From patchwork Wed Nov 13 00:47:27 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 1193921 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="QIkAe2vj"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 47CR4N2p8Sz9sPh for ; Wed, 13 Nov 2019 11:55:48 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 06B4CC21C51; Wed, 13 Nov 2019 00:53:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id DB75EC21C51; Wed, 13 Nov 2019 00:49:56 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 8C983C21F79; Wed, 13 Nov 2019 00:47:29 +0000 (UTC) Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) by lists.denx.de (Postfix) with ESMTPS id 0A81FC21F81 for ; Wed, 13 Nov 2019 00:47:14 +0000 (UTC) Received: by mail-pf1-f195.google.com with SMTP id n13so354926pff.1 for ; Tue, 12 Nov 2019 16:47:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=LyPhi0La8QAv66nqbpIE2txBubELE6nm6ZWBqqiQjyY=; b=QIkAe2vjnHnC/8B/XNDCs/zPlghjuAgNX64xOx6jZ70IDbH7NKEbdhxYfAtXSuLkZg xsMDNxtj+zMbRsFNfsRCzIxvz/hxGCNGpmF/0ybMpNCO3xFVdJy6goCfUvv+jp1qJIi8 s3eWvquIyWSEze/Fb61+50iv0NBNXT8D4KV8BZInueVwfRm+qzbtdXmCXbrzSy/+N7Ek 63l0ul0+Z5sS51i73fKzPATesUFFQvjD6JVnZk0DeZbTGwlAQs9Vrp10JGRFw4yZZSC1 QB/+tsXbfTJCjavsR1+uhFjEss5IbBqtVV6GBRwmNj2N/djFQBoySdkgOhmsdeBPNt+a dWdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=LyPhi0La8QAv66nqbpIE2txBubELE6nm6ZWBqqiQjyY=; b=eGPfAX5W7HQNEnMHhYaoKs5wEfaWGC2DzAgqEK8M4jUOnj6ju8avQt66hh9yO1kklH 8b0Q4MCefE6Ld6IrceZvMF6kJB44iHaAPamQ8m2kGrkFlW1Y3oU1XlPfVJQ1Gk8oCfAS QXmcoka2y9nOgz5PCtL5GdA42ue4ARIixYDxsMxvOfzg9QvypOZH3ESZBikEw40zkXBM kyozQxYLPc7hVYLoci/FGfMwB2yuRfSMBkehw2a6aIfV3/b6a/OhK3IlC8QgzQoKYlLj vq52ggG14t2O3wyqXghu6vYIdPJ6AtasN1HQOuYDBlimWvPJITz8tC7Tj0ptJGXRhAce Ngag== X-Gm-Message-State: APjAAAUa0C5iXsgfvsEUqfv0K3l1fqLeoXTM7Zol3r6nRpKcEbWT7k+w fXwVSKP/GXp6gKb8i+9p2G58vFFa340= X-Google-Smtp-Source: APXvYqyfP28chh0QunsFQEiMYHCBgo4aYOcA4Lg+MjCcfHlPMg5mOrfOWs9Vq9Ir3cQ6GnOpxDBhLw== X-Received: by 2002:a17:90a:9b84:: with SMTP id g4mr928821pjp.76.1573606032693; Tue, 12 Nov 2019 16:47:12 -0800 (PST) Received: from linaro.org ([121.95.100.191]) by smtp.googlemail.com with ESMTPSA id l62sm196382pgl.24.2019.11.12.16.47.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 Nov 2019 16:47:12 -0800 (PST) From: AKASHI Takahiro To: trini@konsulko.com, sjg@chromium.org, xypron.glpk@gmx.de, agraf@csgraf.de Date: Wed, 13 Nov 2019 09:47:27 +0900 Message-Id: <20191113004730.30139-4-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191113004730.30139-1-takahiro.akashi@linaro.org> References: <20191113004730.30139-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 Cc: u-boot@lists.denx.de, mail@patrick-wildt.de Subject: [U-Boot] [PATCH v3 3/6] include: image.h: add key info to image_sign_info X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" For FIT verification, all the properties of a public key come from "control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other hand, a public key is located and retrieved from dedicated signature database stored as UEFI variables. Added two fields may hold values of a public key if fdt_blob is NULL, and will be used in rsa_verify_with_pkey() to verify a signature in UEFI sub-system. Signed-off-by: AKASHI Takahiro Reviewed-by: Simon Glass --- include/image.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/image.h b/include/image.h index 7eb0b4b53184..bff87f51f01b 100644 --- a/include/image.h +++ b/include/image.h @@ -1142,6 +1142,16 @@ struct image_sign_info { int required_keynode; /* Node offset of key to use: -1=any */ const char *require_keys; /* Value for 'required' property */ const char *engine_id; /* Engine to use for signing */ + /* + * Note: the following two fields + * are always valid even w/o + * RSA_VERIFY_WITH_PKEY in order + * to make sure this structure is + * the same on target and host. + * Otherwise, vboot test may fail. + */ + const void *key; /* Pointer to public key in DER */ + int keylen; /* Length of public key */ }; /* A part of an image, used for hashing */