[Skiboot] [PATCH 0/3] Add crypto support via mbed TLS
Eric Richter
erichte at linux.ibm.com
Fri Jul 19 07:29:46 AEST 2019
This patch set is intended to accompany the pull request: "Add Full Mbed
TLS Library". This series contains the reviewable subset of patches, and
the full set can be found here:
https://github.com/erichte-ibm/skiboot/tree/erichte/mbedtls-integration-v1
In order to support secure variables in skiboot, updates need some form
of cryptographic signature that can be verified on skiboot init. While
some files from mbed TLS have already been included as part of skiboot
(sha512), the implementations of x509/asn.1/rsa have inter-library
dependencies. Therefore, we determined integrating the entire library
was safer, and also easier to sync with upstream.
Included is a mbed TLS-based pkcs7 implementation, which is a dependency
for the edk2-compatible authentication scheme proposed in the series
"Add Secure Variables Support".
Eric Richter (1):
crypto: add mbedtls build integration
Nayna Jain (2):
crypto: add pkcs7 parser
crypto: define RSA signature verification function
Makefile.main | 1 +
libstb/Makefile.inc | 6 +-
libstb/crypto/Makefile.inc | 24 ++
libstb/crypto/include/pkcs7.h | 87 +++++++
libstb/crypto/include/verify_sig.h | 34 +++
libstb/crypto/mbedtls-config.h | 98 ++++++++
libstb/crypto/mbedtls/OP_README.txt | 5 +
libstb/crypto/pkcs7/Makefile.inc | 11 +
libstb/crypto/pkcs7/pkcs7.c | 373 ++++++++++++++++++++++++++++
libstb/crypto/pkcs7/verify_sig.c | 65 +++++
10 files changed, 703 insertions(+), 1 deletion(-)
create mode 100644 libstb/crypto/Makefile.inc
create mode 100644 libstb/crypto/include/pkcs7.h
create mode 100644 libstb/crypto/include/verify_sig.h
create mode 100644 libstb/crypto/mbedtls-config.h
create mode 100644 libstb/crypto/mbedtls/OP_README.txt
create mode 100644 libstb/crypto/pkcs7/Makefile.inc
create mode 100644 libstb/crypto/pkcs7/pkcs7.c
create mode 100644 libstb/crypto/pkcs7/verify_sig.c
--
2.20.1
More information about the Skiboot
mailing list