[Skiboot] [PATCH 0/3] Add crypto support via mbed TLS

Eric Richter erichte at linux.ibm.com
Fri Jul 19 07:29:46 AEST 2019


This patch set is intended to accompany the pull request: "Add Full Mbed
TLS Library". This series contains the reviewable subset of patches, and
the full set can be found here:

https://github.com/erichte-ibm/skiboot/tree/erichte/mbedtls-integration-v1

In order to support secure variables in skiboot, updates need some form
of cryptographic signature that can be verified on skiboot init. While
some files from mbed TLS have already been included as part of skiboot
(sha512), the implementations of x509/asn.1/rsa have inter-library
dependencies. Therefore, we determined integrating the entire library
was safer, and also easier to sync with upstream.

Included is a mbed TLS-based pkcs7 implementation, which is a dependency
for the edk2-compatible authentication scheme proposed in the series
"Add Secure Variables Support".

Eric Richter (1):
  crypto: add mbedtls build integration

Nayna Jain (2):
  crypto: add pkcs7 parser
  crypto: define RSA signature verification function

 Makefile.main                       |   1 +
 libstb/Makefile.inc                 |   6 +-
 libstb/crypto/Makefile.inc          |  24 ++
 libstb/crypto/include/pkcs7.h       |  87 +++++++
 libstb/crypto/include/verify_sig.h  |  34 +++
 libstb/crypto/mbedtls-config.h      |  98 ++++++++
 libstb/crypto/mbedtls/OP_README.txt |   5 +
 libstb/crypto/pkcs7/Makefile.inc    |  11 +
 libstb/crypto/pkcs7/pkcs7.c         | 373 ++++++++++++++++++++++++++++
 libstb/crypto/pkcs7/verify_sig.c    |  65 +++++
 10 files changed, 703 insertions(+), 1 deletion(-)
 create mode 100644 libstb/crypto/Makefile.inc
 create mode 100644 libstb/crypto/include/pkcs7.h
 create mode 100644 libstb/crypto/include/verify_sig.h
 create mode 100644 libstb/crypto/mbedtls-config.h
 create mode 100644 libstb/crypto/mbedtls/OP_README.txt
 create mode 100644 libstb/crypto/pkcs7/Makefile.inc
 create mode 100644 libstb/crypto/pkcs7/pkcs7.c
 create mode 100644 libstb/crypto/pkcs7/verify_sig.c

-- 
2.20.1



More information about the Skiboot mailing list