[PATCH 1/2] vboot: add support for multiple required keys
Simon Glass
sjg at chromium.org
Mon Jun 29 19:31:54 CEST 2020
Hi Thirupathaiah,
On Mon, 29 Jun 2020 at 11:26, Simon Glass <sjg at chromium.org> wrote:
>
> Hi Thirupathaiah,
>
> On Thu, 25 Jun 2020 at 09:51, Thirupathaiah Annapureddy
> <thiruan at linux.microsoft.com> wrote:
> >
> > Currently Verified Boot fails if there is a signature verification failure
> > using required key in U-boot DTB. This patch adds support for multiple
> > required keys. This means if verified boot passes with one of the required
> > keys, u-boot will continue the OS hand off.
> >
> > There was a prior attempt to resolve this with the following patch:
> > https://lists.denx.de/pipermail/u-boot/2019-April/366047.html
> > The above patch was failing "make tests".
> >
> > Signed-off-by: Thirupathaiah Annapureddy <thiruan at linux.microsoft.com>
> > ---
> > common/image-fit-sig.c | 12 +++++++++++-
> > 1 file changed, 11 insertions(+), 1 deletion(-)
One more thing...this patch is changing the policy.
I think we need a new string property in the DTB alongside the
'required' properly, that indicates whether the image must be signed
with all required keys, or just one.
Regards,
Simon
More information about the U-Boot
mailing list