From patchwork Mon Jan 27 10:27:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 240269 List-Id: U-Boot discussion From: takahiro.akashi at linaro.org (AKASHI Takahiro) Date: Mon, 27 Jan 2020 19:27:36 +0900 Subject: [PATCH v6 3/7] include: image.h: add key info to image_sign_info In-Reply-To: <20200127102740.26831-1-takahiro.akashi@linaro.org> References: <20200127102740.26831-1-takahiro.akashi@linaro.org> Message-ID: <20200127102740.26831-4-takahiro.akashi@linaro.org> For FIT verification, all the properties of a public key come from "control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other hand, a public key is located and retrieved from dedicated signature database stored as UEFI variables. Added two fields may hold values of a public key if fdt_blob is NULL, and will be used in rsa_verify_with_pkey() to verify a signature in UEFI sub-system. Signed-off-by: AKASHI Takahiro Reviewed-by: Simon Glass --- include/image.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/image.h b/include/image.h index 7eb0b4b53184..20e1f95cf2a7 100644 --- a/include/image.h +++ b/include/image.h @@ -1142,6 +1142,13 @@ struct image_sign_info { int required_keynode; /* Node offset of key to use: -1=any */ const char *require_keys; /* Value for 'required' property */ const char *engine_id; /* Engine to use for signing */ + /* + * Note: the following two fields are always valid even w/o + * RSA_VERIFY_WITH_PKEY in order to make sure this structure is + * the same on target and host. Otherwise, vboot test may fail. + */ + const void *key; /* Pointer to public key in DER */ + int keylen; /* Length of public key */ }; /* A part of an image, used for hashing */