Re: [PATCH 3/3] mkfs.ubifs: Add authentication support

Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> · Tue, 14 May 2019 10:36:45 +0200

On Mon, Apr 01, 2019 at 04:35:11PM +0200, Sascha Hauer wrote:
> This adds support for authenticated UBIFS images. In authenticated
> images all UBIFS nodes are hashed as described in the UBIFS
> authentication whitepaper. Additionally the superblock node contains
> a hash of the master node and itself is digitally signed in a node
> following the superblock node.
> 
> To generate an authenticated image these options are necessary:
> 
> --hash-algo:	The algorithm used for hashing nodes. Valid options
> 		contain sha1, sha256, sha512
> --auth-key:	The private key used for signing
> --x509:		The x509 certificate to use
> 
> Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
> ---
> diff --git a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
> index e0c42f3..ebc025e 100644
> --- a/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
> +++ b/ubifs-utils/mkfs.ubifs/mkfs.ubifs.c
> @@ -188,6 +196,9 @@ static const struct option longopts[] = {
>  	{"key-descriptor",     1, NULL, 'b'},
>  	{"padding",            1, NULL, 'P'},
>  	{"cipher",             1, NULL, 'C'},
> +	{"hash-algo",          1, NULL, 0},
> +	{"auth-key",           1, NULL, 0},
> +	{"x509",               1, NULL, 0},

Should be:

> +     {"hash-algo",          1, NULL, HASH_ALGO_OPTION},
> +     {"auth-key",           1, NULL, AUTH_KEY_OPTION},
> +     {"x509",               1, NULL, X509_OPTION},

Sascha

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/