For FIT verification, all the properties of a public key come from
"control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other
hand, a public key is located and retrieved from dedicated signature
database stored as UEFI variables.
Added two fields may hold values of a public key if fdt_blob is NULL, and
will be used in rsa_verify_with_pkey() to verify a signature in UEFI
sub-system.
Signed-off-by: AKASHI Takahiro <takahiro.aka...@linaro.org>
---
include/image.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/image.h b/include/image.h
index 97b6a82d9754..685f5181c829 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1136,6 +1136,8 @@ struct image_sign_info {
struct checksum_algo *checksum; /* Checksum algorithm information */
struct padding_algo *padding; /* Padding algorithm information */
struct crypto_algo *crypto; /* Crypto algorithm information */
+ const void *key;
+ int keylen;
const void *fdt_blob; /* FDT containing public keys */
int required_keynode; /* Node offset of key to use: -1=any */
const char *require_keys; /* Value for 'required' property */
--
2.21.0
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
