From: Jonas Rebmann <jre@pengutronix.de>
To: Sascha Hauer <s.hauer@pengutronix.de>,
BAREBOX <barebox@lists.infradead.org>
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>,
Jonas Rebmann <jre@pengutronix.de>
Subject: [PATCH v2 12/17] crypto: Use "development" keys for "fit" and "tlv" keyring
Date: Tue, 28 Oct 2025 19:03:17 +0100 [thread overview]
Message-ID: <20251028-tlv-signature-v2-12-3bafce636ad7@pengutronix.de> (raw)
In-Reply-To: <20251028-tlv-signature-v2-0-3bafce636ad7@pengutronix.de>
All users of the CONFIG_CRYPTO_PUBLIC_KEYS feature should update to the
new syntax making keyring selection mandatory.
Instead of just making the addition of the builtin snakeoil keys
explicit for the "fit" key, also add them to the "tlv" key to use them
as a testing set for TLV keys too.
Signed-off-by: Jonas Rebmann <jre@pengutronix.de>
---
crypto/Makefile | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/crypto/Makefile b/crypto/Makefile
index 08b9a46e4c..cbc5f5235a 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -33,10 +33,12 @@ CONFIG_CRYPTO_PUBLIC_KEYS := $(foreach d,$(CONFIG_CRYPTO_PUBLIC_KEYS),"$(d)")
ifdef CONFIG_CRYPTO_BUILTIN_DEVELOPMENT_KEYS
ifdef CONFIG_CRYPTO_RSA
-CONFIG_CRYPTO_PUBLIC_KEYS += rsa-devel:$(srctree)/crypto/fit-4096-development.crt
+CONFIG_CRYPTO_PUBLIC_KEYS += keyring=fit,fit-hint=rsa-devel:$(srctree)/crypto/fit-4096-development.crt
+CONFIG_CRYPTO_PUBLIC_KEYS += keyring=tlv-generic:$(srctree)/crypto/fit-4096-development.crt
endif
ifdef CONFIG_CRYPTO_ECDSA
-CONFIG_CRYPTO_PUBLIC_KEYS += ecdsa-devel:$(srctree)/crypto/fit-ecdsa-development.crt
+CONFIG_CRYPTO_PUBLIC_KEYS += keyring=fit,fit-hint=ecdsa-devel:$(srctree)/crypto/fit-ecdsa-development.crt
+CONFIG_CRYPTO_PUBLIC_KEYS += keyring=tlv-generic:$(srctree)/crypto/fit-ecdsa-development.crt
endif
endif
--
2.51.2.535.g419c72cb8a
next prev parent reply other threads:[~2025-10-28 18:04 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-28 18:03 [PATCH v2 00/17] TLV-Signature and keyrings Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 01/17] lib: idr: avoid dangling else in idr_for_each_entry() Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 02/17] common: clean up TLV code Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 03/17] crypto: Add support for keyrings Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 04/17] fit: only accept keys from "fit"-keyring Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 05/17] crypto: keytoc: Rename "hint" to "fit-hint" and do not use it in identifiers Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 06/17] commands: keys: update output format to include keyring Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 07/17] commands: tlv: Error out on invalid TLVs Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 08/17] scripts: bareboxtlv-generator: Implement signature Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 09/17] scripts: bareboxtlv-generator: Increase max_size in example schema Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 10/17] common: tlv: Add TLV-Signature support Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 11/17] common: tlv: default decoder for signed TLV Jonas Rebmann
2025-10-28 18:03 ` Jonas Rebmann [this message]
2025-10-28 18:03 ` [PATCH v2 13/17] test: py: add signature to TLV integration tests Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 14/17] ci: pytest: Add kconfig fragment for TLV signature " Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 15/17] crypto: concatenate fit development certificate with private key Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 16/17] doc/barebox-tlv: Update documentation regarding TLV-Signature Jonas Rebmann
2025-10-28 18:03 ` [PATCH v2 17/17] Documentation: migration-2025.11.0: List changes to CONFIG_CRYPTO_PUBLIC_KEYS Jonas Rebmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251028-tlv-signature-v2-12-3bafce636ad7@pengutronix.de \
--to=jre@pengutronix.de \
--cc=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=s.hauer@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox