From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v3 3/6] include: image.h: add key info to image_sign_info
Date: Wed, 20 Nov 2019 14:47:01 +0900 [thread overview]
Message-ID: <20191120054700.GZ22427@linaro.org> (raw)
In-Reply-To: <CAPnjgZ0V950EGa5OiDLq-6FT9aJjWdLALOmv+86v4wJ+C+N9tA@mail.gmail.com>
Simon,
Thank you for your review.
On Tue, Nov 19, 2019 at 06:59:54PM -0800, Simon Glass wrote:
> Hi Takahiro,
>
> On Tue, 12 Nov 2019 at 16:47, AKASHI Takahiro
> <takahiro.akashi@linaro.org> wrote:
> >
> > For FIT verification, all the properties of a public key come from
> > "control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other
> > hand, a public key is located and retrieved from dedicated signature
> > database stored as UEFI variables.
> >
> > Added two fields may hold values of a public key if fdt_blob is NULL, and
> > will be used in rsa_verify_with_pkey() to verify a signature in UEFI
> > sub-system.
> >
> > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > ---
> > include/image.h | 10 ++++++++++
> > 1 file changed, 10 insertions(+)
> >
>
> Reviewed-by: Simon Glass <sjg@chromium.org>
>
> > diff --git a/include/image.h b/include/image.h
> > index 7eb0b4b53184..bff87f51f01b 100644
> > --- a/include/image.h
> > +++ b/include/image.h
> > @@ -1142,6 +1142,16 @@ struct image_sign_info {
> > int required_keynode; /* Node offset of key to use: -1=any */
> > const char *require_keys; /* Value for 'required' property */
> > const char *engine_id; /* Engine to use for signing */
> > + /*
> > + * Note: the following two fields
> > + * are always valid even w/o
> > + * RSA_VERIFY_WITH_PKEY in order
> > + * to make sure this structure is
> > + * the same on target and host.
> > + * Otherwise, vboot test may fail.
> > + */
>
> Can you please align this comment to one tab in (to line up with 'const' above)?
Sure.
-Takahiro Akashi
> > + const void *key; /* Pointer to public key in DER */
> > + int keylen; /* Length of public key */
> > };
> >
> > /* A part of an image, used for hashing */
> > --
> > 2.21.0
> >
>
> Regards,
> Simon
next prev parent reply other threads:[~2019-11-20 5:47 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-13 0:47 [U-Boot] [PATCH v3 0/6] rsa: extend rsa_verify() for UEFI secure boot AKASHI Takahiro
2019-11-13 0:47 ` [U-Boot] [PATCH v3 1/6] lib: rsa: decouple rsa from FIT image verification AKASHI Takahiro
2019-11-20 2:59 ` Simon Glass
2019-11-13 0:47 ` [U-Boot] [PATCH v3 2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config AKASHI Takahiro
2019-11-20 2:59 ` Simon Glass
2019-11-13 0:47 ` [U-Boot] [PATCH v3 3/6] include: image.h: add key info to image_sign_info AKASHI Takahiro
2019-11-20 2:59 ` Simon Glass
2019-11-20 5:47 ` AKASHI Takahiro [this message]
2019-11-13 0:47 ` [U-Boot] [PATCH v3 4/6] lib: rsa: generate additional parameters for public key AKASHI Takahiro
2019-11-20 2:59 ` Simon Glass
2019-11-20 5:53 ` AKASHI Takahiro
2019-11-13 0:47 ` [U-Boot] [PATCH v3 5/6] lib: rsa: add rsa_verify_with_pkey() AKASHI Takahiro
2019-11-20 2:59 ` Simon Glass
2019-11-20 5:54 ` AKASHI Takahiro
2019-11-13 0:47 ` [U-Boot] [PATCH v3 6/6] test: add rsa_verify() unit test AKASHI Takahiro
2019-11-20 2:59 ` Simon Glass
2019-11-20 5:58 ` AKASHI Takahiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191120054700.GZ22427@linaro.org \
--to=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox