[RFC] Keystore design

Jean-Christophe PLAGNIOL-VILLARD plagnioj at jcrosoft.com
Wed Mar 18 02:59:30 PDT 2015


	I'm curently looking the implementation for the PKI keystore

	I was thinking to simply do a FS

	The idea is this one

	we will use envfs as storing format.


	 - Multiple RO env
	 - one RW env
	 - as less as possible API to add a key

	1) Builtin

	 We will allow to have multiple keystore for boards
	 we need to be hanble to drop a keystore if not valid for this board
	 we need to be able to have global keystore

	2) SoC Keytore
	 - RO

	3) RW

	 a key will be store in the keystore on if valid (signed by a master
	 key or CA)

	We will use the fs api

	to put a key a simple cp will be enough

Best Regards,

More information about the barebox mailing list