[PATCH 1/2] vboot: add support for multiple required keys
Rasmus Villemoes
rasmus.villemoes at prevas.dk
Tue Jun 30 10:08:07 CEST 2020
On 25/06/2020 17.51, Thirupathaiah Annapureddy wrote:
> Currently Verified Boot fails if there is a signature verification failure
> using required key in U-boot DTB. This patch adds support for multiple
> required keys. This means if verified boot passes with one of the required
> keys, u-boot will continue the OS hand off.
>
> There was a prior attempt to resolve this with the following patch:
> https://lists.denx.de/pipermail/u-boot/2019-April/366047.html
> The above patch was failing "make tests".
>
> Signed-off-by: Thirupathaiah Annapureddy <thiruan at linux.microsoft.com>
Hi Thirupathaiah
This is something I'm quite interested in - see
https://lists.denx.de/pipermail/u-boot/2020-January/396629.html . I just
never got around to follow up on it due to other tasks. As Simon points
out, the policy as to whether one or all (or some other choice) required
keys must have signed the image needs to live in the .dtb.
I'd appreciate it if you could cc me on subsequent revisions.
Thanks,
Rasmus
More information about the U-Boot
mailing list