[PATCH 00/15] TLV-Signature and keyrings

Sascha Hauer s.hauer at pengutronix.de
Fri Nov 7 00:59:02 PST 2025 

On Tue, 14 Oct 2025 13:02:51 +0200, Jonas Rebmann wrote:
> This series introduces everything needed for the use of signed TLVs in
> barebox. This allows for signed TLVs to be part of a secure boot chain,
> if CONFIG_TLV_SIGNATURE is enabled, keys are configured and the decoder
> is configured to require signature.
> 
> As TLV signature verification uses the public_keys list, propagated by
> keytoc.c with the public keys selected in CONFIG_CRYPTO_PUBLIC_KEYS, the
> keyring feature was introduced to allow separate keys for separate
> concerns.
> 
> [...]

Applied, thanks!

[01/15] common: clean up TLV code
        https://git.pengutronix.de/cgit/barebox/commit/?id=12fbe2420c57 (link may not be stable)
[02/15] crypto: Add support for keyrings
        https://git.pengutronix.de/cgit/barebox/commit/?id=9b6abf4928dc (link may not be stable)
[03/15] fit: only accept keys from "fit"-keyring
        https://git.pengutronix.de/cgit/barebox/commit/?id=35e1d658501d (link may not be stable)
[04/15] crypto: keytoc: Rename "hint" to "fit-hint" and do not use it in identifiers
        https://git.pengutronix.de/cgit/barebox/commit/?id=631598a78787 (link may not be stable)
[05/15] commands: keys: update output format to include keyring
        https://git.pengutronix.de/cgit/barebox/commit/?id=7a255f1bb20a (link may not be stable)
[06/15] commands: tlv: Error out on invalid TLVs
        https://git.pengutronix.de/cgit/barebox/commit/?id=8fc7e96dce0a (link may not be stable)
[07/15] scripts: bareboxtlv-generator: Implement signature
        https://git.pengutronix.de/cgit/barebox/commit/?id=bdc51ec7b77b (link may not be stable)
[08/15] scripts: bareboxtlv-generator: Increase max_size in example schema
        https://git.pengutronix.de/cgit/barebox/commit/?id=40dccf6965ad (link may not be stable)
[09/15] common: tlv: Add TLV-Signature support
        https://git.pengutronix.de/cgit/barebox/commit/?id=49deb31eb9f4 (link may not be stable)
[10/15] common: tlv: default decoder for signed TLV
        https://git.pengutronix.de/cgit/barebox/commit/?id=92801a8a3b85 (link may not be stable)
[11/15] crypto: Use "development" keys for "fit" and "tlv" keyring
        https://git.pengutronix.de/cgit/barebox/commit/?id=1006b066cf20 (link may not be stable)
[12/15] test: py: add signature to TLV integration tests
        https://git.pengutronix.de/cgit/barebox/commit/?id=50407b127bc1 (link may not be stable)
[13/15] ci: pytest: Add kconfig fragment for TLV signature integration tests
        https://git.pengutronix.de/cgit/barebox/commit/?id=54205e3cfa11 (link may not be stable)
[14/15] doc/barebox-tlv: Update documentation regarding TLV-Signature
        https://git.pengutronix.de/cgit/barebox/commit/?id=39a6cb84f837 (link may not be stable)
[15/15] Documentation: migration-2025.11.0: List changes to CONFIG_CRYPTO_PUBLIC_KEYS
        (no commit info)

Best regards,
-- 
Sascha Hauer <s.hauer at pengutronix.de>

More information about the barebox mailing list