10xx header
otp: update otptool to v2.0.0
Merge branch 'develop'
update test case for 2.0.0
otptool: fix checksum compare
Change-Id: I049bd34898be912043e010ef39ff05a888a365da
Signed-off-by: Joel Stanley <joel@jms.id.au>
|
|
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Change-Id: Iabba6e2d3f2c4e19af821b22164681f1d69a2501
|
|
With the latest yocto subtree update, this function has been moved into
the global python package.
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I60fd8a2160e45823065a9a28ae36af263baa15cb
|
|
1. To fix python modules not found such as bitarray at do_compile task
, adds "DEPEND" to install dependencies.
2. Create a socsec.inc to place the common settings.
3. Create a socsec_1.0.0.bb to build socsec tool v1.0.0.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Change-Id: I27a9216419555b58e7484e85506fa229f0e230b7
|
|
Andrew Jeffery (10):
resocsec: Style cleanup via autopep8
resocsec: Use env(1) for shebang
resocsec: Consistently use single-quotes for strings
resocsec: Make signing helper options mutually exclusive
resocsec: Add a helper for frobbing the RSA algorithm slug
resocsec: Attempt at ergonomic Chain-of-Trust options
resocsec: Rename secure-bootloader to secure-bootstrap-image
resocsec: Add secure-chained-images subcommand
resocsec: Add verify-secure-image subcommand
setup: Install resocsec
Johnny Huang (43):
Merge branch 'develop' into resocsec
Merge pull request #7 from amboar/resocsec
resocsec: fix typo
socsec: add support for ast2605
socsec: remove hexdump module dependcy
schema: update otp schema
otptool: fix making strap region
otptool: fix schema typo
readme: add descripton of verify
strap: fix "VGA class code" info
otptool: fix schema key
otptool: fix OTPCFG0[14] description for 2600A1
socsec: move hexdump to global
otptool: add 'print' function for otptool
socsec: fix public key exponent
otp_info: fix config typo
otptool: add AST2600A3 support
socsec: add rsa pss padding for AST1030A1
socsec: fix cot public key exponent
socsec: Add new test item
socsec: Add 2600A3 test item
Merge branch 'develop'
socsec: add mode2v2aes2 pub and priv test
socsec: add ecdsa mode for AST1030A1
socsec: Add ecdsa test item
otp_info: remove ast1030 from otp_info
otp_info: update schema
socsec: update revision id
otptool: update schema for manifest id config
socsec: fix revision id range.
socsec: fix f-strings giving SyntaxError
socsec: deprecate the CoT sing function
otptool: fix bitarray AttributeError
readme: update readme and fix typo
otp_info: update otp info
tool: add info2sample tool
otp_info: Add AST2600A3 otp config
otp_info: update and add OTPSTRAP Reserved info
otptool: fix otptool print
otptool: make image also generate OTPCFG1
tool: add script to generate otp config schema
setup: update version number
Merge branch 'develop'
Change-Id: Ie78aa2c0ddb18d823e1055a67c76967aa9762285
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I8135871ae0e3b360aff7d878f7cf04a2504f2dd0
|
|
socsec is required for securing firmware leveraging the hardware root of
trust in the AST2600.
Change-Id: I7f44609df1d303e8211eb9286442afdfcd77c4b8
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
5b6780e981 changed the u-boot+env size and thus the same fit image
address (512KiB) can be used on g6 as on the other aspeed SoCs.
Refresh the initial u-boot patch rather than a new one because the
original has not yet been accepted upstream.
(From meta-aspeed rev: 6aa4aaf66f96acaf84a6c434ddfb3e142c087bf4)
Change-Id: I5bcd6468f1578f7f820e3eeeec23d5b3756dca60
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Add a simple image-like recipe that concatenates uboot and the kernel
into a single image file, suitable for flashing and booting Aspeed
boards. There is no root filesystem beyond what is packaged with the
kernel.
(From meta-aspeed rev: 4fa991532b316daab71ba7b96f2ba099487b3f13)
Change-Id: I7a9c26423a0e1db7a4568d00cbabef7b9d22c75a
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
oe-core has these defaults:
KERNEL_IMAGETYPE: "zimage"
KERNEL_CLASSES: "kernel-uimage"
INITRAMFS_IMAGE: ""
INITRAMFS_FSTYPES: "cpio.gz"
Override those defaults with Aspeed specific defaults that are more
appropriate to the current state of typical usage (FIT) of Aspeed chips:
KERNEL_IMAGETYPE: "fitImage"
KERNEL_CLASSES: "kernel-fitimage"
INITRAMFS_IMAGE: "aspeed-image-initramfs"
INITRAMFS_FSTYPES: "cpio.xz"
By default use aspeed-image-initramfs in the FIT image.
aspeed-image-initramfs is just an alias to core-image-minimal. The
alias is required because vanilla core-image-minimal is not an initramfs
image recipe...in oe, in general, the usage of the image recipe
(initramfs or not) is baked into the recipe itself with a line like:
IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}"
The same behavior *could* be obtained with a bbappend but that then
prevents users from using the original image recipe as a real root
filesystem image in their setups.
Perhaps at a later time a replacement image with an Aspeed hardware
evaluation kit theme would be a more suitable default.
(From meta-aspeed rev: 7639df3650f6d91c9b533e0287142fdcfbc0b2ea)
Change-Id: I51def69bcfd786f4c8aad2ae68376da335aad039
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|