Hi AKASHI,
On Tue, 17 Sep 2019 at 19:23, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
For FIT verification, all the properties of a public key come from "control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other hand, a public key is located and retrieved from dedicated signature database stored as UEFI variables.
Added two fields may hold values of a public key if fdt_blob is NULL, and will be used in rsa_verify_with_pkey() to verify a signature in UEFI sub-system.
Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org
include/image.h | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/include/image.h b/include/image.h index 97b6a82d9754..685f5181c829 100644 --- a/include/image.h +++ b/include/image.h @@ -1136,6 +1136,8 @@ struct image_sign_info { struct checksum_algo *checksum; /* Checksum algorithm information */ struct padding_algo *padding; /* Padding algorithm information */ struct crypto_algo *crypto; /* Crypto algorithm information */
const void *key;int keylen;
Please do add comments.
Also if these only relate to EFI they should have efi_ prefix and probably an #ifdef.
const void *fdt_blob; /* FDT containing public keys */ int required_keynode; /* Node offset of key to use: -1=any */ const char *require_keys; /* Value for 'required' property */-- 2.21.0
Regards, Simon