On 9/11/20 7:26 PM, Andrii Voloshyn wrote: > Hi there, > > Does U-boot take into account certificate expiration date when verifying > signed images in FIT? In other words, is date stored along with the public > key in DTB file? > > Cheers, > Andy >
Hello Philippe, looking at padding_pkcs_15_verify() in lib/rsa/rsa-verify.c I cannot find a comparison of the date on which an image was signed with the expiry date of the certificate. Shouldn't there be a check? Or did I simply look into the wrong function? Best regards Heinrich