[U-Boot] verified boot against a chain of public keys

Patrick Doyle wpdster at gmail.com
Tue Aug 13 19:40:29 UTC 2019


On Mon, Aug 12, 2019 at 8:01 AM Patrick Doyle <wpdster at gmail.com> wrote:
>
> I am about to embark on the task of adding support for importing and
> using multiple keys in the verified boot process. Does u-boot already
> support this?  Has anybody (else) thought about it?

I now see that lib/rsa/rsa-verify.c actually checks against multiple
public keys compiled into the device tree.  I guess I could use fit
commands to add more nodes with keys to the device tree, but that
seems a bit cumbersome.  Plus, they wouldn't be verified against the
existing key(s).

Still plugging away...

--wpd


More information about the U-Boot mailing list