From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v3 3/6] include: image.h: add key info to image_sign_info
Date: Wed, 20 Nov 2019 14:47:01 +0900 [thread overview]
Message-ID: <20191120054700.GZ22427@linaro.org> (raw)
In-Reply-To: <CAPnjgZ0V950EGa5OiDLq-6FT9aJjWdLALOmv+86v4wJ+C+N9tA@mail.gmail.com>
Simon,
Thank you for your review.
On Tue, Nov 19, 2019 at 06:59:54PM -0800, Simon Glass wrote:
> Hi Takahiro,
>
> On Tue, 12 Nov 2019 at 16:47, AKASHI Takahiro
> <takahiro.akashi@linaro.org> wrote:
> >
> > For FIT verification, all the properties of a public key come from
> > "control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other
> > hand, a public key is located and retrieved from dedicated signature
> > database stored as UEFI variables.
> >
> > Added two fields may hold values of a public key if fdt_blob is NULL, and
> > will be used in rsa_verify_with_pkey() to verify a signature in UEFI
> > sub-system.
> >
> > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > ---
> > include/image.h | 10 ++++++++++
> > 1 file changed, 10 insertions(+)
> >
>
> Reviewed-by: Simon Glass <sjg@chromium.org>
>
> > diff --git a/include/image.h b/include/image.h
> > index 7eb0b4b53184..bff87f51f01b 100644
> > --- a/include/image.h
> > +++ b/include/image.h
> > @@ -1142,6 +1142,16 @@ struct image_sign_info {
> > int required_keynode; /* Node offset of key to use: -1=any */
> > const char *require_keys; /* Value for 'required' property */
> > const char *engine_id; /* Engine to use for signing */
> > + /*
> > + * Note: the following two fields
> > + * are always valid even w/o
> > + * RSA_VERIFY_WITH_PKEY in order
> > + * to make sure this structure is
> > + * the same on target and host.
> > + * Otherwise, vboot test may fail.
> > + */
>
> Can you please align this comment to one tab in (to line up with 'const' above)?
Sure.
-Takahiro Akashi
> > + const void *key; /* Pointer to public key in DER */
> > + int keylen; /* Length of public key */
> > };
> >
> > /* A part of an image, used for hashing */
> > --
> > 2.21.0
> >
>
> Regards,
> Simon
next prev parent reply other threads:[~2019-11-20 5:47 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-13 0:47 [U-Boot] [PATCH v3 0/6] rsa: extend rsa_verify() for UEFI secure boot AKASHI Takahiro
2019-11-13 0:47 ` [U-Boot] [PATCH v3 1/6] lib: rsa: decouple rsa from FIT image verification AKASHI Takahiro
2019-11-20 2:59 ` Simon Glass
2019-11-13 0:47 ` [U-Boot] [PATCH v3 2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config AKASHI Takahiro
2019-11-20 2:59 ` Simon Glass
2019-11-13 0:47 ` [U-Boot] [PATCH v3 3/6] include: image.h: add key info to image_sign_info AKASHI Takahiro
2019-11-20 2:59 ` Simon Glass
2019-11-20 5:47 ` AKASHI Takahiro [this message]
2019-11-13 0:47 ` [U-Boot] [PATCH v3 4/6] lib: rsa: generate additional parameters for public key AKASHI Takahiro
2019-11-20 2:59 ` Simon Glass
2019-11-20 5:53 ` AKASHI Takahiro
2019-11-13 0:47 ` [U-Boot] [PATCH v3 5/6] lib: rsa: add rsa_verify_with_pkey() AKASHI Takahiro
2019-11-20 2:59 ` Simon Glass
2019-11-20 5:54 ` AKASHI Takahiro
2019-11-13 0:47 ` [U-Boot] [PATCH v3 6/6] test: add rsa_verify() unit test AKASHI Takahiro
2019-11-20 2:59 ` Simon Glass
2019-11-20 5:58 ` AKASHI Takahiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191120054700.GZ22427@linaro.org \
--to=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.