[PATCH v3 00/17] TLV-Signature and keyrings

Sascha Hauer s.hauer at pengutronix.de
Fri Nov 7 00:59:02 PST 2025 

On Thu, 06 Nov 2025 16:17:57 +0100, Jonas Rebmann wrote:
> This series introduces everything needed for the use of signed TLVs in
> barebox. This allows for signed TLVs to be part of a secure boot chain,
> if CONFIG_TLV_SIGNATURE is enabled, keys are configured and the decoder
> is configured to require signature.
> 
> As TLV signature verification uses the public_keys list, propagated by
> keytoc.c with the public keys selected in CONFIG_CRYPTO_PUBLIC_KEYS, the
> keyring feature was introduced to allow separate keys for separate
> concerns.
> 
> [...]

Applied, thanks!

[01/17] lib: idr: avoid dangling else in idr_for_each_entry()
        https://git.pengutronix.de/cgit/barebox/commit/?id=558f95a99d30 (link may not be stable)
[02/17] common: clean up TLV code
        https://git.pengutronix.de/cgit/barebox/commit/?id=12fbe2420c57 (link may not be stable)
[03/17] crypto: Add support for keyrings
        https://git.pengutronix.de/cgit/barebox/commit/?id=9b6abf4928dc (link may not be stable)
[04/17] fit: only accept keys from "fit"-keyring
        https://git.pengutronix.de/cgit/barebox/commit/?id=35e1d658501d (link may not be stable)
[05/17] crypto: keytoc: Rename "hint" to "fit-hint" and do not use it in identifiers
        https://git.pengutronix.de/cgit/barebox/commit/?id=631598a78787 (link may not be stable)
[06/17] commands: keys: update output format to include keyring
        https://git.pengutronix.de/cgit/barebox/commit/?id=7a255f1bb20a (link may not be stable)
[07/17] commands: tlv: Error out on invalid TLVs
        https://git.pengutronix.de/cgit/barebox/commit/?id=8fc7e96dce0a (link may not be stable)
[08/17] scripts: bareboxtlv-generator: Implement signature
        https://git.pengutronix.de/cgit/barebox/commit/?id=bdc51ec7b77b (link may not be stable)
[09/17] scripts: bareboxtlv-generator: Increase max_size in example schema
        https://git.pengutronix.de/cgit/barebox/commit/?id=40dccf6965ad (link may not be stable)
[10/17] common: tlv: Add TLV-Signature support
        https://git.pengutronix.de/cgit/barebox/commit/?id=49deb31eb9f4 (link may not be stable)
[11/17] common: tlv: default decoder for signed TLV
        https://git.pengutronix.de/cgit/barebox/commit/?id=92801a8a3b85 (link may not be stable)
[12/17] crypto: Use "development" keys for "fit" and "tlv" keyring
        https://git.pengutronix.de/cgit/barebox/commit/?id=1006b066cf20 (link may not be stable)
[13/17] test: py: add signature to TLV integration tests
        https://git.pengutronix.de/cgit/barebox/commit/?id=50407b127bc1 (link may not be stable)
[14/17] ci: pytest: Add kconfig fragment for TLV signature integration tests
        https://git.pengutronix.de/cgit/barebox/commit/?id=54205e3cfa11 (link may not be stable)
[15/17] crypto: concatenate fit development certificate with private key
        https://git.pengutronix.de/cgit/barebox/commit/?id=a3078241ffb4 (link may not be stable)
[16/17] doc/barebox-tlv: Update documentation regarding TLV-Signature
        https://git.pengutronix.de/cgit/barebox/commit/?id=39a6cb84f837 (link may not be stable)
[17/17] Documentation: migration-2025.12.0: List changes to CONFIG_CRYPTO_PUBLIC_KEYS
        https://git.pengutronix.de/cgit/barebox/commit/?id=e48163fc4647 (link may not be stable)

Best regards,
-- 
Sascha Hauer <s.hauer at pengutronix.de>

More information about the barebox mailing list