[U-Boot] [PATCH v3 3/6] include: image.h: add key info to image_sign_info
Simon Glass
sjg at chromium.org
Wed Nov 20 02:59:54 UTC 2019
Hi Takahiro,
On Tue, 12 Nov 2019 at 16:47, AKASHI Takahiro
<takahiro.akashi at linaro.org> wrote:
>
> For FIT verification, all the properties of a public key come from
> "control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other
> hand, a public key is located and retrieved from dedicated signature
> database stored as UEFI variables.
>
> Added two fields may hold values of a public key if fdt_blob is NULL, and
> will be used in rsa_verify_with_pkey() to verify a signature in UEFI
> sub-system.
>
> Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> ---
> include/image.h | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
Reviewed-by: Simon Glass <sjg at chromium.org>
> diff --git a/include/image.h b/include/image.h
> index 7eb0b4b53184..bff87f51f01b 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -1142,6 +1142,16 @@ struct image_sign_info {
> int required_keynode; /* Node offset of key to use: -1=any */
> const char *require_keys; /* Value for 'required' property */
> const char *engine_id; /* Engine to use for signing */
> + /*
> + * Note: the following two fields
> + * are always valid even w/o
> + * RSA_VERIFY_WITH_PKEY in order
> + * to make sure this structure is
> + * the same on target and host.
> + * Otherwise, vboot test may fail.
> + */
Can you please align this comment to one tab in (to line up with 'const' above)?
> + const void *key; /* Pointer to public key in DER */
> + int keylen; /* Length of public key */
> };
>
> /* A part of an image, used for hashing */
> --
> 2.21.0
>
Regards,
Simon
More information about the U-Boot
mailing list