bl_root_of_trust_verify()

int bl_root_of_trust_verify	(	const uint8_t *	public_key,
		const uint8_t *	public_key_hash,
		const uint8_t *	signature,
		const uint8_t *	firmware,
		const uint32_t	firmware_len )

#include <include/bl_crypto.h>

Verify a signature using configured signature and SHA-256.

Verifies the public key against the public key hash, then verifies the hash of the signed data against the signature using the public key.

Parameters

[in]	public_key	Public key.
[in]	public_key_hash	Expected hash of the public key. This is the root of trust.
[in]	signature	Firmware signature.
[in]	firmware	Firmware.
[in]	firmware_len	Length of firmware.

Return values

0	On success.
-EHASHINV	If public_key_hash didn't match public_key.
-ESIGINV	If signature validation failed.

Returns

Any error code from bl_sha256_init, bl_sha256_update, bl_sha256_finalize, or bl_secp256r1_validate if something else went wrong.

Remarks

No parameter can be NULL.