u-boot

Mirrors/u-boot

Fork 0

mirror of https://github.com/AsahiLinux/u-boot synced 2024-11-08 22:24:32 +00:00

Commit graph

Author	SHA1	Message	Date
Ilias Apalodimas	ddf67daac3	efi_capsule: Move signature from DTB to .rodata The capsule signature is now part of our DTB. This is problematic when a user is allowed to change/fixup that DTB from U-Boots command line since he can overwrite the signature as well. So Instead of adding the key on the DTB, embed it in the u-boot binary it self as part of it's .rodata. This assumes that the U-Boot binary we load is authenticated by a previous boot stage loader. Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Tested-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Tested-by: Sughosh Ganu <sughosh.ganu@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>	2021-07-18 14:43:56 +02:00

Author

SHA1

Message

Date

Ilias Apalodimas

ddf67daac3

efi_capsule: Move signature from DTB to .rodata

The capsule signature is now part of our DTB.  This is problematic when a
user is allowed to change/fixup that DTB from U-Boots command line since he
can overwrite the signature as well.
So Instead of adding the key on the DTB, embed it in the u-boot binary it
self as part of it's .rodata.  This assumes that the U-Boot binary we load
is authenticated by a previous boot stage loader.

Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Tested-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Tested-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

2021-07-18 14:43:56 +02:00

1 commit