[U-Boot] verified boot against a chain of public keys
Patrick Doyle
wpdster at gmail.com
Tue Aug 13 19:40:29 UTC 2019
On Mon, Aug 12, 2019 at 8:01 AM Patrick Doyle <wpdster at gmail.com> wrote:
>
> I am about to embark on the task of adding support for importing and
> using multiple keys in the verified boot process. Does u-boot already
> support this? Has anybody (else) thought about it?
I now see that lib/rsa/rsa-verify.c actually checks against multiple
public keys compiled into the device tree. I guess I could use fit
commands to add more nodes with keys to the device tree, but that
seems a bit cumbersome. Plus, they wouldn't be verified against the
existing key(s).
Still plugging away...
--wpd
More information about the U-Boot
mailing list