[U-Boot] [RFC 04/15] include: image.h: add key info to image_sign_info
Simon Glass
sjg at chromium.org
Wed Sep 25 20:42:05 UTC 2019
Hi AKASHI,
On Tue, 17 Sep 2019 at 19:23, AKASHI Takahiro
<takahiro.akashi at linaro.org> wrote:
>
> For FIT verification, all the properties of a public key come from
> "control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other
> hand, a public key is located and retrieved from dedicated signature
> database stored as UEFI variables.
>
> Added two fields may hold values of a public key if fdt_blob is NULL, and
> will be used in rsa_verify_with_pkey() to verify a signature in UEFI
> sub-system.
>
> Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> ---
> include/image.h | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/include/image.h b/include/image.h
> index 97b6a82d9754..685f5181c829 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -1136,6 +1136,8 @@ struct image_sign_info {
> struct checksum_algo *checksum; /* Checksum algorithm information */
> struct padding_algo *padding; /* Padding algorithm information */
> struct crypto_algo *crypto; /* Crypto algorithm information */
> + const void *key;
> + int keylen;
Please do add comments.
Also if these only relate to EFI they should have efi_ prefix and
probably an #ifdef.
> const void *fdt_blob; /* FDT containing public keys */
> int required_keynode; /* Node offset of key to use: -1=any */
> const char *require_keys; /* Value for 'required' property */
> --
> 2.21.0
>
Regards,
Simon
More information about the U-Boot
mailing list