From mboxrd@z Thu Jan 1 00:00:00 1970 From: Anatolij Gustschin Date: Mon, 15 May 2017 09:29:59 +0200 Subject: [U-Boot] [PATCH 3/5] x86: baytrail: secureboot: Add functions for verification of u-boot In-Reply-To: References: <1494515696-2087-1-git-send-email-agust@denx.de> <1494515696-2087-4-git-send-email-agust@denx.de> Message-ID: <20170515092959.443a4af1@crub> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hi Simon, On Sun, 14 May 2017 21:03:34 -0600 Simon Glass sjg at chromium.org wrote: ... > > Introduce functions that check the integrity of u-boot by utilising the > > hashes stored in the oem-data block. > > U-Boot yes, will fix it. ... > > +/** > > + * This function compares a hash which gets retrieved from the oem data block > > I think the function style we have settled on is: > > /** > * verify_oem_sha256() - one line summary > * > * More explanation here > * > * @hashid: ... > * ... > */ OK, I'll rework and resubmit. ... > > + > > +/** > > + * This function verifies the integrity for u-boot, its devicetree and the ucode > > + * appended or inserted to the devicetree. > > + * > > + * @return true on success, false on error > > + */ > > Can you put this comment in the header file? yes, will do. ... > > +bool verify_u_boot_bin(void); > > +bool verify_public_key(void); > > These nee comments. Also how about an fsp_ prefix since they are in > the fsp file? OK, I'll move comments from functions in .c file to this header and use fsp_ prefix. ... > > + if (!verify_u_boot_bin()) { > > + /* if our u-boot binary checksum isn't equal to > > /* > * If our ... OK, thanks! -- Anatolij