From a739b59efe7996e3bdcbe8b17743dc05ac7c110a Mon Sep 17 00:00:00 2001 From: Sascha Hauer Date: Tue, 6 Aug 2019 12:49:28 +0200 Subject: mkfs.ubifs: Add authentication support This adds support for authenticated UBIFS images. In authenticated images all UBIFS nodes are hashed as described in the UBIFS authentication whitepaper. Additionally the superblock node contains a hash of the master node and itself is cryptographically signed in a node following the superblock node. The signature is in PKCS #7 CMS format. To generate an authenticated image these options are necessary: --hash-algo=NAME hash algorithm to use for signed images (Valid options include sha1, sha256, sha512) --auth-key=FILE filename or PKCS #11 uri containing the authentication key for signing --auth-cert=FILE Authentication certificate filename for signing. Unused when certificate is provided via PKCS #11 Signed-off-by: Sascha Hauer Signed-off-by: David Oberhollenzer --- ubifs-utils/Makemodule.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'ubifs-utils/Makemodule.am') diff --git a/ubifs-utils/Makemodule.am b/ubifs-utils/Makemodule.am index 164ce09..0c64445 100644 --- a/ubifs-utils/Makemodule.am +++ b/ubifs-utils/Makemodule.am @@ -19,7 +19,8 @@ mkfs_ubifs_SOURCES = \ if WITH_CRYPTO mkfs_ubifs_SOURCES += ubifs-utils/mkfs.ubifs/crypto.c \ - ubifs-utils/mkfs.ubifs/fscrypt.c + ubifs-utils/mkfs.ubifs/fscrypt.c \ + ubifs-utils/mkfs.ubifs/sign.c endif mkfs_ubifs_LDADD = libmtd.a libubi.a $(ZLIB_LIBS) $(LZO_LIBS) $(ZSTD_LIBS) $(UUID_LIBS) $(LIBSELINUX_LIBS) $(OPENSSL_LIBS) -lm -- cgit v1.2.3