From: Anatolij Gustschin <agust@denx.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 3/5] x86: baytrail: secureboot: Add functions for verification of u-boot
Date: Mon, 15 May 2017 09:29:59 +0200 [thread overview]
Message-ID: <20170515092959.443a4af1@crub> (raw)
In-Reply-To: <CAPnjgZ1WzO_m1OQno0dfeg3ERvOqDydsHBgYpx=-4ZJhStn8dw@mail.gmail.com>
Hi Simon,
On Sun, 14 May 2017 21:03:34 -0600
Simon Glass sjg at chromium.org wrote:
...
> > Introduce functions that check the integrity of u-boot by utilising the
> > hashes stored in the oem-data block.
>
> U-Boot
yes, will fix it.
...
> > +/**
> > + * This function compares a hash which gets retrieved from the oem data block
>
> I think the function style we have settled on is:
>
> /**
> * verify_oem_sha256() - one line summary
> *
> * More explanation here
> *
> * @hashid: ...
> * ...
> */
OK, I'll rework and resubmit.
...
> > +
> > +/**
> > + * This function verifies the integrity for u-boot, its devicetree and the ucode
> > + * appended or inserted to the devicetree.
> > + *
> > + * @return true on success, false on error
> > + */
>
> Can you put this comment in the header file?
yes, will do.
...
> > +bool verify_u_boot_bin(void);
> > +bool verify_public_key(void);
>
> These nee comments. Also how about an fsp_ prefix since they are in
> the fsp file?
OK, I'll move comments from functions in .c file to this header and
use fsp_ prefix.
...
> > + if (!verify_u_boot_bin()) {
> > + /* if our u-boot binary checksum isn't equal to
>
> /*
> * If our ...
OK, thanks!
--
Anatolij
next prev parent reply other threads:[~2017-05-15 7:29 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-11 15:14 [U-Boot] [PATCH 0/5] Introduce secure boot for Baytrail Anatolij Gustschin
2017-05-11 15:14 ` [U-Boot] [PATCH 1/5] x86: congatec: add secureboot enabled defconfig for conga-qeval20-qa3-e3845 Anatolij Gustschin
2017-05-15 3:03 ` Simon Glass
2017-05-11 15:14 ` [U-Boot] [PATCH 2/5] x86: baytrail: Add fsp-header verification for secure boot fsp Anatolij Gustschin
2017-05-15 3:03 ` Simon Glass
2017-05-15 7:20 ` Anatolij Gustschin
2017-05-11 15:14 ` [U-Boot] [PATCH 3/5] x86: baytrail: secureboot: Add functions for verification of u-boot Anatolij Gustschin
2017-05-12 8:25 ` Lothar Waßmann
2017-05-12 8:56 ` Anatolij Gustschin
2017-05-15 3:03 ` Simon Glass
2017-05-15 7:29 ` Anatolij Gustschin [this message]
2017-05-11 15:14 ` [U-Boot] [PATCH 4/5] tools: add secure_boot_helper.py Anatolij Gustschin
2017-05-15 3:03 ` Simon Glass
2017-05-11 15:14 ` [U-Boot] [PATCH 5/5] doc: x86: Add section about secure boot on Baytrail Anatolij Gustschin
2017-05-15 3:03 ` Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170515092959.443a4af1@crub \
--to=agust@denx.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox