13 Aug
2019
13 Aug
'19
9:40 p.m.
On Mon, Aug 12, 2019 at 8:01 AM Patrick Doyle wpdster@gmail.com wrote:
I am about to embark on the task of adding support for importing and using multiple keys in the verified boot process. Does u-boot already support this? Has anybody (else) thought about it?
I now see that lib/rsa/rsa-verify.c actually checks against multiple public keys compiled into the device tree. I guess I could use fit commands to add more nodes with keys to the device tree, but that seems a bit cumbersome. Plus, they wouldn't be verified against the existing key(s).
Still plugging away...
--wpd