[RFC 2/4] Add rsa support

Jan Lübbe jlu at pengutronix.de
Mon Mar 16 03:00:22 PDT 2015


On Fr, 2015-03-13 at 16:49 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> you just need to have a unique ID on the HW and then use a x509 object
> to store it. then signed it with you CA. As only validated keys can be
> used, you can easly give a generated key for a specific HW.
> And this key will be valid only for this HW.

Yes, this sounds useful. So you'd have a board-specific way to check the
unique ID constraint in an intermediate cert against the HW ID?

Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

More information about the barebox mailing list