From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: Jonas Rebmann <jre@pengutronix.de>,
Sascha Hauer <s.hauer@pengutronix.de>,
BAREBOX <barebox@lists.infradead.org>
Subject: Re: [PATCH 12/15] test: py: add signature to TLV integration tests
Date: Wed, 22 Oct 2025 12:11:34 +0200 [thread overview]
Message-ID: <f2e96d72-3d01-4845-a997-4926ea4bdee0@pengutronix.de> (raw)
In-Reply-To: <703f28ed-2d8a-4784-a850-ae577119f56e@pengutronix.de>
On 10/22/25 12:04 PM, Ahmad Fatoum wrote:
> Hi,
>
> On 10/14/25 1:03 PM, Jonas Rebmann wrote:
>> Add TLV signature to TLV integration tests:
>> - Signed TLV using development RSA key
>> - Modify payload and fix CRC for a "tampered" tlv
>> - Include both cases in generator and tlv-command tests.
>>
>> Use the keys selected by CRYPTO_BUILTIN_DEVELOPMENT_KEYS for all TLV
>> testing. Consequentially add the matching private keys from the public
>> repository at [1].
>>
>> [1]: https://git.pengutronix.de/cgit/ptx-code-signing-dev/
>>
>> Signed-off-by: Jonas Rebmann <jre@pengutronix.de>
>> ---
>> crypto/fit-4096-development.key | 51 ++++++++++
>> crypto/fit-ecdsa-development.key | 5 +
>
> Move this into test/?
Ah, I see the *.crt files are already in crypto...
Can't you concatenate the *.key and *.crt files into a single pem file?
That's what we do for test/self/development_rsa2048.pem and it works
there. Removes clutter a bit.
Cheers,
Ahmad
>
>> test/py/test_tlv.py | 205 +++++++++++++++++++++++++++++++--------
>> 3 files changed, 219 insertions(+), 42 deletions(-)
>>
>> diff --git a/crypto/fit-4096-development.key b/crypto/fit-4096-development.key
>> new file mode 100644
>> index 0000000000..526cdfc2b5
>> --- /dev/null
>> +++ b/crypto/fit-4096-development.key
>> @@ -0,0 +1,51 @@
>> +-----BEGIN RSA PRIVATE KEY-----
>> +MIIJKgIBAAKCAgEAyZHkijUfqoAvEELaxSLnjyqhTprEilnf7JqvSCMDUUXv2dEl
>> +k1r4RwiBowJp/4W3sOx4gASEHM2xlDWyPYZUR/1btZeVJvOIRPWfw8JoLT3tbbST
>> +OIw04Bk6MUh3LbgBtxbbKGGkFewq3Ob1XQOWcY3ZAzfLFuooPWJQ6X+IiczkrA0r
>> +GnwpuhHlb8tOdQZRjDevIVVvEkRjRiqrAw5pKTy/Mt/SJJ/yC7qJptIQskQ42y3R
>> +qHeCVmP6ZF6VV1scNmHr8+kRD19DhCos6DLWq2pCFPwnSmgM4T0FWcJsMiNta+rt
>> +Rq+kG7RjOOYbbqvuk3vkMrQTRQeAYfdnuOGimGQYxiVh9quOMVG6NJ2hylTa0S/E
>> +PKQUQvK9A8bnDul522XPmMVHOtLXVGtwKx9xQUx/2D7aoqlmVJSGQeAMNi0NEFhq
>> +buGdXuJ/2cKwtobClkz0WbbMlI4UBM7V4qP3JSkxiojRKhtNHtdE3KtF3ronRJaU
>> ++yDggNobWLiJ4TtQ0OAC1REEJGq7s9k8ASi+6s+VX7yVtlGWMIjbBGAl8lqgXXsA
>> +prRrmtofaQgEPVvcSAIbuch/JqpHhs8vHBiWb/KZdOe/vMiYQE/d9/KY8rybZa3D
>> +hKvzN7X59ymOYLILHB73Xxi5bQA61DaeYE4KnPiJaEDrUccrlFjMBIwGrosCAwEA
>> +AQKCAgEApVkIIFdzommEMdKloxD+4nIV4GUU1GjlRzGcl5AhKIo2NndaW4ZEJADW
>> +VuGkEfeet4NDVcBen0IcaXeivtVyTZuHn2646zrajbbvV6Yhzvr9yQBXxAs/VJVd
>> +JxBKszY+MfKN1JJEB7ezcYIDxEktH/k8C2e5MRLj73a26NO1LVTmQDyNHyy7Deeg
>> +ThR4R4bnXh5PiwiKFHIE/YoCvn8TxMAQF6uCtoh+BSD/ydiH2bQc766mTYu7XyKk
>> +Q7FS0FXszq+E3pBRbkq3F7OBIviRIAwKKSyvDlpMNnfX68mQ95AYMm6ENXffJtrS
>> +ido4ppBjJJh8mRses4FzzukkLITq2qBoZQn+3XfR12+YbWKbCFIAXSu1b4tJetLC
>> +wYUp6EuGKCS2XK8OJXbY4M2D1t7bCVlRpptZBBiD7romkLYQ+jRwPbWhjUY6Ktw3
>> +ceUf9XJtNVKjHMp7n6C3gdxe2ivK02RYscT3brRq7TUjSzGjH1z/HUQSwr31+tXD
>> +dw2fkb2qQn2KUB5hjKcqU/Dxrqjorvf+kjGwXTtAD01Y4r8xRD3HK31zKAgrheN6
>> +15shoKRM4imKCD+fTBQjBBVZpTT8xNbo1m+y0joFEeDW0U5Lc3A/DhyTUsfHj4Im
>> +H02Cg4wiXXGyJ57fSyyNFKaa0EuLSdOl0zT1bXiy2TxiyTrsgAECggEBAPz+DcTO
>> +OvWtU/f+SyAfP86xd3bSnQzBXtoK2iI49uGAAkIXLU881V5sFz41UWJ6g1G0PjKy
>> +FWjxTCJytgso9TkISC42TOTE9VUqL4Y4KHhY93nnMAzKNLJC04onqmimDjn1I5Di
>> +DD3k3yCYPQEPInz84tdZyB+mRSncdsOL0Mpzhl5fjgGy+pi78K3/B4PUepR3n+Wl
>> +4JqKP4SeIL189+ChnSrgVsLzdvpOWJ2cu8DO9qGfz7F0ufJlehUILWPfhYlWUZ/c
>> +AUja5QWJEuSQHsKcOJSD4fpjuBWy3ASKlDy7BQSSoASibsl8FfQ/WmQBd3H8Y5/U
>> +20psjFuOa/02TusCggEBAMv3V4ccYieiUNkzi6WyyzlR9sULtAG4Cvi1HRw+o6mV
>> +VeNFNo8hw+g8f26URvuB06xXyuZepk+oMtEPiFfGYFFg4s22QJRGzqBfC5+8//Mf
>> +rcIsU88S75JCZjPDSxOFgzSDAG1gPfX4i8BZHgqaT749TewbeLc0ehvVrcLnXMwB
>> +3JpDNmiuNzA2pJAWbLezKazhW6XbpkTtHDqZTswDK+3AFBm7j/cqqeXojd93EbrV
>> +0ggyiNMx/O42DHVwZ+51HdJ+C7KDHR0wzgFMu24zyoymzZOaiKjm2rQi/B4mJ9Er
>> +oCaCfhVGo/Kq7Y5V7G+x4gag8oVQNCJh/lERrvgBduECggEAT5tpnbn/F3tY5rof
>> +zZXHsDRrkPoo7PCT9ixgA1DFbqOnEkDUwxAzW6jLj4mbeE9wru72e2FKF2GGQXiz
>> +C8PxleajP9daTsojII9LsQJOyb/E75jtp7ig6E7a3agpmRBXfalDbb2TeI5iH5GH
>> +8KNgiM/SWU0pCbx6GvgCbvm501qSt3N97c7xx8mrrDSJmtPrVnhl2g9eI4LJBeP0
>> +DWwbW5W/LNS2uFV/5Ldubvn4omz9clIlOoOuVzXTOnb+QWT+Uf7VZGYICXLHifxd
>> +84neBALAUwtEulNSg5FqZgttJcb7hzrUG2E5VzEyf07IFJvZiAaRGqQR9NM/PzgL
>> +hvvlzQKCAQEAi/wmy2kUiKUjHd79oexzA9UYKyacFW3twcHzx7XJ95Kxjriq+FMx
>> +NIuI3ijQCr+QukDK1Y7yT8tdjRQ+/Bb/dfqrzomeCuYJ3BE/VhOOCpucUp6/qmgR
>> +mm0N3crUFQLWCM08FtUt0UoTCCFht98uiZ9jgn9cO0i94aqmhhTqIG3KrOkiR3gC
>> +Eon+KZHqba1+FdPZZZy5oaamcCVV6jjnBlaEtSCAbx+N2WfhLxR2S6eCbfPY6jHt
>> +qMPZiyRpgERLAnNVrd/EtIsRZ9z06m6LPjsg7oPp9Rnz0hwMsth3DV0GnkeDJzED
>> +RoI/ZifcjNAmE2yU5iAkl9Bvjc44Kqg+oQKCAQEAvSi4W2kVUoIwlmBHGLge/Rng
>> +YyScmAoG4Cavy0Ie6AHPtHayHFdI/rAyiVFnKU5Xuj4qgB54dLa94bQrIu451wls
>> +3Jyy/J8WkcW9r/dZFMN6gMoZ0u+xt6KdYe2tQnyW/CG4svDyfckcW2VHdh2A3vqH
>> +xlGNmo/HaOeovxWNQkQGQeuXnIcrUvwaFTmGIxLdEO5TAQzLeWSrXldMtVBUAMaJ
>> +LClOqNIGRxMRYhZOPVnkedEQmJqgxvcrn8F/91mXQHVnQBOvsgyQDgtS3V0EIAOD
>> +rWePjgB8twJknHuab8qH/1z3cQ5QRxQ6lffcIoWgXS59QBBT+jIqMT2oKyGkPw==
>> +-----END RSA PRIVATE KEY-----
>> diff --git a/crypto/fit-ecdsa-development.key b/crypto/fit-ecdsa-development.key
>> new file mode 100644
>> index 0000000000..2b13c877a3
>> --- /dev/null
>> +++ b/crypto/fit-ecdsa-development.key
>> @@ -0,0 +1,5 @@
>> +-----BEGIN EC PRIVATE KEY-----
>> +MHcCAQEEIEsUW5DEOhD1CYHCnPfDULwbRQO9Yjt2/xM5SoY2GUQtoAoGCCqGSM49
>> +AwEHoUQDQgAEowCa2OYfPdGRr1JpSYONOA3N2jwJjGbPbfG6uBzKg1VqOOk0a/Vf
>> +BfEbQev6X96HCd6zvvC2tjBgvICW8UB0TQ==
>> +-----END EC PRIVATE KEY-----
>> diff --git a/test/py/test_tlv.py b/test/py/test_tlv.py
>> index 79f9f9d01b..1200281dbc 100644
>> --- a/test/py/test_tlv.py
>> +++ b/test/py/test_tlv.py
>> @@ -1,6 +1,7 @@
>> import os
>> import re
>> import subprocess
>> +import struct
>> from pathlib import Path
>> from .helper import skip_disabled
>>
>> @@ -8,71 +9,191 @@ import pytest
>>
>>
>> class _TLV_Testdata:
>> - def generator(self, args, check=True):
>> + def generator(self, args, expect_failure=False, input=None):
>> cmd = [os.sys.executable, str(self.generator_py)] + args
>> - res = subprocess.run(cmd, text=True)
>> + res = subprocess.run(cmd, text=True, input=input, encoding="utf-8", capture_output=True)
>> if res.returncode == 127:
>> pytest.skip("test skipped due to missing host dependencies")
>> -
>> - if check and res.returncode != 0:
>> - raise RuntimeError(f"generator failed ({res.returncode}): {res.stdout}\n{res.stderr}")
>> + if res.returncode == 0 and expect_failure:
>> + raise RuntimeError(
>> + f"`{' '.join(cmd)}` succeded unexpectedly:\n{res.stderr}\n{res.stdout}"
>> + )
>> + elif res.returncode != 0 and not expect_failure:
>> + raise RuntimeError(
>> + f"`{' '.join(cmd)}` failed unexpectedly with {res.returncode}:\n{res.stderr}\n{res.stdout}"
>> + )
>> return res
>>
>> + def overwrite_magic(self, new_magic):
>> + with open(self.schema, "r", encoding="utf-8") as f:
>> + patched_schema = "".join(
>> + re.sub(r"^magic:\s*0x[a-fA-F0-9]{8}\s*$", f"magic: {new_magic}\n", line)
>> + for line in f
>> + )
>> + return patched_schema
>> +
>> + def tlv_gen(self, outfile, magic=None, sign=None):
>> + param = ["--input-data", str(self.data)]
>> + if sign:
>> + param += ["--sign", str(sign)]
>> + if magic:
>> + param += ["/dev/stdin"]
>> + else:
>> + param += [str(self.schema)]
>> + param += [str(outfile)]
>> + ret = self.generator(param, input=self.overwrite_magic(magic) if magic else None)
>> + assert outfile.exists(), f"TLV {outfile} not created from {' '.join(param)}"
>> + return ret
>> +
>> + def tlv_read(self, binfile, magic=None, verify=None, expect_failure=False):
>> + param = ["--output-data", "/dev/null"]
>> + if verify:
>> + param += ["--verify", str(verify)]
>> + if magic:
>> + param += ["/dev/stdin"]
>> + else:
>> + param += [str(self.schema)]
>> + param += [str(binfile)]
>> + ret = self.generator(
>> + param,
>> + input=self.overwrite_magic(magic) if magic else None,
>> + expect_failure=expect_failure,
>> + )
>> + return ret
>> +
>> + def corrupt(self, fnin, fnout, fix_crc=False):
>> + try:
>> + from crcmod.predefined import mkPredefinedCrcFun
>> + except ModuleNotFoundError:
>> + pytest.skip("test skipped due to missing dependency python-crcmod")
>> + return
>> +
>> + _crc32_mpeg = mkPredefinedCrcFun("crc-32-mpeg")
>> +
>> + with open(fnin, "r+b") as f:
>> + data = bytearray(f.read())
>> + data[0x20] ^= 1
>> + if fix_crc:
>> + crc_raw = _crc32_mpeg(data[:-4])
>> + crc = struct.pack(">I", crc_raw)
>> + data[-4:] = crc
>> + with open(fnout, "wb") as f:
>> + f.write(data)
>> +
>> def __init__(self, testfs):
>> self.dir = Path(testfs)
>> self.scripts_dir = Path("scripts/bareboxtlv-generator")
>> self.data = self.scripts_dir / "data-example.yaml"
>> self.schema = self.scripts_dir / "schema-example.yaml"
>> self.generator_py = self.scripts_dir / "bareboxtlv-generator.py"
>> - self.unsigned_bin = self.dir / 'unsigned.tlv'
>> - self.corrupted_bin = self.dir / 'unsigned_corrupted.tlv'
>> + self.privkey_rsa = Path("crypto/fit-4096-development.key")
>> + self.pubkey_rsa = Path("crypto/fit-4096-development.crt")
>> + self.privkey_ecdsa = Path("crypto/fit-ecdsa-development.key")
>> + self.pubkey_ecdsa = Path("crypto/fit-ecdsa-development.crt")
>> + self.unsigned_bin = self.dir / "unsigned.tlv"
>> + self.corrupted_bin = self.dir / "unsigned_corrupted.tlv"
>> + self.signed_bin = self.dir / "signed.tlv"
>> + self.ecdsa_signed_bin = self.dir / "ecdsa-signed.tlv"
>> + self.tampered_bin = self.dir / "signed-tampered.tlv"
>> + self.tampered_ecdsa_bin = self.dir / "ecdsa-signed-tampered.tlv"
>> +
>>
>> @pytest.fixture(scope="module")
>> def tlv_testdata(testfs):
>> t = _TLV_Testdata(testfs)
>> - t.generator(["--input-data", str(t.data), str(t.schema), str(t.unsigned_bin)])
>> - assert t.unsigned_bin.exists(), "unsigned TLV not created"
>>
>> - with open(t.unsigned_bin, 'r+b') as f:
>> - data = bytearray(f.read())
>> - data[0x20] ^= 1
>> - with open(t.corrupted_bin, "wb") as f:
>> - f.write(data)
>> + t.tlv_gen(t.unsigned_bin)
>> + t.tlv_gen(t.signed_bin, sign=t.privkey_rsa, magic="0x61bb95f3")
>> + t.tlv_gen(t.ecdsa_signed_bin, sign=t.privkey_ecdsa, magic="0x61bb95f3")
>> +
>> + t.corrupt(t.unsigned_bin, t.corrupted_bin)
>> + t.corrupt(t.signed_bin, t.tampered_bin, fix_crc=True)
>> + t.corrupt(t.ecdsa_signed_bin, t.tampered_ecdsa_bin, fix_crc=True)
>>
>> return t
>>
>> +
>> def test_tlv_generator(tlv_testdata):
>> t = tlv_testdata
>> - out_yaml = t.dir / 'out.yaml'
>> + out_yaml = t.dir / "out.yaml"
>>
>> + t.tlv_read(t.unsigned_bin)
>> + t.tlv_read(t.signed_bin, verify=t.pubkey_rsa, magic="0x61bb95f3")
>> + t.tlv_read(t.ecdsa_signed_bin, verify=t.pubkey_ecdsa, magic="0x61bb95f3")
>>
>> - good = t.generator(["--output-data", str(out_yaml), str(t.schema), str(t.unsigned_bin)], check=False)
>> - assert good.returncode == 0, f"valid unsigned TLV failed to decode: {good.stderr}\n{good.stdout}"
>> + t.tlv_read(t.corrupted_bin, expect_failure=True)
>> + t.tlv_read(t.tampered_bin, verify=t.pubkey_rsa, magic="0x61bb95f3", expect_failure=True)
>> + t.tlv_read(t.tampered_ecdsa_bin, verify=t.pubkey_ecdsa, magic="0x61bb95f3", expect_failure=True)
>>
>> - bad = t.generator(["--output-data", str(t.dir / 'bad.yaml'), str(t.schema), str(t.corrupted_bin)], check=False)
>> - assert bad.returncode != 0, "unsigned TLV with invalid CRC unexpectedly decoded successfully"
>>
>> -def test_tlv_command(barebox, barebox_config, tlv_testdata):
>> +@pytest.fixture(scope="module")
>> +def tlv_cmdtest(barebox_config, tlv_testdata):
>> skip_disabled(barebox_config, "CONFIG_CMD_TLV")
>> - t = tlv_testdata
>> - with open(t.data, 'r', encoding='utf-8') as f:
>> - yaml_lines = [l.strip() for l in f if l.strip() and not l.strip().startswith('#')]
>> -
>> - stdout = barebox.run_check(f"tlv /mnt/9p/testfs/{t.unsigned_bin.name}")
>> -
>> - # work around 9pfs printing here after a failed network test
>> - tlv_offset = next((i for i, line in enumerate(stdout) if line.startswith("tlv")), None)
>> - tlv_lines = stdout[tlv_offset + 1:-1]
>> -
>> - assert len(yaml_lines) == len(tlv_lines), \
>> - f"YAML and TLV output line count mismatch for {t.unsigned_bin.name}"
>> -
>> - for yline, tline in zip(yaml_lines, tlv_lines):
>> - m = re.match(r'^\s*([^=]+) = "(.*)";$', tline)
>> - assert m, f"malformed tlv line: {tline}"
>> - tkey, tval = m.group(1), m.group(2)
>> - m = re.match(r'^([^:]+):\s*(?:"([^"]*)"\s*|(.*))$', yline)
>> - assert m, f"malformed yaml line: {yline}"
>> - ykey, yval = m.group(1), m.group(2) or m.group(3)
>> - assert ykey == tkey, f"key mismatch: {ykey} != {tkey}"
>> - assert str(yval) == str(tval), f"value mismatch for {ykey}: {yval} != {tval}"
>> + skip_disabled(barebox_config, "CONFIG_CRYPTO_BUILTIN_DEVELOPMENT_KEYS")
>> +
>> + class _TLV_Cmdtest:
>> + def __init__(self, tlv_testdata):
>> + self.t = tlv_testdata
>> + with open(tlv_testdata.data, "r", encoding="utf-8") as f:
>> + self.yaml_lines = [
>> + l.strip() for l in f if l.strip() and not l.strip().startswith("#")
>> + ]
>> +
>> + def test(self, barebox, fn, fail=False):
>> + cmd = f"tlv /mnt/9p/testfs/{fn}"
>> + stdout, stderr, exitcode = barebox.run(cmd, timeout=2)
>> + if fail:
>> + assert exitcode != 0
>> + return
>> + elif exitcode != 0:
>> + raise RuntimeError(f"`{cmd}` failed with exitcode {exitcode}:\n{stderr}\n{stdout}")
>> +
>> + # work around a corner case of 9pfs printing here (after a failed network test?)
>> + tlv_offset = next((i for i, line in enumerate(stdout) if line.startswith("tlv")), None)
>> + tlv_lines = stdout[tlv_offset + 1 : -1]
>> +
>> + assert len(self.yaml_lines) == len(tlv_lines), (
>> + f"YAML and TLV output line count mismatch for {fn}"
>> + )
>> +
>> + for yline, tline in zip(self.yaml_lines, tlv_lines):
>> + m = re.match(r'^\s*([^=]+) = "(.*)";$', tline)
>> + assert m, f"malformed tlv line: {tline}"
>> + tkey, tval = m.group(1), m.group(2)
>> + m = re.match(r'^([^:]+):\s*(?:"([^"]*)"\s*|(.*))$', yline)
>> + assert m, f"malformed yaml line: {yline}"
>> + ykey, yval = m.group(1), m.group(2) or m.group(3)
>> + assert ykey == tkey, f"key mismatch: {ykey} != {tkey}"
>> + assert str(yval) == str(tval), f"value mismatch for {ykey}: {yval} != {tval}"
>> +
>> + return _TLV_Cmdtest(tlv_testdata)
>> +
>> +
>> +def test_tlv_cmd_unsigned(barebox, barebox_config, tlv_cmdtest):
>> + skip_disabled(barebox_config, "CONFIG_CRYPTO_RSA")
>> + tlv_cmdtest.test(barebox, tlv_cmdtest.t.unsigned_bin.name)
>> +
>> +
>> +def test_tlv_cmd_signed(barebox, barebox_config, tlv_cmdtest):
>> + skip_disabled(barebox_config, "CONFIG_CRYPTO_RSA")
>> + tlv_cmdtest.test(barebox, tlv_cmdtest.t.signed_bin.name)
>> +
>> +
>> +def test_tlv_cmd_ecdsa_signed(barebox, barebox_config, tlv_cmdtest):
>> + skip_disabled(barebox_config, "CONFIG_CRYPTO_ECDSA")
>> + tlv_cmdtest.test(barebox, tlv_cmdtest.t.ecdsa_signed_bin.name)
>> +
>> +
>> +def test_tlv_cmd_corrupted(barebox, barebox_config, tlv_cmdtest):
>> + skip_disabled(barebox_config, "CONFIG_CRYPTO_RSA")
>> + tlv_cmdtest.test(barebox, tlv_cmdtest.t.corrupted_bin.name, fail=True)
>> +
>> +
>> +def test_tlv_cmd_tampered(barebox, barebox_config, tlv_cmdtest):
>> + skip_disabled(barebox_config, "CONFIG_CRYPTO_RSA")
>> + tlv_cmdtest.test(barebox, tlv_cmdtest.t.tampered_bin.name, fail=True)
>> +
>> +
>> +def test_tlv_cmd_ecdsa_tampered(barebox, barebox_config, tlv_cmdtest):
>> + skip_disabled(barebox_config, "CONFIG_CRYPTO_ECDSA")
>> + tlv_cmdtest.test(barebox, tlv_cmdtest.t.tampered_ecdsa_bin.name, fail=True)
>>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2025-10-22 10:12 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-14 11:02 [PATCH 00/15] TLV-Signature and keyrings Jonas Rebmann
2025-10-14 11:02 ` [PATCH 01/15] common: clean up TLV code Jonas Rebmann
2025-10-14 11:02 ` [PATCH 02/15] crypto: Add support for keyrings Jonas Rebmann
2025-10-14 11:02 ` [PATCH 03/15] fit: only accept keys from "fit"-keyring Jonas Rebmann
2025-10-22 9:41 ` Ahmad Fatoum
2025-10-14 11:02 ` [PATCH 04/15] crypto: keytoc: Rename "hint" to "fit-hint" and do not use it in identifiers Jonas Rebmann
2025-10-15 10:15 ` Jonas Rebmann
2025-10-14 11:02 ` [PATCH 05/15] commands: keys: update output format to include keyring Jonas Rebmann
2025-10-22 9:43 ` Ahmad Fatoum
2025-10-22 9:59 ` Jonas Rebmann
2025-10-14 11:02 ` [PATCH 06/15] commands: tlv: Error out on invalid TLVs Jonas Rebmann
2025-10-22 9:44 ` Ahmad Fatoum
2025-10-14 11:02 ` [PATCH 07/15] scripts: bareboxtlv-generator: Implement signature Jonas Rebmann
2025-10-14 11:02 ` [PATCH 08/15] scripts: bareboxtlv-generator: Increase max_size in example schema Jonas Rebmann
2025-10-14 11:03 ` [PATCH 09/15] common: tlv: Add TLV-Signature support Jonas Rebmann
2025-10-17 9:08 ` Jonas Rebmann
2025-10-22 10:00 ` Ahmad Fatoum
2025-10-22 10:43 ` Jonas Rebmann
2025-10-22 12:05 ` Ahmad Fatoum
2025-10-14 11:03 ` [PATCH 10/15] common: tlv: default decoder for signed TLV Jonas Rebmann
2025-10-22 10:01 ` Ahmad Fatoum
2025-10-22 11:00 ` Jonas Rebmann
2025-10-14 11:03 ` [PATCH 11/15] crypto: Use "development" keys for "fit" and "tlv" keyring Jonas Rebmann
2025-10-22 10:02 ` Ahmad Fatoum
2025-10-22 11:17 ` Jonas Rebmann
2025-10-22 12:04 ` Ahmad Fatoum
2025-10-14 11:03 ` [PATCH 12/15] test: py: add signature to TLV integration tests Jonas Rebmann
2025-10-22 10:04 ` Ahmad Fatoum
2025-10-22 10:11 ` Ahmad Fatoum [this message]
2025-10-22 12:28 ` Jonas Rebmann
2025-10-22 12:34 ` Ahmad Fatoum
2025-10-22 11:08 ` Jonas Rebmann
2025-10-22 11:12 ` Ahmad Fatoum
2025-10-14 11:03 ` [PATCH 13/15] ci: pytest: Add kconfig fragment for TLV signature " Jonas Rebmann
2025-10-14 11:03 ` [PATCH 14/15] doc/barebox-tlv: Update documentation regarding TLV-Signature Jonas Rebmann
2025-10-15 10:20 ` Jonas Rebmann
2025-10-14 11:03 ` [PATCH 15/15] Documentation: migration-2025.11.0: List changes to CONFIG_CRYPTO_PUBLIC_KEYS Jonas Rebmann
2025-10-15 14:34 ` Jonas Rebmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f2e96d72-3d01-4845-a997-4926ea4bdee0@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=jre@pengutronix.de \
--cc=s.hauer@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox