[PATCH v2 4/4] boards: qemu-virt: support passing in FIT public key

Ahmad Fatoum a.fatoum at pengutronix.de
Thu Mar 9 04:47:53 PST 2023


On 17.02.23 14:03, Ahmad Fatoum wrote:
> The intention of this patch series is to provide the exact same mechanism,
> we already use in non-emulated platforms somehow for QEMU as well.

Ping.

> 
> I agree that in the future, we may want to generally restructure how we
> do this:
> 
> Instead of decompiling mkimage output and including it into a device tree,
> let's have /env/signatures/, where the user can place any number of DTBs.
> 
> All DTB within the directory would have their keys then "installed".
> 
> I'll keep this in mind for when I do some secure-boot related thing the
> next time.
> 
> Cheers,
> Ahmad
> 
>>
>>
>> diff --git a/crypto/rsa.c b/crypto/rsa.c
>> index fc21efdb6d..6939513db9 100644
>> --- a/crypto/rsa.c
>> +++ b/crypto/rsa.c
>> @@ -491,16 +491,13 @@ static struct rsa_public_key *rsa_key_dup(const struct rsa_public_key *key)
>>  extern const struct rsa_public_key * const __rsa_keys_start;
>>  extern const struct rsa_public_key * const __rsa_keys_end;
>>  
>> -static void rsa_init_keys_of(void)
>> +static void rsa_init_keys_of(struct device_node *root)
>>  {
>>  	struct device_node *sigs, *sig;
>>  	struct rsa_public_key *key;
>>  	int ret;
>>  
>> -	if (!IS_ENABLED(CONFIG_OFTREE))
>> -		return;
>> -
>> -	sigs = of_find_node_by_path("/signature");
>> +	sigs = of_find_node_by_path_from(root, "/signature");
>>  	if (!sigs)
>>  		return;
>>  
>> @@ -519,6 +516,26 @@ static void rsa_init_keys_of(void)
>>  	}
>>  }
>>  
>> +extern char __dtb_fitimage_pubkey_start[];
>> +
>> +static void rsa_of_init_keys(void)
>> +{
>> +	struct device_node *root;
>> +
>> +	if (!IS_ENABLED(CONFIG_OFTREE))
>> +		return;
>> +
>> +	root = of_get_root_node();
>> +	if (root)
>> +		rsa_init_keys_of(root);
>> +
>> +#ifdef CONFIG_BOOTM_FITIMAGE_PUBKEY
>> +	root = of_unflatten_dtb(__dtb_fitimage_pubkey_start, INT_MAX);
>> +	if (root)
>> +		rsa_init_keys_of(root);
>> +#endif
>> +}
>> +
>>  static int rsa_init_keys(void)
>>  {
>>  	const struct rsa_public_key * const *iter;
>> @@ -533,7 +550,7 @@ static int rsa_init_keys(void)
>>  			       key->key_name_hint, strerror(-ret));
>>  	}
>>  
>> -	rsa_init_keys_of();
>> +	rsa_of_init_keys();
>>  
>>  	return 0;
>>  }
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |




More information about the barebox mailing list