[U-Boot] RSA in U-Boot

AKASHI Takahiro takahiro.akashi at linaro.org
Tue Aug 27 23:55:15 UTC 2019

Hi Grant,

On Tue, Aug 27, 2019 at 10:35:37AM +0000, Grant Likely wrote:
> Hi Takahiro,
> On 17/05/2019 01:12, AKASHI Takahiro wrote:
> [...]
> > In fact, I have already imported relevant kernel code into U-Boot
> > and it now works perfectly with my experimental UEFI secure boot patch,
> Speaking of which, where can I find the experimental UEFI secure boot 
> patches? I've not been able to find any recent postings.

Here's my repository:
https://git.linaro.org/people/takahiro.akashi/u-boot.git efi/secboot

But it's quite old and not ready for public review, yet it works in some way.
Since then, I've done
- implementing image authentication as close to EDK2's semantics as possible,
  including timestamp-based revocation
- improving portability of linux-kernel-based pkcs7/x509 parsers
- reworking the code in general for better maintainability
- adding initial automated testing of image/variable authentication
  based on pytest framework

On the other hand, Sughosh and Pipat are working on integrating
StMM-based UEFI variables/secure storage into U-Boot.

As far as my part is concerned, my plan is that I will focus on developing
more test cases and verifying the authentication code. Once I have some good
confidence, I'd like to submit the patch set.
It will be around the next Connect, I guess?

-Takahiro Akashi

> Thanks,
> g.

More information about the U-Boot mailing list