| Message ID | 20200221061301.19660-4-takahiro.akashi@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | rsa: extend rsa_verify() for UEFI secure boot | expand |
On Fri, Feb 21, 2020 at 03:12:57PM +0900, AKASHI Takahiro wrote: > For FIT verification, all the properties of a public key come from > "control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other > hand, a public key is located and retrieved from dedicated signature > database stored as UEFI variables. > > Added two fields may hold values of a public key if fdt_blob is NULL, and > will be used in rsa_verify_with_pkey() to verify a signature in UEFI > sub-system. > > Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org> > Reviewed-by: Simon Glass <sjg at chromium.org> Applied to u-boot/next, thanks!
diff --git a/include/image.h b/include/image.h index eb7aa5622aa3..ceede0d4385e 100644 --- a/include/image.h +++ b/include/image.h @@ -1170,6 +1170,13 @@ struct image_sign_info { int required_keynode; /* Node offset of key to use: -1=any */ const char *require_keys; /* Value for 'required' property */ const char *engine_id; /* Engine to use for signing */ + /* + * Note: the following two fields are always valid even w/o + * RSA_VERIFY_WITH_PKEY in order to make sure this structure is + * the same on target and host. Otherwise, vboot test may fail. + */ + const void *key; /* Pointer to public key in DER */ + int keylen; /* Length of public key */ }; /* A part of an image, used for hashing */