U-Boot FIT Signature Verification
AKASHI Takahiro
takahiro.akashi at linaro.org
Wed Sep 16 10:13:50 CEST 2020
On Wed, Sep 16, 2020 at 01:19:03AM +0200, Heinrich Schuchardt wrote:
> On 9/11/20 7:26 PM, Andrii Voloshyn wrote:
> > Hi there,
> >
> > Does U-boot take into account certificate expiration date when verifying signed images in FIT? In other words, is date stored along with the public key in DTB file?
> >
> > Cheers,
> > Andy
> >
>
> Hello Philippe,
>
> looking at padding_pkcs_15_verify() in lib/rsa/rsa-verify.c I cannot
> find a comparison of the date on which an image was signed with the
> expiry date of the certificate. Shouldn't there be a check? Or did I
> simply look into the wrong function?
I think Simon is the right person to answer this question, but
as far as I know, we don't have any device tree property for the expiration
date of a public key. See doc/uImage.FIT/signature.txt.
-Takahiro Akashi
> Best regards
>
> Heinrich
More information about the U-Boot
mailing list