[U-Boot] [PATCH v2 3/6] include: image.h: add key info to image_sign_info

AKASHI Takahiro takahiro.akashi at linaro.org
Tue Oct 29 06:46:33 UTC 2019


For FIT verification, all the properties of a public key come from
"control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other
hand, a public key is located and retrieved from dedicated signature
database stored as UEFI variables.

Added two fields may hold values of a public key if fdt_blob is NULL, and
will be used in rsa_verify_with_pkey() to verify a signature in UEFI
sub-system.

Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
---
 include/image.h | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/include/image.h b/include/image.h
index ecf10f96b9f2..a97d5bc6304c 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1142,6 +1142,16 @@ struct image_sign_info {
 	int required_keynode;		/* Node offset of key to use: -1=any */
 	const char *require_keys;	/* Value for 'required' property */
 	const char *engine_id;		/* Engine to use for signing */
+					/*
+					 * Note: the following two fields
+					 * are always valid even w/o
+					 * RSA_VERIFY_WITH_PKEY in order
+					 * to make sure this structure is
+					 * the same on target and host.
+					 * Otherwise, vboot test may fail.
+					 */
+	const void *key;		/* Pointer to public key in DER */
+	int keylen;			/* Length of public key */
 };
 
 /* A part of an image, used for hashing */
-- 
2.21.0



More information about the U-Boot mailing list