Frans Hendriks has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37654 )
Change subject: eltan/verified_boot: include vboot21 code directly ......................................................................
Patch Set 2:
Patch Set 2:
Using public functions only might be an issue: vb21_unpack_key -> vb2_unpack_key_buffer = NO API vb21_verify_data -> vb2_verify_data = NO API
Would using vb2_init_hash() work to replace these?
vb2_digest_buffer NO API
security/vboot is using this function also. Will security/vboot be modified using API function only?
Hi Frans,
Actually, the functions vb2_digest_buffer, vb2_digest_init, vb2_digest_extend, vb2_digest_finalize etc. are all available through including the <vb2_sha.h> header file. They don't include the vb2api_ prefix, but they are still considered a public API.
We could open up APIs for vb2_unpack_key (vb2api_unpack_key), and for vb2_verify_digest (vb2api_verify_digest), the latter of which would allocate its own workbuf (an internal vboot structure).
Is Eltan still willing to move over to vboot 2 data structures at this point, or are you locked into vboot 2.1?
currently vb21 key is used (which is generated using futilty). Moving to vb2 should not be a problem