16 Sep
2020
16 Sep
'20
10:13 a.m.
On Wed, Sep 16, 2020 at 01:19:03AM +0200, Heinrich Schuchardt wrote:
On 9/11/20 7:26 PM, Andrii Voloshyn wrote:
Hi there,
Does U-boot take into account certificate expiration date when verifying signed images in FIT? In other words, is date stored along with the public key in DTB file?Cheers, Andy
Hello Philippe,
looking at padding_pkcs_15_verify() in lib/rsa/rsa-verify.c I cannot find a comparison of the date on which an image was signed with the expiry date of the certificate. Shouldn't there be a check? Or did I simply look into the wrong function?
I think Simon is the right person to answer this question, but
as far as I know, we don't have any device tree property for the expiration date of a public key. See doc/uImage.FIT/signature.txt.
-Takahiro Akashi
Best regards
Heinrich