Age | Commit message (Collapse) | Author |
|
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/2008375
Change-Id: Ic1bc6d3ff483a1a4bcbbcc8fd6a798bc99ea5ebe
|
|
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/2008375
Change-Id: I0e2ee285c0747354876d4b0b11b31db3378adb8a
|
|
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/2008375
Change-Id: I757af2db752a515ed12002274be66db4183bf8b4
|
|
Comments not preserved during refresh.
Test: m nothing
Change-Id: I1605091d7ca2cb9361a283e284f5f1ec3d5382a0
|
|
sc-v2-dev-plus-aosp-without-vendor@8084891 am: 7451b68efb -s ours am: 4d8d60e05b -s ours
am skip reason: Merged-In I29c05c0675fd55ca0e6c5a7beb23b92969330cb3 with SHA-1 0051d4eeb7 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/fsverity-utils/+/16843627
Change-Id: I626329563d18d87f7a12ab8b5104301e278ca78a
|
|
sc-v2-dev-plus-aosp-without-vendor@8084891 am: 7451b68efb -s ours
am skip reason: Merged-In I29c05c0675fd55ca0e6c5a7beb23b92969330cb3 with SHA-1 0051d4eeb7 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/fsverity-utils/+/16843627
Change-Id: I83d4960b0bbed41b24c87afe19179aea0f02478b
|
|
Bug: 214455710
Merged-In: I29c05c0675fd55ca0e6c5a7beb23b92969330cb3
Change-Id: I82084ac80ab3ecd196c53a296a15d5ac644b1b08
|
|
7c6fce9125 am: 0685632d03 am: e483d62e0c
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1975207
Change-Id: I8f68e66e5e46d109f8645125235286972eec6348
|
|
7c6fce9125 am: 0685632d03
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1975207
Change-Id: Ia48e67a902b162fe918601a73768f734e6c5573d
|
|
7c6fce9125
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1975207
Change-Id: I06cce136b1b93938ca4f24c5f1e0020f784a4129
|
|
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1975207
Change-Id: I52c7b945d18b018baa4ce35dc760905f97a3766d
|
|
Upgrade to fsverity-utils v1.5 so that AOSP is on a tagged release
version. No significant changes since the last merge.
* aosp/upstream-master:
v1.5
NEWS.md: update for v1.5
scripts/do-release.sh: split into prepare and publish
scripts/run-sparse.sh: fix to exclude boringssl directory
Clarify the purpose of built-in signatures
Makefile: fix a typo
Add GitHub Actions support
Support automatically building BoringSSL for testing
run-tests.sh: make CFI test work on Ubuntu 20.04
run-tests.sh: allow running individual tests
Test: mmm external/fsverity-utils
Change-Id: Icdf6279c9bdaed4cc5a87aabaf444e5d179ff089
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
456606b97f am: 2fc32129e9 am: 5f70389b90
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1927574
Change-Id: Ifb82cf1a0a03fb4b2fe283cd213e615484621d88
|
|
456606b97f am: 2fc32129e9
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1927574
Change-Id: Iba777b5051df4a8bd085e18941d0b1cff4631b74
|
|
456606b97f
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1927574
Change-Id: I2bcc38d0ee9c5c395c327a24d4a54fc225f4a31d
|
|
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1927574
Change-Id: I790b8af173f67eb1af98454048f1d6880d0b7b56
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
* aosp/upstream-master:
lib: remove libfsverity_error_msg_errno()
Makefile: use -Wno-deprecated-declarations to avoid OpenSSL 3.0 warnings
scripts/run-tests.sh: test with OpenSSL 3.0
scripts/run-tests.sh: test with OpenSSL 1.0
Implement PKCS#11 opaque keys support through OpenSSL pkcs11 engine
Bug: 190084016
Test: m libfsverity
Test: m USE_HOST_MUSL=true libfsverity
Change-Id: I0fc0239104b2738292a2672c85e3dac15eb80024
|
|
This is currently unused, and it currently uses GNU strerror_r() which
is non-portable (doesn't work with musl libc). Just remove it for now.
