Hi Tim,
Am 20.04.23 um 14:29 schrieb Ivan T. Ivanov:
From: Tim Gover <tim.gover@xxxxxxxxxxxxxxx>
Make a copy of the bootloader secure-boot public key available to the OS
via an nvmem node. The placement information is populated by the
Raspberry Pi firmware[1] if a public key is present in the BCM2711
bootloader EEPROM.
[1] https://www.raspberrypi.com/documentation/computers/configuration.html#nvmem-nodes
Signed-off-by: Tim Gover <tim.gover@xxxxxxxxxxxxxxx>
[iivanov] Added link to documentation.
Signed-off-by: Ivan T. Ivanov <iivanov@xxxxxxx>
---
arch/arm/boot/dts/bcm2711-rpi.dtsi | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/arch/arm/boot/dts/bcm2711-rpi.dtsi b/arch/arm/boot/dts/bcm2711-rpi.dtsi
index 98817a6675b9..e30fbe84f9c3 100644
--- a/arch/arm/boot/dts/bcm2711-rpi.dtsi
+++ b/arch/arm/boot/dts/bcm2711-rpi.dtsi
@@ -15,6 +15,7 @@ aliases {
ethernet0 = &genet;
pcie0 = &pcie0;
blconfig = &blconfig;
+ blpubkey = &blpubkey;
};
};
@@ -67,6 +68,19 @@ blconfig: nvram@0 {
no-map;
status = "disabled";
};
+
+ /*
+ * RPi4 will copy the binary public key blob (if present) from the bootloader
+ * into memory for use by the OS.
is the public key also possibly available for CM4 and RPi 400?
+ */
+ blpubkey: nvram@1 {
+ compatible = "raspberrypi,bootloader-public-key", "nvmem-rmem";
+ #address-cells = <1>;
+ #size-cells = <1>;
+ reg = <0x0 0x0 0x0>;
+ no-map;
+ status = "disabled";
+ };
};
&v3d {
