From patchwork Sat Jul 18 03:20:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thirupathaiah Annapureddy X-Patchwork-Id: 1331480 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.a=rsa-sha256 header.s=default header.b=I8+ymEJM; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B7tYB4NXmz9sRf for ; Sat, 18 Jul 2020 13:20:46 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id EAAFD81BFF; Sat, 18 Jul 2020 05:20:42 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="I8+ymEJM"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 0B11581CB9; Sat, 18 Jul 2020 05:20:41 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_PASS,URIBL_BLOCKED, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.2 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by phobos.denx.de (Postfix) with ESMTP id 3784C80E47 for ; Sat, 18 Jul 2020 05:20:38 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=thiruan@linux.microsoft.com Received: from thiru-la.corp.microsoft.com (unknown [131.107.147.159]) by linux.microsoft.com (Postfix) with ESMTPSA id 2EF4B20B4909; Fri, 17 Jul 2020 20:20:37 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 2EF4B20B4909 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1595042437; bh=Tzn3nWfvhwWM0vaEadHMnIiz42R7mCjPsxOZhtqNSLk=; h=From:To:Cc:Subject:Date:From; b=I8+ymEJMTGcsDpheJjGfwu7cbY+ViHdOt/MCt4YX1AqXJCMimAtrPEqLQP4SVleEr Bv+8ai+/DIachUOuK9PN4pmXhKUA+QcTtX21FScBTknG980NcgfeGb3d3svSWT/hcW VhEGZomOAc/RPHF8L8THndhy/U24ZT1SDZsfFhrw= From: Thirupathaiah Annapureddy To: u-boot@lists.denx.de Cc: Simon Glass , thiruan@microsoft.com, thiruan@linux.microsoft.com, Philippe Reynes , Rasmus Villemoes Subject: [PATCH v2 0/3] Add support for multiple required keys Date: Fri, 17 Jul 2020 20:20:26 -0700 Message-Id: X-Mailer: git-send-email 2.25.2 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean This patch series adds the support for multiple required keys in U-Boot DTB with test support. Changes in v2 (thanks for the feedback Simon and Rasmus): - Introduce a policy variable in U-boot DTB to control whether any or all required keys must have signed configuration. - Added tests to cover any or all required keys policy. - Updated signature.txt to include required-mode policy information. Thirupathaiah Annapureddy (3): vboot: add DTB policy for supporting multiple required conf keys test: vboot: add tests for multiple required keys doc: verified-boot: add required-mode information common/image-fit-sig.c | 30 ++++++++++++++++++++--- doc/uImage.FIT/signature.txt | 14 +++++++++++ test/py/tests/test_vboot.py | 46 ++++++++++++++++++++++++++++++++++-- 3 files changed, 85 insertions(+), 5 deletions(-)