Re: [U-Boot] verified boot against a chain of public keys

On Mon, Aug 12, 2019 at 8:01 AM Patrick Doyle wrote: > > I am about to embark on the task of adding support for importing and > using multiple keys in the verified boot process. Does u-boot already > support this? Has anybody (else) thought about it? I now see that lib/rsa/rsa-verif

[U-Boot] verified boot against a chain of public keys

I am about to embark on the task of adding support for importing and using multiple keys in the verified boot process. Does u-boot already support this? Has anybody (else) thought about it? Basically, I would like to add the ability to import a public key into u-boot, which must be signed by the

Re: [U-Boot] And what about fitImages and ram disks?

On Mon, Jun 17, 2019 at 10:22 AM Daniel Schwierzeck wrote: > Am Mo., 17. Juni 2019 um 15:40 Uhr schrieb Patrick Doyle : > > On Mon, Jun 17, 2019 at 7:27 AM Daniel Schwierzeck > > wrote: > > > Am Fr., 14. Juni 2019 um 23:05 Uhr schrieb Patrick Doyle > > > :

Re: [U-Boot] And what about fitImages and ram disks?

Schwierzeck wrote: > Am Fr., 14. Juni 2019 um 23:05 Uhr schrieb Patrick Doyle : > > Does anybody have any hints as to why the Ramdisk would be relocated twice? > > This have been fixed with e5151666364e64e6ca6e554e3d53f2a53fbc1800. > > > Does anybody have any hints as to why

[U-Boot] And what about fitImages and ram disks?

I just created my initramfs and inserted it into my fit-image.its file. When I booted, I saw the following: Trying 'ramdisk' ramdisk subimage Description: Bootstrap ramdisk Type: RAMDisk Image Compression: gzip compressed Data Start: 0x811ae9f0 Data Size:

[U-Boot] [PATCH] rsa: reject images with unknown padding

Previously we would store NULL in info->padding and jump to an illegal instruction if an unknown value for "padding" was specified in the device tree. Signed-off-by: Patrick Doyle --- common/image-sig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/

Re: [U-Boot] Verified boot of images without signatures

On Wed, Jun 12, 2019 at 2:10 PM Alex Kiernan wrote: > On Wed, Jun 12, 2019 at 7:00 PM Patrick Doyle wrote: > > Am I missing something here? > > > > Probably... I went round a very similar loop too. You need the > required property in the U-Boot DTB, not in

[U-Boot] Verified boot of images without signatures

I am looking at enabling verified boot in the v2019.04-rc4 tag of u-boot. I was pleased when I learned how to embed the public authentication key in my u-boot device tree, sign my kernel using my private authentication key, and see u-boot validate the signature on boot. But then I was very