[U-Boot] [PATCH 0/2] rsa signature: check that required key is really mandatory

Philippe Reynes philippe.reynes at softathome.com
Wed Sep 18 14:04:52 UTC 2019


This serie fix an issue with the required key on rsa signature. If a required
key is defined, only FIT signed with this key should be accepted. right now,
there is an issue with required key, u-boot may used others key than required
key.

The first commit add a test in vboot to check that u-boot don't allow FIT with
another key than the required key. This test fails and show the issue.
The second commit fix this issue with required key, so the test with required
key succeed.

Daniele Alessandrelli (1):
  rsa: Return immediately if required-key verification fails

Philippe Reynes (1):
  pytest: vboot: add a test for required key

 lib/rsa/rsa-verify.c                               |  3 +-
 test/py/tests/test_vboot.py                        | 57 ++++++++++++++++++++++
 .../tests/vboot/sign-configs-sha256-pss-prod.its   | 46 +++++++++++++++++
 3 files changed, 104 insertions(+), 2 deletions(-)
 create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss-prod.its

-- 
2.7.4



More information about the U-Boot mailing list