summaryrefslogtreecommitdiff
path: root/include/image.h
diff options
context:
space:
mode:
authorAKASHI Takahiro <takahiro.akashi@linaro.org>2020-02-21 15:12:57 +0900
committerTom Rini <trini@konsulko.com>2020-03-12 08:20:39 -0400
commita8fc3df8b96fb968e72d5f2f10d07322f81adc8a (patch)
treefd9769da27673421dd4768fbf1e99b16b6e1a11c /include/image.h
parentdd89f5b0fde7f23afffc69f92eedc7f7c5caef36 (diff)
include: image.h: add key info to image_sign_info
For FIT verification, all the properties of a public key come from "control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other hand, a public key is located and retrieved from dedicated signature database stored as UEFI variables. Added two fields may hold values of a public key if fdt_blob is NULL, and will be used in rsa_verify_with_pkey() to verify a signature in UEFI sub-system. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'include/image.h')
-rw-r--r--include/image.h7
1 files changed, 7 insertions, 0 deletions
diff --git a/include/image.h b/include/image.h
index 928d9d5069..a1eea94f7d 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1170,6 +1170,13 @@ struct image_sign_info {
int required_keynode; /* Node offset of key to use: -1=any */
const char *require_keys; /* Value for 'required' property */
const char *engine_id; /* Engine to use for signing */
+ /*
+ * Note: the following two fields are always valid even w/o
+ * RSA_VERIFY_WITH_PKEY in order to make sure this structure is
+ * the same on target and host. Otherwise, vboot test may fail.
+ */
+ const void *key; /* Pointer to public key in DER */
+ int keylen; /* Length of public key */
};
/* A part of an image, used for hashing */