From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: Jonas Rebmann <jre@pengutronix.de>,
Sascha Hauer <s.hauer@pengutronix.de>,
BAREBOX <barebox@lists.infradead.org>
Subject: Re: [PATCH 12/15] test: py: add signature to TLV integration tests
Date: Wed, 22 Oct 2025 12:04:44 +0200 [thread overview]
Message-ID: <703f28ed-2d8a-4784-a850-ae577119f56e@pengutronix.de> (raw)
In-Reply-To: <20251014-tlv-signature-v1-12-7a8aaf95081c@pengutronix.de>
Hi,
On 10/14/25 1:03 PM, Jonas Rebmann wrote:
> Add TLV signature to TLV integration tests:
> - Signed TLV using development RSA key
> - Modify payload and fix CRC for a "tampered" tlv
> - Include both cases in generator and tlv-command tests.
>
> Use the keys selected by CRYPTO_BUILTIN_DEVELOPMENT_KEYS for all TLV
> testing. Consequentially add the matching private keys from the public
> repository at [1].
>
> [1]: https://git.pengutronix.de/cgit/ptx-code-signing-dev/
>
> Signed-off-by: Jonas Rebmann <jre@pengutronix.de>
> ---
> crypto/fit-4096-development.key | 51 ++++++++++
> crypto/fit-ecdsa-development.key | 5 +
Move this into test/?
> test/py/test_tlv.py | 205 +++++++++++++++++++++++++++++++--------
> 3 files changed, 219 insertions(+), 42 deletions(-)
>
> diff --git a/crypto/fit-4096-development.key b/crypto/fit-4096-development.key
> new file mode 100644
> index 0000000000..526cdfc2b5
> --- /dev/null
> +++ b/crypto/fit-4096-development.key
> @@ -0,0 +1,51 @@
> +-----BEGIN RSA PRIVATE KEY-----
> +MIIJKgIBAAKCAgEAyZHkijUfqoAvEELaxSLnjyqhTprEilnf7JqvSCMDUUXv2dEl
> +k1r4RwiBowJp/4W3sOx4gASEHM2xlDWyPYZUR/1btZeVJvOIRPWfw8JoLT3tbbST
> +OIw04Bk6MUh3LbgBtxbbKGGkFewq3Ob1XQOWcY3ZAzfLFuooPWJQ6X+IiczkrA0r
> +GnwpuhHlb8tOdQZRjDevIVVvEkRjRiqrAw5pKTy/Mt/SJJ/yC7qJptIQskQ42y3R
> +qHeCVmP6ZF6VV1scNmHr8+kRD19DhCos6DLWq2pCFPwnSmgM4T0FWcJsMiNta+rt
> +Rq+kG7RjOOYbbqvuk3vkMrQTRQeAYfdnuOGimGQYxiVh9quOMVG6NJ2hylTa0S/E
> +PKQUQvK9A8bnDul522XPmMVHOtLXVGtwKx9xQUx/2D7aoqlmVJSGQeAMNi0NEFhq
> +buGdXuJ/2cKwtobClkz0WbbMlI4UBM7V4qP3JSkxiojRKhtNHtdE3KtF3ronRJaU
> ++yDggNobWLiJ4TtQ0OAC1REEJGq7s9k8ASi+6s+VX7yVtlGWMIjbBGAl8lqgXXsA
> +prRrmtofaQgEPVvcSAIbuch/JqpHhs8vHBiWb/KZdOe/vMiYQE/d9/KY8rybZa3D
> +hKvzN7X59ymOYLILHB73Xxi5bQA61DaeYE4KnPiJaEDrUccrlFjMBIwGrosCAwEA
> +AQKCAgEApVkIIFdzommEMdKloxD+4nIV4GUU1GjlRzGcl5AhKIo2NndaW4ZEJADW
> +VuGkEfeet4NDVcBen0IcaXeivtVyTZuHn2646zrajbbvV6Yhzvr9yQBXxAs/VJVd
> +JxBKszY+MfKN1JJEB7ezcYIDxEktH/k8C2e5MRLj73a26NO1LVTmQDyNHyy7Deeg
> +ThR4R4bnXh5PiwiKFHIE/YoCvn8TxMAQF6uCtoh+BSD/ydiH2bQc766mTYu7XyKk
> +Q7FS0FXszq+E3pBRbkq3F7OBIviRIAwKKSyvDlpMNnfX68mQ95AYMm6ENXffJtrS
> +ido4ppBjJJh8mRses4FzzukkLITq2qBoZQn+3XfR12+YbWKbCFIAXSu1b4tJetLC
> +wYUp6EuGKCS2XK8OJXbY4M2D1t7bCVlRpptZBBiD7romkLYQ+jRwPbWhjUY6Ktw3
> +ceUf9XJtNVKjHMp7n6C3gdxe2ivK02RYscT3brRq7TUjSzGjH1z/HUQSwr31+tXD
> +dw2fkb2qQn2KUB5hjKcqU/Dxrqjorvf+kjGwXTtAD01Y4r8xRD3HK31zKAgrheN6
> +15shoKRM4imKCD+fTBQjBBVZpTT8xNbo1m+y0joFEeDW0U5Lc3A/DhyTUsfHj4Im
> +H02Cg4wiXXGyJ57fSyyNFKaa0EuLSdOl0zT1bXiy2TxiyTrsgAECggEBAPz+DcTO
> +OvWtU/f+SyAfP86xd3bSnQzBXtoK2iI49uGAAkIXLU881V5sFz41UWJ6g1G0PjKy
> +FWjxTCJytgso9TkISC42TOTE9VUqL4Y4KHhY93nnMAzKNLJC04onqmimDjn1I5Di
> +DD3k3yCYPQEPInz84tdZyB+mRSncdsOL0Mpzhl5fjgGy+pi78K3/B4PUepR3n+Wl
> +4JqKP4SeIL189+ChnSrgVsLzdvpOWJ2cu8DO9qGfz7F0ufJlehUILWPfhYlWUZ/c
> +AUja5QWJEuSQHsKcOJSD4fpjuBWy3ASKlDy7BQSSoASibsl8FfQ/WmQBd3H8Y5/U
> +20psjFuOa/02TusCggEBAMv3V4ccYieiUNkzi6WyyzlR9sULtAG4Cvi1HRw+o6mV
> +VeNFNo8hw+g8f26URvuB06xXyuZepk+oMtEPiFfGYFFg4s22QJRGzqBfC5+8//Mf
> +rcIsU88S75JCZjPDSxOFgzSDAG1gPfX4i8BZHgqaT749TewbeLc0ehvVrcLnXMwB
> +3JpDNmiuNzA2pJAWbLezKazhW6XbpkTtHDqZTswDK+3AFBm7j/cqqeXojd93EbrV
> +0ggyiNMx/O42DHVwZ+51HdJ+C7KDHR0wzgFMu24zyoymzZOaiKjm2rQi/B4mJ9Er
> +oCaCfhVGo/Kq7Y5V7G+x4gag8oVQNCJh/lERrvgBduECggEAT5tpnbn/F3tY5rof
> +zZXHsDRrkPoo7PCT9ixgA1DFbqOnEkDUwxAzW6jLj4mbeE9wru72e2FKF2GGQXiz
> +C8PxleajP9daTsojII9LsQJOyb/E75jtp7ig6E7a3agpmRBXfalDbb2TeI5iH5GH
> +8KNgiM/SWU0pCbx6GvgCbvm501qSt3N97c7xx8mrrDSJmtPrVnhl2g9eI4LJBeP0
> +DWwbW5W/LNS2uFV/5Ldubvn4omz9clIlOoOuVzXTOnb+QWT+Uf7VZGYICXLHifxd
> +84neBALAUwtEulNSg5FqZgttJcb7hzrUG2E5VzEyf07IFJvZiAaRGqQR9NM/PzgL
> +hvvlzQKCAQEAi/wmy2kUiKUjHd79oexzA9UYKyacFW3twcHzx7XJ95Kxjriq+FMx
> +NIuI3ijQCr+QukDK1Y7yT8tdjRQ+/Bb/dfqrzomeCuYJ3BE/VhOOCpucUp6/qmgR
> +mm0N3crUFQLWCM08FtUt0UoTCCFht98uiZ9jgn9cO0i94aqmhhTqIG3KrOkiR3gC
> +Eon+KZHqba1+FdPZZZy5oaamcCVV6jjnBlaEtSCAbx+N2WfhLxR2S6eCbfPY6jHt
> +qMPZiyRpgERLAnNVrd/EtIsRZ9z06m6LPjsg7oPp9Rnz0hwMsth3DV0GnkeDJzED
> +RoI/ZifcjNAmE2yU5iAkl9Bvjc44Kqg+oQKCAQEAvSi4W2kVUoIwlmBHGLge/Rng
> +YyScmAoG4Cavy0Ie6AHPtHayHFdI/rAyiVFnKU5Xuj4qgB54dLa94bQrIu451wls
> +3Jyy/J8WkcW9r/dZFMN6gMoZ0u+xt6KdYe2tQnyW/CG4svDyfckcW2VHdh2A3vqH
> +xlGNmo/HaOeovxWNQkQGQeuXnIcrUvwaFTmGIxLdEO5TAQzLeWSrXldMtVBUAMaJ
> +LClOqNIGRxMRYhZOPVnkedEQmJqgxvcrn8F/91mXQHVnQBOvsgyQDgtS3V0EIAOD
> +rWePjgB8twJknHuab8qH/1z3cQ5QRxQ6lffcIoWgXS59QBBT+jIqMT2oKyGkPw==
> +-----END RSA PRIVATE KEY-----
> diff --git a/crypto/fit-ecdsa-development.key b/crypto/fit-ecdsa-development.key
> new file mode 100644
> index 0000000000..2b13c877a3
> --- /dev/null
> +++ b/crypto/fit-ecdsa-development.key
> @@ -0,0 +1,5 @@
> +-----BEGIN EC PRIVATE KEY-----
> +MHcCAQEEIEsUW5DEOhD1CYHCnPfDULwbRQO9Yjt2/xM5SoY2GUQtoAoGCCqGSM49
> +AwEHoUQDQgAEowCa2OYfPdGRr1JpSYONOA3N2jwJjGbPbfG6uBzKg1VqOOk0a/Vf
> +BfEbQev6X96HCd6zvvC2tjBgvICW8UB0TQ==
> +-----END EC PRIVATE KEY-----
> diff --git a/test/py/test_tlv.py b/test/py/test_tlv.py
> index 79f9f9d01b..1200281dbc 100644
> --- a/test/py/test_tlv.py
> +++ b/test/py/test_tlv.py
> @@ -1,6 +1,7 @@
> import os
> import re
> import subprocess
> +import struct
> from pathlib import Path
> from .helper import skip_disabled
>
> @@ -8,71 +9,191 @@ import pytest
>
>
> class _TLV_Testdata:
> - def generator(self, args, check=True):
> + def generator(self, args, expect_failure=False, input=None):
> cmd = [os.sys.executable, str(self.generator_py)] + args
> - res = subprocess.run(cmd, text=True)
> + res = subprocess.run(cmd, text=True, input=input, encoding="utf-8", capture_output=True)
> if res.returncode == 127:
> pytest.skip("test skipped due to missing host dependencies")
> -
> - if check and res.returncode != 0:
> - raise RuntimeError(f"generator failed ({res.returncode}): {res.stdout}\n{res.stderr}")
> + if res.returncode == 0 and expect_failure:
> + raise RuntimeError(
> + f"`{' '.join(cmd)}` succeded unexpectedly:\n{res.stderr}\n{res.stdout}"
> + )
> + elif res.returncode != 0 and not expect_failure:
> + raise RuntimeError(
> + f"`{' '.join(cmd)}` failed unexpectedly with {res.returncode}:\n{res.stderr}\n{res.stdout}"
> + )
> return res
>
> + def overwrite_magic(self, new_magic):
> + with open(self.schema, "r", encoding="utf-8") as f:
> + patched_schema = "".join(
> + re.sub(r"^magic:\s*0x[a-fA-F0-9]{8}\s*$", f"magic: {new_magic}\n", line)
> + for line in f
> + )
> + return patched_schema
> +
> + def tlv_gen(self, outfile, magic=None, sign=None):
> + param = ["--input-data", str(self.data)]
> + if sign:
> + param += ["--sign", str(sign)]
> + if magic:
> + param += ["/dev/stdin"]
> + else:
> + param += [str(self.schema)]
> + param += [str(outfile)]
> + ret = self.generator(param, input=self.overwrite_magic(magic) if magic else None)
> + assert outfile.exists(), f"TLV {outfile} not created from {' '.join(param)}"
> + return ret
> +
> + def tlv_read(self, binfile, magic=None, verify=None, expect_failure=False):
> + param = ["--output-data", "/dev/null"]
> + if verify:
> + param += ["--verify", str(verify)]
> + if magic:
> + param += ["/dev/stdin"]
> + else:
> + param += [str(self.schema)]
> + param += [str(binfile)]
> + ret = self.generator(
> + param,
> + input=self.overwrite_magic(magic) if magic else None,
> + expect_failure=expect_failure,
> + )
> + return ret
> +
> + def corrupt(self, fnin, fnout, fix_crc=False):
> + try:
> + from crcmod.predefined import mkPredefinedCrcFun
> + except ModuleNotFoundError:
> + pytest.skip("test skipped due to missing dependency python-crcmod")
> + return
> +
> + _crc32_mpeg = mkPredefinedCrcFun("crc-32-mpeg")
> +
> + with open(fnin, "r+b") as f:
> + data = bytearray(f.read())
> + data[0x20] ^= 1
> + if fix_crc:
> + crc_raw = _crc32_mpeg(data[:-4])
> + crc = struct.pack(">I", crc_raw)
> + data[-4:] = crc
> + with open(fnout, "wb") as f:
> + f.write(data)
> +
> def __init__(self, testfs):
> self.dir = Path(testfs)
> self.scripts_dir = Path("scripts/bareboxtlv-generator")
> self.data = self.scripts_dir / "data-example.yaml"
> self.schema = self.scripts_dir / "schema-example.yaml"
> self.generator_py = self.scripts_dir / "bareboxtlv-generator.py"
> - self.unsigned_bin = self.dir / 'unsigned.tlv'
> - self.corrupted_bin = self.dir / 'unsigned_corrupted.tlv'
> + self.privkey_rsa = Path("crypto/fit-4096-development.key")
> + self.pubkey_rsa = Path("crypto/fit-4096-development.crt")
> + self.privkey_ecdsa = Path("crypto/fit-ecdsa-development.key")
> + self.pubkey_ecdsa = Path("crypto/fit-ecdsa-development.crt")
> + self.unsigned_bin = self.dir / "unsigned.tlv"
> + self.corrupted_bin = self.dir / "unsigned_corrupted.tlv"
> + self.signed_bin = self.dir / "signed.tlv"
> + self.ecdsa_signed_bin = self.dir / "ecdsa-signed.tlv"
> + self.tampered_bin = self.dir / "signed-tampered.tlv"
> + self.tampered_ecdsa_bin = self.dir / "ecdsa-signed-tampered.tlv"
> +
>
> @pytest.fixture(scope="module")
> def tlv_testdata(testfs):
> t = _TLV_Testdata(testfs)
> - t.generator(["--input-data", str(t.data), str(t.schema), str(t.unsigned_bin)])
> - assert t.unsigned_bin.exists(), "unsigned TLV not created"
>
> - with open(t.unsigned_bin, 'r+b') as f:
> - data = bytearray(f.read())
> - data[0x20] ^= 1
> - with open(t.corrupted_bin, "wb") as f:
> - f.write(data)
> + t.tlv_gen(t.unsigned_bin)
> + t.tlv_gen(t.signed_bin, sign=t.privkey_rsa, magic="0x61bb95f3")
> + t.tlv_gen(t.ecdsa_signed_bin, sign=t.privkey_ecdsa, magic="0x61bb95f3")
> +
> + t.corrupt(t.unsigned_bin, t.corrupted_bin)
> + t.corrupt(t.signed_bin, t.tampered_bin, fix_crc=True)
> + t.corrupt(t.ecdsa_signed_bin, t.tampered_ecdsa_bin, fix_crc=True)
>
> return t
>
> +
> def test_tlv_generator(tlv_testdata):
> t = tlv_testdata
> - out_yaml = t.dir / 'out.yaml'
> + out_yaml = t.dir / "out.yaml"
>
> + t.tlv_read(t.unsigned_bin)
> + t.tlv_read(t.signed_bin, verify=t.pubkey_rsa, magic="0x61bb95f3")
> + t.tlv_read(t.ecdsa_signed_bin, verify=t.pubkey_ecdsa, magic="0x61bb95f3")
>
> - good = t.generator(["--output-data", str(out_yaml), str(t.schema), str(t.unsigned_bin)], check=False)
> - assert good.returncode == 0, f"valid unsigned TLV failed to decode: {good.stderr}\n{good.stdout}"
> + t.tlv_read(t.corrupted_bin, expect_failure=True)
> + t.tlv_read(t.tampered_bin, verify=t.pubkey_rsa, magic="0x61bb95f3", expect_failure=True)
> + t.tlv_read(t.tampered_ecdsa_bin, verify=t.pubkey_ecdsa, magic="0x61bb95f3", expect_failure=True)
>
> - bad = t.generator(["--output-data", str(t.dir / 'bad.yaml'), str(t.schema), str(t.corrupted_bin)], check=False)
> - assert bad.returncode != 0, "unsigned TLV with invalid CRC unexpectedly decoded successfully"
>
> -def test_tlv_command(barebox, barebox_config, tlv_testdata):
> +@pytest.fixture(scope="module")
> +def tlv_cmdtest(barebox_config, tlv_testdata):
> skip_disabled(barebox_config, "CONFIG_CMD_TLV")
> - t = tlv_testdata
> - with open(t.data, 'r', encoding='utf-8') as f:
> - yaml_lines = [l.strip() for l in f if l.strip() and not l.strip().startswith('#')]
> -
> - stdout = barebox.run_check(f"tlv /mnt/9p/testfs/{t.unsigned_bin.name}")
> -
> - # work around 9pfs printing here after a failed network test
> - tlv_offset = next((i for i, line in enumerate(stdout) if line.startswith("tlv")), None)
> - tlv_lines = stdout[tlv_offset + 1:-1]
> -
> - assert len(yaml_lines) == len(tlv_lines), \
> - f"YAML and TLV output line count mismatch for {t.unsigned_bin.name}"
> -
> - for yline, tline in zip(yaml_lines, tlv_lines):
> - m = re.match(r'^\s*([^=]+) = "(.*)";$', tline)
> - assert m, f"malformed tlv line: {tline}"
> - tkey, tval = m.group(1), m.group(2)
> - m = re.match(r'^([^:]+):\s*(?:"([^"]*)"\s*|(.*))$', yline)
> - assert m, f"malformed yaml line: {yline}"
> - ykey, yval = m.group(1), m.group(2) or m.group(3)
> - assert ykey == tkey, f"key mismatch: {ykey} != {tkey}"
> - assert str(yval) == str(tval), f"value mismatch for {ykey}: {yval} != {tval}"
> + skip_disabled(barebox_config, "CONFIG_CRYPTO_BUILTIN_DEVELOPMENT_KEYS")
> +
> + class _TLV_Cmdtest:
> + def __init__(self, tlv_testdata):
> + self.t = tlv_testdata
> + with open(tlv_testdata.data, "r", encoding="utf-8") as f:
> + self.yaml_lines = [
> + l.strip() for l in f if l.strip() and not l.strip().startswith("#")
> + ]
> +
> + def test(self, barebox, fn, fail=False):
> + cmd = f"tlv /mnt/9p/testfs/{fn}"
> + stdout, stderr, exitcode = barebox.run(cmd, timeout=2)
> + if fail:
> + assert exitcode != 0
> + return
> + elif exitcode != 0:
> + raise RuntimeError(f"`{cmd}` failed with exitcode {exitcode}:\n{stderr}\n{stdout}")
> +
> + # work around a corner case of 9pfs printing here (after a failed network test?)
> + tlv_offset = next((i for i, line in enumerate(stdout) if line.startswith("tlv")), None)
> + tlv_lines = stdout[tlv_offset + 1 : -1]
> +
> + assert len(self.yaml_lines) == len(tlv_lines), (
> + f"YAML and TLV output line count mismatch for {fn}"
> + )
> +
> + for yline, tline in zip(self.yaml_lines, tlv_lines):
> + m = re.match(r'^\s*([^=]+) = "(.*)";$', tline)
> + assert m, f"malformed tlv line: {tline}"
> + tkey, tval = m.group(1), m.group(2)
> + m = re.match(r'^([^:]+):\s*(?:"([^"]*)"\s*|(.*))$', yline)
> + assert m, f"malformed yaml line: {yline}"
> + ykey, yval = m.group(1), m.group(2) or m.group(3)
> + assert ykey == tkey, f"key mismatch: {ykey} != {tkey}"
> + assert str(yval) == str(tval), f"value mismatch for {ykey}: {yval} != {tval}"
> +
> + return _TLV_Cmdtest(tlv_testdata)
> +
> +
> +def test_tlv_cmd_unsigned(barebox, barebox_config, tlv_cmdtest):
> + skip_disabled(barebox_config, "CONFIG_CRYPTO_RSA")
> + tlv_cmdtest.test(barebox, tlv_cmdtest.t.unsigned_bin.name)
> +
> +
> +def test_tlv_cmd_signed(barebox, barebox_config, tlv_cmdtest):
> + skip_disabled(barebox_config, "CONFIG_CRYPTO_RSA")
> + tlv_cmdtest.test(barebox, tlv_cmdtest.t.signed_bin.name)
> +
> +
> +def test_tlv_cmd_ecdsa_signed(barebox, barebox_config, tlv_cmdtest):
> + skip_disabled(barebox_config, "CONFIG_CRYPTO_ECDSA")
> + tlv_cmdtest.test(barebox, tlv_cmdtest.t.ecdsa_signed_bin.name)
> +
> +
> +def test_tlv_cmd_corrupted(barebox, barebox_config, tlv_cmdtest):
> + skip_disabled(barebox_config, "CONFIG_CRYPTO_RSA")
> + tlv_cmdtest.test(barebox, tlv_cmdtest.t.corrupted_bin.name, fail=True)
> +
> +
> +def test_tlv_cmd_tampered(barebox, barebox_config, tlv_cmdtest):
> + skip_disabled(barebox_config, "CONFIG_CRYPTO_RSA")
> + tlv_cmdtest.test(barebox, tlv_cmdtest.t.tampered_bin.name, fail=True)
> +
> +
> +def test_tlv_cmd_ecdsa_tampered(barebox, barebox_config, tlv_cmdtest):
> + skip_disabled(barebox_config, "CONFIG_CRYPTO_ECDSA")
> + tlv_cmdtest.test(barebox, tlv_cmdtest.t.tampered_ecdsa_bin.name, fail=True)
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2025-10-22 10:05 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-14 11:02 [PATCH 00/15] TLV-Signature and keyrings Jonas Rebmann
2025-10-14 11:02 ` [PATCH 01/15] common: clean up TLV code Jonas Rebmann
2025-10-14 11:02 ` [PATCH 02/15] crypto: Add support for keyrings Jonas Rebmann
2025-10-14 11:02 ` [PATCH 03/15] fit: only accept keys from "fit"-keyring Jonas Rebmann
2025-10-22 9:41 ` Ahmad Fatoum
2025-10-14 11:02 ` [PATCH 04/15] crypto: keytoc: Rename "hint" to "fit-hint" and do not use it in identifiers Jonas Rebmann
2025-10-15 10:15 ` Jonas Rebmann
2025-10-14 11:02 ` [PATCH 05/15] commands: keys: update output format to include keyring Jonas Rebmann
2025-10-22 9:43 ` Ahmad Fatoum
2025-10-22 9:59 ` Jonas Rebmann
2025-10-14 11:02 ` [PATCH 06/15] commands: tlv: Error out on invalid TLVs Jonas Rebmann
2025-10-22 9:44 ` Ahmad Fatoum
2025-10-14 11:02 ` [PATCH 07/15] scripts: bareboxtlv-generator: Implement signature Jonas Rebmann
2025-10-14 11:02 ` [PATCH 08/15] scripts: bareboxtlv-generator: Increase max_size in example schema Jonas Rebmann
2025-10-14 11:03 ` [PATCH 09/15] common: tlv: Add TLV-Signature support Jonas Rebmann
2025-10-17 9:08 ` Jonas Rebmann
2025-10-22 10:00 ` Ahmad Fatoum
2025-10-22 10:43 ` Jonas Rebmann
2025-10-22 12:05 ` Ahmad Fatoum
2025-10-14 11:03 ` [PATCH 10/15] common: tlv: default decoder for signed TLV Jonas Rebmann
2025-10-22 10:01 ` Ahmad Fatoum
2025-10-22 11:00 ` Jonas Rebmann
2025-10-14 11:03 ` [PATCH 11/15] crypto: Use "development" keys for "fit" and "tlv" keyring Jonas Rebmann
2025-10-22 10:02 ` Ahmad Fatoum
2025-10-22 11:17 ` Jonas Rebmann
2025-10-22 12:04 ` Ahmad Fatoum
2025-10-14 11:03 ` [PATCH 12/15] test: py: add signature to TLV integration tests Jonas Rebmann
2025-10-22 10:04 ` Ahmad Fatoum [this message]
2025-10-22 10:11 ` Ahmad Fatoum
2025-10-22 12:28 ` Jonas Rebmann
2025-10-22 12:34 ` Ahmad Fatoum
2025-10-22 11:08 ` Jonas Rebmann
2025-10-22 11:12 ` Ahmad Fatoum
2025-10-14 11:03 ` [PATCH 13/15] ci: pytest: Add kconfig fragment for TLV signature " Jonas Rebmann
2025-10-14 11:03 ` [PATCH 14/15] doc/barebox-tlv: Update documentation regarding TLV-Signature Jonas Rebmann
2025-10-15 10:20 ` Jonas Rebmann
2025-10-14 11:03 ` [PATCH 15/15] Documentation: migration-2025.11.0: List changes to CONFIG_CRYPTO_PUBLIC_KEYS Jonas Rebmann
2025-10-15 14:34 ` Jonas Rebmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=703f28ed-2d8a-4784-a850-ae577119f56e@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=jre@pengutronix.de \
--cc=s.hauer@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox