diff options
| author | Vincent Palatin <vpalatin@chromium.org> | 2014-09-26 15:20:42 -0700 |
|---|---|---|
| committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-10-02 23:18:25 +0000 |
| commit | beaddbf1a365463cdef3ed9dd1d093ff6ff80d70 (patch) | |
| tree | 2f6f7aeda02e320b0962da0a901bb67b3bbf753e /Makefile | |
| parent | 0330d9adf2602c44201d5e1b842747caf7dd83b1 (diff) | |
| download | chrome-ec-beaddbf1a365463cdef3ed9dd1d093ff6ff80d70.tar.gz | |
zinger: check RW firmware signature
The Zinger RW is now signed with 2048-bit RSA key (using SHA-256 as
digest).
This CL implements the verification mechanism.
note: the RSA key used for signing must be provided as a .pem file.
The path to .pem file must be provided in the PEM environment variable.
By default, it's using the dev key stored in zinger_dev_key.pem.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=samus
BUG=chrome-os-partner:28336
TEST=on Zinger, run with properly signed RW firmware and corrupted
firmware and check the serial traces.
Change-Id: Ia58482458904a3ed72d6b0e95996cae86a0ead83
Reviewed-on: https://chromium-review.googlesource.com/220178
Commit-Queue: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Alec Berg <alecaberg@chromium.org>
Diffstat (limited to 'Makefile')
| -rw-r--r-- | Makefile | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -30,8 +30,13 @@ PROJECT?=ec # Output directory for build objects out?=build/$(BOARD) +# If no key file is provided, use the default dev key +PEM ?= board/$(BOARD)/dev_key.pem + include Makefile.toolchain +all: $(out)/$(PROJECT).bin utils + # The board makefile sets $CHIP and the chip makefile sets $CORE. # Include those now, since they must be defined for _flag_cfg below. include board/$(BOARD)/build.mk @@ -79,6 +84,14 @@ ifneq "$(CONFIG_COMMON_RUNTIME)" "y" -D"irq_$(irq)_handler_optional=irq_$(irq)_handler") endif +# Compute RW firmware size and offset +_rw_off_str:=$(shell echo "CONFIG_FW_RW_OFF" | $(CPP) $(CPPFLAGS) -P \ + -Ichip/$(CHIP) -Iboard/$(BOARD) -imacros include/config.h) +_rw_off:=$(shell echo "$$(($(_rw_off_str)))") +_rw_size_str:=$(shell echo "CONFIG_FW_RW_SIZE" | $(CPP) $(CPPFLAGS) -P \ + -Ichip/$(CHIP) -Iboard/$(BOARD) -imacros include/config.h) +_rw_size:=$(shell echo "$$(($(_rw_size_str)))") + # Get build configuration from sub-directories # Note that this re-includes the board and chip makefiles include board/$(BOARD)/build.mk |