[U-Boot] [RFC 04/15] include: image.h: add key info to image_sign_info

Simon Glass sjg at chromium.org
Wed Sep 25 20:42:05 UTC 2019


Hi AKASHI,

On Tue, 17 Sep 2019 at 19:23, AKASHI Takahiro
<takahiro.akashi at linaro.org> wrote:
>
> For FIT verification, all the properties of a public key come from
> "control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other
> hand, a public key is located and retrieved from dedicated signature
> database stored as UEFI variables.
>
> Added two fields may hold values of a public key if fdt_blob is NULL, and
> will be used in rsa_verify_with_pkey() to verify a signature in UEFI
> sub-system.
>
> Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> ---
>  include/image.h | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/include/image.h b/include/image.h
> index 97b6a82d9754..685f5181c829 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -1136,6 +1136,8 @@ struct image_sign_info {
>         struct checksum_algo *checksum; /* Checksum algorithm information */
>         struct padding_algo *padding;   /* Padding algorithm information */
>         struct crypto_algo *crypto;     /* Crypto algorithm information */
> +       const void *key;
> +       int keylen;

Please do add comments.

Also if these only relate to EFI they should have efi_ prefix and
probably an #ifdef.

>         const void *fdt_blob;           /* FDT containing public keys */
>         int required_keynode;           /* Node offset of key to use: -1=any */
>         const char *require_keys;       /* Value for 'required' property */
> --
> 2.21.0
>

Regards,
Simon


More information about the U-Boot mailing list