doc: Replace examples of MD5 and SHA1 with SHA256
Both SHA1 and (especially) MD5 are no longer as safe as they once were for
cryptographic use. Replaces examples which use them with examples using
SHA256 instead. This will provide more-secure defaults for users who use
documentation examples as a base for their own use. This is not too
necessary for non-verified-boot scenarios (since someone could just replace
the checksum), but I wanted to be complete.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Peter Robinson <pbrobinson@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
diff --git a/doc/usage/fit/beaglebone_vboot.rst b/doc/usage/fit/beaglebone_vboot.rst
index a102be1..cd6bb14 100644
--- a/doc/usage/fit/beaglebone_vboot.rst
+++ b/doc/usage/fit/beaglebone_vboot.rst
@@ -145,7 +145,7 @@
load = <0x80008000>;
entry = <0x80008000>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
fdt-1 {
@@ -155,7 +155,7 @@
arch = "arm";
compression = "none";
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
};
@@ -165,7 +165,7 @@
kernel = "kernel";
fdt = "fdt-1";
signature-1 {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
key-name-hint = "dev";
sign-images = "fdt", "kernel";
};
@@ -227,8 +227,8 @@
OS: Linux
Load Address: 0x80008000
Entry Point: 0x80008000
- Hash algo: sha1
- Hash value: c94364646427e10f423837e559898ef02c97b988
+ Hash algo: sha256
+ Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1
Image 1 (fdt-1)
Description: beaglebone-black
Created: Sun Jun 1 12:50:30 2014
@@ -236,8 +236,8 @@
Compression: uncompressed
Data Size: 31547 Bytes = 30.81 kB = 0.03 MB
Architecture: ARM
- Hash algo: sha1
- Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d
+ Hash algo: sha256
+ Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd
Default Configuration: 'conf-1'
Configuration 0 (conf-1)
Description: unavailable
@@ -255,11 +255,11 @@
which results in::
- Verifying Hash Integrity ... sha1,rsa2048:dev+
+ Verifying Hash Integrity ... sha256,rsa2048:dev+
## Loading kernel from FIT Image at 7fc6ee469000 ...
Using 'conf-1' configuration
Verifying Hash Integrity ...
- sha1,rsa2048:dev+
+ sha256,rsa2048:dev+
OK
Trying 'kernel' kernel subimage
@@ -272,10 +272,10 @@
OS: Linux
Load Address: 0x80008000
Entry Point: 0x80008000
- Hash algo: sha1
- Hash value: c94364646427e10f423837e559898ef02c97b988
+ Hash algo: sha256
+ Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1
Verifying Hash Integrity ...
- sha1+
+ sha256+
OK
Unimplemented compression type 4
@@ -288,10 +288,10 @@
Compression: uncompressed
Data Size: 31547 Bytes = 30.81 kB = 0.03 MB
Architecture: ARM
- Hash algo: sha1
- Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d
+ Hash algo: sha256
+ Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd
Verifying Hash Integrity ...
- sha1+
+ sha256+
OK
Loading Flat Device Tree ... OK
@@ -303,14 +303,14 @@
Signature check OK
-At the top, you see "sha1,rsa2048:dev+". This means that it checked an RSA key
-of size 2048 bits using SHA1 as the hash algorithm. The key name checked was
+At the top, you see "sha256,rsa2048:dev+". This means that it checked an RSA key
+of size 2048 bits using SHA256 as the hash algorithm. The key name checked was
'dev' and the '+' means that it verified. If it showed '-' that would be bad.
Once the configuration is verified it is then possible to rely on the hashes
in each image referenced by that configuration. So fit_check_sign goes on to
load each of the images. We have a kernel and an FDT but no ramkdisk. In each
-case fit_check_sign checks the hash and prints sha1+ meaning that the SHA1
+case fit_check_sign checks the hash and prints sha256+ meaning that the SHA256
hash verified. This means that none of the images has been tampered with.
There is a test in test/vboot which uses U-Boot's sandbox build to verify that
@@ -328,11 +328,11 @@
and extends for about 7MB. Try changing a byte at 0x2000 (say) and run
fit_check_sign again. You should see something like::
- Verifying Hash Integrity ... sha1,rsa2048:dev+
+ Verifying Hash Integrity ... sha256,rsa2048:dev+
## Loading kernel from FIT Image at 7f5a39571000 ...
Using 'conf-1' configuration
Verifying Hash Integrity ...
- sha1,rsa2048:dev+
+ sha256,rsa2048:dev+
OK
Trying 'kernel' kernel subimage
@@ -345,10 +345,10 @@
OS: Linux
Load Address: 0x80008000
Entry Point: 0x80008000
- Hash algo: sha1
- Hash value: c94364646427e10f423837e559898ef02c97b988
+ Hash algo: sha256
+ Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1
Verifying Hash Integrity ...
- sha1 error
+ sha256 error
Bad hash value for 'hash-1' hash node in 'kernel' image node
Bad Data Hash
@@ -361,10 +361,10 @@
Compression: uncompressed
Data Size: 31547 Bytes = 30.81 kB = 0.03 MB
Architecture: ARM
- Hash algo: sha1
- Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d
+ Hash algo: sha256
+ Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd
Verifying Hash Integrity ...
- sha1+
+ sha256+
OK
Loading Flat Device Tree ... OK
@@ -419,13 +419,13 @@
the hash::
fdtget -tx image.fit /images/kernel/hash-1 value
- c9436464 6427e10f 423837e5 59898ef0 2c97b988
- fdtput -tx image.fit /images/kernel/hash-1 value c9436464 6427e10f 423837e5 59898ef0 2c97b981
+ 51b2adf9 c1016ed4 6f424d85 dcc6c34c 46a20b9b ee7227e0 6a6b6320 ca5d35c1
+ fdtput -tx image.fit /images/kernel/hash-1 value 51b2adf9 c1016ed4 6f424d85 dcc6c34c 46a20b9b ee7227e0 6a6b6320 ca5d35c8
Now check it again::
$UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb
- Verifying Hash Integrity ... sha1,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
+ Verifying Hash Integrity ... sha256,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
rsa_verify_with_keynode: RSA failed to verify: -13
-
Failed to verify required signature 'key-dev'
@@ -446,7 +446,7 @@
fdtput -p image.fit /configurations/conf-1/signature-1 value fred
$UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb
Verifying Hash Integrity ... -
- sha1,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
+ sha256,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
rsa_verify_with_keynode: RSA failed to verify: -13
-
Failed to verify required signature 'key-dev'
@@ -528,7 +528,7 @@
U-Boot# bootm 82000000
## Loading kernel from FIT Image at 82000000 ...
Using 'conf-1' configuration
- Verifying Hash Integrity ... sha1,rsa2048:dev+ OK
+ Verifying Hash Integrity ... sha256,rsa2048:dev+ OK
Trying 'kernel' kernel subimage
Description: unavailable
Created: 2014-06-01 19:32:54 UTC
@@ -540,9 +540,9 @@
OS: Linux
Load Address: 0x80008000
Entry Point: 0x80008000
- Hash algo: sha1
- Hash value: c94364646427e10f423837e559898ef02c97b988
- Verifying Hash Integrity ... sha1+ OK
+ Hash algo: sha256
+ Hash value: 51b2adf9c1016ed46f424d85dcc6c34c46a20b9bee7227e06a6b6320ca5d35c1
+ Verifying Hash Integrity ... sha256+ OK
## Loading fdt from FIT Image at 82000000 ...
Using 'conf-1' configuration
Trying 'fdt-1' fdt subimage
@@ -553,9 +553,9 @@
Data Start: 0x8276e2ec
Data Size: 31547 Bytes = 30.8 KiB
Architecture: ARM
- Hash algo: sha1
- Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d
- Verifying Hash Integrity ... sha1+ OK
+ Hash algo: sha256
+ Hash value: 807d5842a04132261ba092373bd40c78991bc7ce173d1175cd976ec37858e7cd
+ Verifying Hash Integrity ... sha256+ OK
Booting using the fdt blob at 0x8276e2ec
Uncompressing Kernel Image ... OK
Loading Device Tree to 8fff5000, end 8ffffb3a ... OK
diff --git a/doc/usage/fit/howto.rst b/doc/usage/fit/howto.rst
index def12a7..b5097d4 100644
--- a/doc/usage/fit/howto.rst
+++ b/doc/usage/fit/howto.rst
@@ -8,7 +8,7 @@
The new uImage format allows more flexibility in handling images of various
types (kernel, ramdisk, etc.), it also enhances integrity protection of images
-with sha1 and md5 checksums.
+with cryptographic checksums.
Two auxiliary tools are needed on the development host system in order to
create an uImage in the new format: mkimage and dtc, although only one
@@ -99,7 +99,7 @@
load = <0x8 0x8000000>;
entry = <0x8 0x8000000>;
hash {
- algo = "md5";
+ algo = "sha256";
};
};
atf {
@@ -112,7 +112,7 @@
load = <0xfffea000>;
entry = <0xfffea000>;
hash {
- algo = "md5";
+ algo = "sha256";
};
};
fdt_1 {
@@ -123,7 +123,7 @@
compression = "none";
load = <0x100000>;
hash {
- algo = "md5";
+ algo = "sha256";
};
};
};
@@ -190,8 +190,8 @@
Entry Point: 0x00000000
Hash algo: crc32
Hash value: 2ae2bb40
- Hash algo: sha1
- Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4
+ Hash algo: sha256
+ Hash value: c22f6bb5a3f96942507a37e7d6a9333ebdc7da57971bc4c082113fe082fdc40f
Default Configuration: 'config-1'
Configuration 0 (config-1)
Description: Boot Linux kernel
@@ -236,8 +236,8 @@
Entry Point: 0x00000000
Hash algo: crc32
Hash value: 2ae2bb40
- Hash algo: sha1
- Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4
+ Hash algo: sha256
+ Hash value: c22f6bb5a3f96942507a37e7d6a9333ebdc7da57971bc4c082113fe082fdc40f
Default Configuration: 'config-1'
Configuration 0 (config-1)
Description: Boot Linux kernel
@@ -258,8 +258,8 @@
Entry Point: 0x00000000
Hash algo: crc32
Hash value: 2ae2bb40
- Hash algo: sha1
- Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4
+ Hash algo: sha256
+ Hash value: c22f6bb5a3f96942507a37e7d6a9333ebdc7da57971bc4c082113fe082fdc40f
Verifying Hash Integrity ... crc32+ sha1+ OK
Uncompressing Kernel Image ... OK
Memory BAT mapping: BAT2=256Mb, BAT3=0Mb, residual: 0Mb
@@ -302,8 +302,8 @@
Entry Point: 0x00000000
Hash algo: crc32
Hash value: 2c0cc807
- Hash algo: sha1
- Hash value: 264b59935470e42c418744f83935d44cdf59a3bb
+ Hash algo: sha256
+ Hash value: a3e9e18b793873827d27c97edfbca67c404a1972d9f36cf48e73ff85d69a422c
Image 1 (fdt-1)
Description: Flattened Device Tree blob
Type: Flat Device Tree
@@ -312,8 +312,8 @@
Architecture: PowerPC
Hash algo: crc32
Hash value: 0d655d71
- Hash algo: sha1
- Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def
+ Hash algo: sha256
+ Hash value: e9b9a40c5e2e12213ac819e7ccad7271ef43eb5edf9b421f0fa0b4b51bfdb214
Default Configuration: 'conf-1'
Configuration 0 (conf-1)
Description: Boot Linux kernel with FDT blob
@@ -353,8 +353,8 @@
Entry Point: 0x00000000
Hash algo: crc32
Hash value: 2c0cc807
- Hash algo: sha1
- Hash value: 264b59935470e42c418744f83935d44cdf59a3bb
+ Hash algo: sha256
+ Hash value: a3e9e18b793873827d27c97edfbca67c404a1972d9f36cf48e73ff85d69a422c
Image 1 (fdt-1)
Description: Flattened Device Tree blob
Type: Flat Device Tree
@@ -364,8 +364,8 @@
Architecture: PowerPC
Hash algo: crc32
Hash value: 0d655d71
- Hash algo: sha1
- Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def
+ Hash algo: sha256
+ Hash value: e9b9a40c5e2e12213ac819e7ccad7271ef43eb5edf9b421f0fa0b4b51bfdb214
Default Configuration: 'conf-1'
Configuration 0 (conf-1)
Description: Boot Linux kernel with FDT blob
@@ -387,7 +387,7 @@
Hash algo: crc32
Hash value: 2c0cc807
Hash algo: sha1
- Hash value: 264b59935470e42c418744f83935d44cdf59a3bb
+ Hash value: a3e9e18b793873827d27c97edfbca67c404a1972d9f36cf48e73ff85d69a422c
Verifying Hash Integrity ... crc32+ sha1+ OK
Uncompressing Kernel Image ... OK
## Flattened Device Tree from FIT Image at 00900000
@@ -402,7 +402,7 @@
Hash algo: crc32
Hash value: 0d655d71
Hash algo: sha1
- Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def
+ Hash value: e9b9a40c5e2e12213ac819e7ccad7271ef43eb5edf9b421f0fa0b4b51bfdb214
Verifying Hash Integrity ... crc32+ sha1+ OK
Booting using the fdt blob at 0xa0abdc
Loading Device Tree to 007fc000, end 007fffff ... OK
diff --git a/doc/usage/fit/kernel.rst b/doc/usage/fit/kernel.rst
index 012a81e..e560179 100644
--- a/doc/usage/fit/kernel.rst
+++ b/doc/usage/fit/kernel.rst
@@ -25,7 +25,7 @@
algo = "crc32";
};
hash-2 {
- algo = "sha1";
+ algo = "sha256";
};
};
};
@@ -59,7 +59,7 @@
load = <0x01000000>;
entry = <0x00000000>;
hash-2 {
- algo = "sha1";
+ algo = "sha256";
};
};
@@ -73,7 +73,7 @@
load = <0x00090000>;
entry = <0x00090000>;
hash-2 {
- algo = "sha1";
+ algo = "sha256";
};
};
};
diff --git a/doc/usage/fit/kernel_fdt.rst b/doc/usage/fit/kernel_fdt.rst
index 8eee13a..9cc26fb 100644
--- a/doc/usage/fit/kernel_fdt.rst
+++ b/doc/usage/fit/kernel_fdt.rst
@@ -25,7 +25,7 @@
algo = "crc32";
};
hash-2 {
- algo = "sha1";
+ algo = "sha256";
};
};
fdt-1 {
@@ -38,7 +38,7 @@
algo = "crc32";
};
hash-2 {
- algo = "sha1";
+ algo = "sha256";
};
};
};
diff --git a/doc/usage/fit/kernel_fdts_compressed.rst b/doc/usage/fit/kernel_fdts_compressed.rst
index 0b169c7..b57871d 100644
--- a/doc/usage/fit/kernel_fdts_compressed.rst
+++ b/doc/usage/fit/kernel_fdts_compressed.rst
@@ -28,7 +28,7 @@
algo = "crc32";
};
hash-2 {
- algo = "sha1";
+ algo = "sha256";
};
};
fdt@1 {
@@ -41,7 +41,7 @@
algo = "crc32";
};
hash-2 {
- algo = "sha1";
+ algo = "sha256";
};
};
fdt@2 {
@@ -54,7 +54,7 @@
algo = "crc32";
};
hash-2 {
- algo = "sha1";
+ algo = "sha256";
};
};
};
diff --git a/doc/usage/fit/multi-with-fpga.rst b/doc/usage/fit/multi-with-fpga.rst
index 28d7d5d..4c7f1be 100644
--- a/doc/usage/fit/multi-with-fpga.rst
+++ b/doc/usage/fit/multi-with-fpga.rst
@@ -20,7 +20,7 @@
compression = "none";
load = <0x10000000>;
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
};
@@ -33,7 +33,7 @@
load = <0x30000000>;
compatible = "u-boot,fpga-legacy"
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
};
@@ -47,7 +47,7 @@
load = <0x8000>;
entry = <0x8000>;
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
};
};
diff --git a/doc/usage/fit/multi-with-loadables.rst b/doc/usage/fit/multi-with-loadables.rst
index a0241df..7849cb5 100644
--- a/doc/usage/fit/multi-with-loadables.rst
+++ b/doc/usage/fit/multi-with-loadables.rst
@@ -22,7 +22,7 @@
load = <0xa0000000>;
entry = <0xa0000000>;
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
};
@@ -34,7 +34,7 @@
compression = "none";
load = <0xb0000000>;
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
};
@@ -46,7 +46,7 @@
compression = "none";
load = <0xb0400000>;
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
};
@@ -60,7 +60,7 @@
load = <0xa0000000>;
entry = <0xa0000000>;
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
};
};
diff --git a/doc/usage/fit/multi.rst b/doc/usage/fit/multi.rst
index 2e6ae58..e68752b 100644
--- a/doc/usage/fit/multi.rst
+++ b/doc/usage/fit/multi.rst
@@ -22,10 +22,10 @@
load = <00000000>;
entry = <00000000>;
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
hash-2 {
- algo = "sha1";
+ algo = "sha512";
};
};
@@ -39,7 +39,7 @@
load = <00000000>;
entry = <00000000>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
@@ -53,7 +53,7 @@
load = <00000000>;
entry = <00000000>;
hash-1 {
- algo = "md5";
+ algo = "sha256";
};
};
@@ -67,7 +67,7 @@
load = <00000000>;
entry = <00000000>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
@@ -104,7 +104,7 @@
compression = "none";
load = <00700000>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
diff --git a/doc/usage/fit/sign-configs.rst b/doc/usage/fit/sign-configs.rst
index 6a3df8f..6d98d44 100644
--- a/doc/usage/fit/sign-configs.rst
+++ b/doc/usage/fit/sign-configs.rst
@@ -22,7 +22,7 @@
entry = <0x8>;
kernel-version = <1>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
fdt-1 {
@@ -33,7 +33,7 @@
compression = "none";
fdt-version = <1>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
};
@@ -43,7 +43,7 @@
kernel = "kernel";
fdt = "fdt-1";
signature {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
key-name-hint = "dev";
sign-images = "fdt", "kernel";
};
diff --git a/doc/usage/fit/sign-images.rst b/doc/usage/fit/sign-images.rst
index 7d54d70..ca7d10f 100644
--- a/doc/usage/fit/sign-images.rst
+++ b/doc/usage/fit/sign-images.rst
@@ -22,7 +22,7 @@
entry = <0x8>;
kernel-version = <1>;
signature {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
key-name-hint = "dev";
};
};
@@ -34,7 +34,7 @@
compression = "none";
fdt-version = <1>;
signature {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
key-name-hint = "dev";
};
};
diff --git a/doc/usage/fit/signature.rst b/doc/usage/fit/signature.rst
index 0804bff..39edba1 100644
--- a/doc/usage/fit/signature.rst
+++ b/doc/usage/fit/signature.rst
@@ -93,7 +93,7 @@
properties are:
algo
- Algorithm name (e.g. "sha1,rsa2048" or "sha256,ecdsa256")
+ Algorithm name (e.g. "sha256,rsa2048" or "sha512,ecdsa256")
Optional properties are:
@@ -219,28 +219,28 @@
kernel-1 {
data = <data for kernel1>
signature-1 {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
value = <...kernel signature 1...>
};
};
kernel-2 {
data = <data for kernel2>
signature-1 {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
value = <...kernel signature 2...>
};
};
fdt-1 {
data = <data for fdt1>;
signature-1 {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
value = <...fdt signature 1...>
};
};
fdt-2 {
data = <data for fdt2>;
signature-1 {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
value = <...fdt signature 2...>
};
};
@@ -291,28 +291,28 @@
kernel-1 {
data = <data for kernel1>
hash-1 {
- algo = "sha1";
+ algo = "sha256";
value = <...kernel hash 1...>
};
};
kernel-2 {
data = <data for kernel2>
hash-1 {
- algo = "sha1";
+ algo = "sha256";
value = <...kernel hash 2...>
};
};
fdt-1 {
data = <data for fdt1>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
value = <...fdt hash 1...>
};
};
fdt-2 {
data = <data for fdt2>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
value = <...fdt hash 2...>
};
};
@@ -323,7 +323,7 @@
kernel = "kernel-1";
fdt = "fdt-1";
signature-1 {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
value = <...conf 1 signature...>;
};
};
@@ -331,7 +331,7 @@
kernel = "kernel-2";
fdt = "fdt-2";
signature-1 {
- algo = "sha1,rsa2048";
+ algo = "sha256,rsa2048";
value = <...conf 1 signature...>;
};
};
diff --git a/doc/usage/fit/update3.rst b/doc/usage/fit/update3.rst
index 4ff3950..2423580 100644
--- a/doc/usage/fit/update3.rst
+++ b/doc/usage/fit/update3.rst
@@ -19,7 +19,7 @@
type = "firmware";
load = <FF700000>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
update-2 {
@@ -29,7 +29,7 @@
type = "firmware";
load = <FF8E0000>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
@@ -40,7 +40,7 @@
type = "firmware";
load = <FFAC0000>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
};
diff --git a/doc/usage/fit/update_uboot.rst b/doc/usage/fit/update_uboot.rst
index a9288ee..811d008 100644
--- a/doc/usage/fit/update_uboot.rst
+++ b/doc/usage/fit/update_uboot.rst
@@ -21,7 +21,7 @@
type = "firmware";
load = <0xFFFC0000>;
hash-1 {
- algo = "sha1";
+ algo = "sha256";
};
};
};
diff --git a/doc/usage/fit/x86-fit-boot.rst b/doc/usage/fit/x86-fit-boot.rst
index 93b73bb..9e3e322 100644
--- a/doc/usage/fit/x86-fit-boot.rst
+++ b/doc/usage/fit/x86-fit-boot.rst
@@ -207,16 +207,16 @@
OS: Linux
Load Address: 0x01000000
Entry Point: 0x00000000
- Hash algo: sha1
- Hash value: 446b5163ebfe0fb6ee20cbb7a8501b263cd92392
+ Hash algo: sha256
+ Hash value: 4bbf49981ade163ed089f8525236fedfe44508e9b02a21a48294a96a1518107b
Image 1 (setup)
Description: Linux setup.bin
Created: Tue Oct 7 10:57:24 2014
Type: x86 setup.bin
Compression: uncompressed
Data Size: 12912 Bytes = 12.61 kB = 0.01 MB
- Hash algo: sha1
- Hash value: a1f2099cf47ff9816236cd534c77af86e713faad
+ Hash algo: sha256
+ Hash value: 6aa50c2e0392cb119cdf0971dce8339f100608ed3757c8200b0e39e889e432d2
Default Configuration: 'config-1'
Configuration 0 (config-1)
Description: Boot Linux kernel