Simon,
Thank you for your review.
On Tue, Nov 19, 2019 at 06:59:54PM -0800, Simon Glass wrote:
Hi Takahiro,
On Tue, 12 Nov 2019 at 16:47, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
For FIT verification, all the properties of a public key come from "control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other hand, a public key is located and retrieved from dedicated signature database stored as UEFI variables.
Added two fields may hold values of a public key if fdt_blob is NULL, and will be used in rsa_verify_with_pkey() to verify a signature in UEFI sub-system.
Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org
include/image.h | 10 ++++++++++ 1 file changed, 10 insertions(+)
Reviewed-by: Simon Glass sjg@chromium.org
diff --git a/include/image.h b/include/image.h index 7eb0b4b53184..bff87f51f01b 100644 --- a/include/image.h +++ b/include/image.h @@ -1142,6 +1142,16 @@ struct image_sign_info { int required_keynode; /* Node offset of key to use: -1=any */ const char *require_keys; /* Value for 'required' property */ const char *engine_id; /* Engine to use for signing */
/** Note: the following two fields* are always valid even w/o* RSA_VERIFY_WITH_PKEY in order* to make sure this structure is* the same on target and host.* Otherwise, vboot test may fail.*/Can you please align this comment to one tab in (to line up with 'const' above)?
Sure.
-Takahiro Akashi
const void *key; /* Pointer to public key in DER */int keylen; /* Length of public key */};
/* A part of an image, used for hashing */
2.21.0
Regards, Simon