Google Git
Sign in
coral / tf-a-mtk / 6a415a508ea6acec321e4609d3f8e5c03ba67664
commit6a415a508ea6acec321e4609d3f8e5c03ba67664[log] [tgz]
authorJustin Chadwell <justin.chadwell@arm.com>Mon Sep 09 15:24:31 2019 +0100
committerJustin Chadwell <justin.chadwell@arm.com>Thu Sep 12 15:27:41 2019 +0100
tree611f85b28280488052a30368bc28bbd5b2198716
parentf29213d9e3c82f8b43e42023d5b39e097d86ff18 [diff]
Remove RSA PKCS#1 v1.5 support from cert_tool

Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed
in SHA fe199e3, however, cert_tool is still able to generate
certificates in that form. This patch fully removes the ability for
cert_tool to generate these certificates.

Additionally, this patch also fixes a bug where the issuing certificate
was a RSA and the issued certificate was EcDSA. In this case, the issued
certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
that PKCS#1 v1.5 support is removed, all certificates that are signed
with RSA now use the more modern padding scheme.

Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
7 files changed
tree: 611f85b28280488052a30368bc28bbd5b2198716
  1. bl1/
  2. bl2/
  3. bl2u/
  4. bl31/
  5. bl32/
  6. common/
  7. docs/
  8. drivers/
  9. fdts/
  10. include/
  11. lib/
  12. make_helpers/
  13. plat/
  14. services/
  15. tools/
  16. .checkpatch.conf
  17. .editorconfig
  18. .gitignore
  19. dco.txt
  20. license.rst
  21. Makefile
  22. readme.rst