[v7,3/7] include: image.h: add key info to image_sign_info
diff mbox series

Message ID 20200221061301.19660-4-takahiro.akashi@linaro.org
State Awaiting Upstream
Delegated to: Tom Rini
Headers show
Series
  • rsa: extend rsa_verify() for UEFI secure boot
Related show

Commit Message

AKASHI Takahiro Feb. 21, 2020, 6:12 a.m. UTC
For FIT verification, all the properties of a public key come from
"control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other
hand, a public key is located and retrieved from dedicated signature
database stored as UEFI variables.

Added two fields may hold values of a public key if fdt_blob is NULL, and
will be used in rsa_verify_with_pkey() to verify a signature in UEFI
sub-system.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 include/image.h | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

Tom Rini March 12, 2020, 4:48 p.m. UTC | #1
On Fri, Feb 21, 2020 at 03:12:57PM +0900, AKASHI Takahiro wrote:

> For FIT verification, all the properties of a public key come from
> "control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other
> hand, a public key is located and retrieved from dedicated signature
> database stored as UEFI variables.
> 
> Added two fields may hold values of a public key if fdt_blob is NULL, and
> will be used in rsa_verify_with_pkey() to verify a signature in UEFI
> sub-system.
> 
> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> Reviewed-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/next, thanks!

Patch
diff mbox series

diff --git a/include/image.h b/include/image.h
index eb7aa5622aa3..ceede0d4385e 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1170,6 +1170,13 @@  struct image_sign_info {
 	int required_keynode;		/* Node offset of key to use: -1=any */
 	const char *require_keys;	/* Value for 'required' property */
 	const char *engine_id;		/* Engine to use for signing */
+	/*
+	 * Note: the following two fields are always valid even w/o
+	 * RSA_VERIFY_WITH_PKEY in order to make sure this structure is
+	 * the same on target and host. Otherwise, vboot test may fail.
+	 */
+	const void *key;		/* Pointer to public key in DER */
+	int keylen;			/* Length of public key */
 };
 
 /* A part of an image, used for hashing */