From: Jonas Rebmann <jre@pengutronix.de>
To: Sascha Hauer <s.hauer@pengutronix.de>,
BAREBOX <barebox@lists.infradead.org>
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>,
Jonas Rebmann <jre@pengutronix.de>
Subject: [PATCH v3 12/17] crypto: Use "development" keys for "fit" and "tlv" keyring
Date: Thu, 06 Nov 2025 16:18:09 +0100 [thread overview]
Message-ID: <20251106-tlv-signature-v3-12-5d00ed378e75@pengutronix.de> (raw)
In-Reply-To: <20251106-tlv-signature-v3-0-5d00ed378e75@pengutronix.de>
All users of the CONFIG_CRYPTO_PUBLIC_KEYS feature should update to the
new syntax making keyring selection mandatory.
Instead of just making the addition of the builtin snakeoil keys
explicit for the "fit" key, also add them to the "tlv" key to use them
as a testing set for TLV keys too.
Signed-off-by: Jonas Rebmann <jre@pengutronix.de>
---
crypto/Makefile | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/crypto/Makefile b/crypto/Makefile
index 08b9a46e4c..cbc5f5235a 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -33,10 +33,12 @@ CONFIG_CRYPTO_PUBLIC_KEYS := $(foreach d,$(CONFIG_CRYPTO_PUBLIC_KEYS),"$(d)")
ifdef CONFIG_CRYPTO_BUILTIN_DEVELOPMENT_KEYS
ifdef CONFIG_CRYPTO_RSA
-CONFIG_CRYPTO_PUBLIC_KEYS += rsa-devel:$(srctree)/crypto/fit-4096-development.crt
+CONFIG_CRYPTO_PUBLIC_KEYS += keyring=fit,fit-hint=rsa-devel:$(srctree)/crypto/fit-4096-development.crt
+CONFIG_CRYPTO_PUBLIC_KEYS += keyring=tlv-generic:$(srctree)/crypto/fit-4096-development.crt
endif
ifdef CONFIG_CRYPTO_ECDSA
-CONFIG_CRYPTO_PUBLIC_KEYS += ecdsa-devel:$(srctree)/crypto/fit-ecdsa-development.crt
+CONFIG_CRYPTO_PUBLIC_KEYS += keyring=fit,fit-hint=ecdsa-devel:$(srctree)/crypto/fit-ecdsa-development.crt
+CONFIG_CRYPTO_PUBLIC_KEYS += keyring=tlv-generic:$(srctree)/crypto/fit-ecdsa-development.crt
endif
endif
--
2.51.2.535.g419c72cb8a
next prev parent reply other threads:[~2025-11-06 15:19 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-06 15:17 [PATCH v3 00/17] TLV-Signature and keyrings Jonas Rebmann
2025-11-06 15:17 ` [PATCH v3 01/17] lib: idr: avoid dangling else in idr_for_each_entry() Jonas Rebmann
2025-11-06 15:17 ` [PATCH v3 02/17] common: clean up TLV code Jonas Rebmann
2025-11-06 15:18 ` [PATCH v3 03/17] crypto: Add support for keyrings Jonas Rebmann
2025-11-06 15:18 ` [PATCH v3 04/17] fit: only accept keys from "fit"-keyring Jonas Rebmann
2025-11-06 15:18 ` [PATCH v3 05/17] crypto: keytoc: Rename "hint" to "fit-hint" and do not use it in identifiers Jonas Rebmann
2025-11-06 15:18 ` [PATCH v3 06/17] commands: keys: update output format to include keyring Jonas Rebmann
2025-11-06 15:18 ` [PATCH v3 07/17] commands: tlv: Error out on invalid TLVs Jonas Rebmann
2025-11-06 15:18 ` [PATCH v3 08/17] scripts: bareboxtlv-generator: Implement signature Jonas Rebmann
2025-11-06 15:18 ` [PATCH v3 09/17] scripts: bareboxtlv-generator: Increase max_size in example schema Jonas Rebmann
2025-11-06 15:18 ` [PATCH v3 10/17] common: tlv: Add TLV-Signature support Jonas Rebmann
2025-11-06 15:18 ` [PATCH v3 11/17] common: tlv: default decoder for signed TLV Jonas Rebmann
2025-11-06 15:18 ` Jonas Rebmann [this message]
2025-11-06 15:18 ` [PATCH v3 13/17] test: py: add signature to TLV integration tests Jonas Rebmann
2025-11-06 15:18 ` [PATCH v3 14/17] ci: pytest: Add kconfig fragment for TLV signature " Jonas Rebmann
2025-11-06 15:18 ` [PATCH v3 15/17] crypto: concatenate fit development certificate with private key Jonas Rebmann
2025-11-06 15:18 ` [PATCH v3 16/17] doc/barebox-tlv: Update documentation regarding TLV-Signature Jonas Rebmann
2025-11-06 15:18 ` [PATCH v3 17/17] Documentation: migration-2025.12.0: List changes to CONFIG_CRYPTO_PUBLIC_KEYS Jonas Rebmann
2025-11-07 8:59 ` [PATCH v3 00/17] TLV-Signature and keyrings Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251106-tlv-signature-v3-12-5d00ed378e75@pengutronix.de \
--to=jre@pengutronix.de \
--cc=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=s.hauer@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox