You've already forked slimbootloader
mirror of
https://github.com/Dasharo/slimbootloader.git
synced 2026-03-06 15:26:20 -08:00
Maurice Ma
df15627dd7
Current SBL hash store has many limitations: - Only support fixed hash size - Only support 1:1 public key and usage mapping - Only support build time key enrollment This patch addressed this issue by introducing: - Add a updatable KEYH component to hold extra key hash - Allow append new hash entries from KEYH - Use variable length entry for hash - Introduce "Usage" bit mask for a key usage This will allow using a single key to sign multiple components, or using multiple keys to sign a single component. The built-in hash store will only contain hash for STAGE1B, STAGE2, PAYLOAD, PAYLOAD_FWU and MASTER public key hash. Master key hash will be used to verify the KEYH component loaded at runtime in Stage1B. Once KEYH is loaded, it will be appended into global hash store. The combined hash store will be used to verify other components on the boot flow. Signed-off-by: Maurice Ma <maurice.ma@intel.com>