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
c829e950b7 am: f7fa3c2426
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1906290
Change-Id: Ib246e41009680e64f5a3c9e1fc6bd33bd7cdf217
|
|
c829e950b7
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1906290
Change-Id: I1e939a0b80820aa7c5cd154322dfc5f88f69d964
|
|
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1906290
Change-Id: Ib0b1c4852780249189b55edaf7039204b84dbeb6
|
|
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1906290
Change-Id: I4e96661f86f64ec47eca8923a4f685ab6548bb75
|
|
Bug: 199914227
Test: build
Change-Id: I29c05c0675fd55ca0e6c5a7beb23b92969330cb3
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
PKCS#11 API allows us to use opaque keys confined in hardware security
modules (HSMs) and similar hardware tokens without direct access to the
key material, providing logical separation of the keys from the
cryptographic operations performed using them.
This commit allows using the popular libp11 pkcs11 module for the
OpenSSL library with `fsverity` so that direct access to a private key
file isn't necessary to sign files.
The user needs to supply the path to the engine shared library
(typically the libp11 shared object file) and the PKCS#11 module library
(a shared object file specific to the given hardware token). The user
may also supply a token-specific key identifier.
Test evidence with a hardware PKCS#11 token:
$ echo test > dummy
$ ./fsverity sign dummy dummy.sig \
--pkcs11-engine=/usr/lib64/engines-1.1/libpkcs11.so \
--pkcs11-module=/usr/local/lib64/pkcs11_module.so \
--cert=test-pkcs11-cert.pem && echo OK;
Signed file 'dummy'
(sha256:c497326752e21b3992b57f7eff159102d474a97d972dc2c2d99d23e0f5fbdb65)
OK
Test evidence for regression check (checking that regular file-based key
signing still works):
$ ./fsverity sign dummy dummy.sig --key=key.pem --cert=cert.pem && \
echo OK;
Signed file 'dummy'
(sha256:c497326752e21b3992b57f7eff159102d474a97d972dc2c2d99d23e0f5fbdb65)
OK
Signed-off-by: Aleksander Adamowski <olo@fb.com>
[EB: Avoided overloading the --key option and keyfile field, clarified
the documentation, removed logic from cmd_sign.c that libfsverity
already handles, and many other improvements.]
Link: https://lore.kernel.org/r/20210909212731.1151190-1-olo@fb.com
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
487486c712 am: 293f2557ec am: 2646788639
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1759569
Change-Id: I704a21d91e7ebc02729c63f7bd480983f44790a2
|
|
487486c712 am: 293f2557ec
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1759569
Change-Id: Ia8d6d05ab3ed843fae82c9ad2fe345a172a89974
|
|
487486c712
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1759569
Change-Id: I12e3c47778343f13afcf6ccf080511e1ec9f4e23
|
|
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1759569
Change-Id: I91405e95e3113bdd8835bd490af6781879615c1a
|
|
Bug: 190166662
Test: Client code builds.
Change-Id: I6bd0ecbf04e3894c1971fb9288333f241e3bd873
|
|
d78a28aac4
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1747534
Change-Id: Ib4684d099fb90e32177e84d46fa04efe87f2b47d
|
|
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1747534
Change-Id: If2401d1538378d49d503a93030c3a6fc4b5cfc6e
|
|
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1747534
Change-Id: I56ab5b52d8346f20de9526525e519cd648dcfc21
|
|
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1747534
Change-Id: Ifc62f161c9e09cb71a0e4938977271a242d27d8f
|
|
I forgot to update 'version' and 'last_upgrade_date' when doing the
upgrade to v1.4.
Change-Id: I10cb5be8e087d684fc14d2779107c15970e4a3f7
|
|
am: 176bee678c
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1736357
Change-Id: Icf15923d55708318afbe164747c62f5ba79c7e20
|
|
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1736357
Change-Id: I46f454247a703f7026bb9b5254bfd818ecbbd70d
|
|
Original change: https://android-review.googlesource.com/c/platform/external/fsverity-utils/+/1736357
Change-Id: I83912bac31fcc2f245f42c8073441d40a1d283e3
|