From mboxrd@z Thu Jan 1 00:00:00 1970 From: AKASHI Takahiro Date: Wed, 28 Aug 2019 08:55:15 +0900 Subject: [U-Boot] RSA in U-Boot In-Reply-To: <6331a87e-0055-5194-e1e4-0ab0a5b20c0d@arm.com> References: <422971965.15677087.1556343097301.JavaMail.zimbra@redhat.com> <4b32b851-181e-5846-c5b0-17cadae06f33@gmx.de> <20190516103902.C27F1245E45@gemini.denx.de> <20190516104554.GA15680@apalos> <20190516111359.GQ22232@bill-the-cat> <20190516115636.GA8052@fireball> <20190516121803.C6216245E45@gemini.denx.de> <20190517001206.GX11160@linaro.org> <6331a87e-0055-5194-e1e4-0ab0a5b20c0d@arm.com> Message-ID: <20190827235514.GH14152@linaro.org> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hi Grant, On Tue, Aug 27, 2019 at 10:35:37AM +0000, Grant Likely wrote: > Hi Takahiro, > > On 17/05/2019 01:12, AKASHI Takahiro wrote: > [...] > > In fact, I have already imported relevant kernel code into U-Boot > > and it now works perfectly with my experimental UEFI secure boot patch, > > Speaking of which, where can I find the experimental UEFI secure boot > patches? I've not been able to find any recent postings. Here's my repository: https://git.linaro.org/people/takahiro.akashi/u-boot.git efi/secboot But it's quite old and not ready for public review, yet it works in some way. Since then, I've done - implementing image authentication as close to EDK2's semantics as possible, including timestamp-based revocation - improving portability of linux-kernel-based pkcs7/x509 parsers - reworking the code in general for better maintainability - adding initial automated testing of image/variable authentication based on pytest framework On the other hand, Sughosh and Pipat are working on integrating StMM-based UEFI variables/secure storage into U-Boot. As far as my part is concerned, my plan is that I will focus on developing more test cases and verifying the authentication code. Once I have some good confidence, I'd like to submit the patch set. It will be around the next Connect, I guess? Thanks, -Takahiro Akashi > Thanks, > g.