Message ID | 20190918012643.25192-5-takahiro.akashi@linaro.org |
---|---|
State | RFC |
Delegated to: | Heinrich Schuchardt |
Headers | show |
Series | efi_loader: add secure boot support | expand |
Hi AKASHI, On Tue, 17 Sep 2019 at 19:23, AKASHI Takahiro <takahiro.akashi@linaro.org> wrote: > > For FIT verification, all the properties of a public key come from > "control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other > hand, a public key is located and retrieved from dedicated signature > database stored as UEFI variables. > > Added two fields may hold values of a public key if fdt_blob is NULL, and > will be used in rsa_verify_with_pkey() to verify a signature in UEFI > sub-system. > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > --- > include/image.h | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/include/image.h b/include/image.h > index 97b6a82d9754..685f5181c829 100644 > --- a/include/image.h > +++ b/include/image.h > @@ -1136,6 +1136,8 @@ struct image_sign_info { > struct checksum_algo *checksum; /* Checksum algorithm information */ > struct padding_algo *padding; /* Padding algorithm information */ > struct crypto_algo *crypto; /* Crypto algorithm information */ > + const void *key; > + int keylen; Please do add comments. Also if these only relate to EFI they should have efi_ prefix and probably an #ifdef. > const void *fdt_blob; /* FDT containing public keys */ > int required_keynode; /* Node offset of key to use: -1=any */ > const char *require_keys; /* Value for 'required' property */ > -- > 2.21.0 > Regards, Simon
diff --git a/include/image.h b/include/image.h index 97b6a82d9754..685f5181c829 100644 --- a/include/image.h +++ b/include/image.h @@ -1136,6 +1136,8 @@ struct image_sign_info { struct checksum_algo *checksum; /* Checksum algorithm information */ struct padding_algo *padding; /* Padding algorithm information */ struct crypto_algo *crypto; /* Crypto algorithm information */ + const void *key; + int keylen; const void *fdt_blob; /* FDT containing public keys */ int required_keynode; /* Node offset of key to use: -1=any */ const char *require_keys; /* Value for 'required' property */
For FIT verification, all the properties of a public key come from "control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other hand, a public key is located and retrieved from dedicated signature database stored as UEFI variables. Added two fields may hold values of a public key if fdt_blob is NULL, and will be used in rsa_verify_with_pkey() to verify a signature in UEFI sub-system. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> --- include/image.h | 2 ++ 1 file changed, 2 insertions(+)