From: Tim Gover <tim.gover@xxxxxxxxxxxxxxx> Make a copy of the bootloader secure-boot public key available to the OS via an nvmem node. The placement information is populated by the Raspberry Pi firmware[1] if a public key is present in the BCM2711 bootloader EEPROM. [1] https://www.raspberrypi.com/documentation/computers/configuration.html#nvmem-nodes Signed-off-by: Tim Gover <tim.gover@xxxxxxxxxxxxxxx> [iivanov] Added link to documentation. Signed-off-by: Ivan T. Ivanov <iivanov@xxxxxxx> --- arch/arm/boot/dts/bcm2711-rpi.dtsi | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/arch/arm/boot/dts/bcm2711-rpi.dtsi b/arch/arm/boot/dts/bcm2711-rpi.dtsi index 98817a6675b9..e30fbe84f9c3 100644 --- a/arch/arm/boot/dts/bcm2711-rpi.dtsi +++ b/arch/arm/boot/dts/bcm2711-rpi.dtsi @@ -15,6 +15,7 @@ aliases { ethernet0 = &genet; pcie0 = &pcie0; blconfig = &blconfig; + blpubkey = &blpubkey; }; }; @@ -67,6 +68,19 @@ blconfig: nvram@0 { no-map; status = "disabled"; }; + + /* + * RPi4 will copy the binary public key blob (if present) from the bootloader + * into memory for use by the OS. + */ + blpubkey: nvram@1 { + compatible = "raspberrypi,bootloader-public-key", "nvmem-rmem"; + #address-cells = <1>; + #size-cells = <1>; + reg = <0x0 0x0 0x0>; + no-map; + status = "disabled"; + }; }; &v3d { -- 2.35.3
