diff options
author | Vincent Palatin <vpalatin@chromium.org> | 2014-09-26 15:20:42 -0700 |
---|---|---|
committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-10-02 23:18:25 +0000 |
commit | beaddbf1a365463cdef3ed9dd1d093ff6ff80d70 (patch) | |
tree | 2f6f7aeda02e320b0962da0a901bb67b3bbf753e /board/zinger/hardware.c | |
parent | 0330d9adf2602c44201d5e1b842747caf7dd83b1 (diff) | |
download | chrome-ec-beaddbf1a365463cdef3ed9dd1d093ff6ff80d70.tar.gz |
zinger: check RW firmware signature
The Zinger RW is now signed with 2048-bit RSA key (using SHA-256 as
digest).
This CL implements the verification mechanism.
note: the RSA key used for signing must be provided as a .pem file.
The path to .pem file must be provided in the PEM environment variable.
By default, it's using the dev key stored in zinger_dev_key.pem.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=samus
BUG=chrome-os-partner:28336
TEST=on Zinger, run with properly signed RW firmware and corrupted
firmware and check the serial traces.
Change-Id: Ia58482458904a3ed72d6b0e95996cae86a0ead83
Reviewed-on: https://chromium-review.googlesource.com/220178
Commit-Queue: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Alec Berg <alecaberg@chromium.org>
Diffstat (limited to 'board/zinger/hardware.c')
-rw-r--r-- | board/zinger/hardware.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/board/zinger/hardware.c b/board/zinger/hardware.c index 1b22ec64c4..061f3bdf89 100644 --- a/board/zinger/hardware.c +++ b/board/zinger/hardware.c @@ -9,7 +9,8 @@ #include "common.h" #include "cpu.h" #include "registers.h" -#include "sha1.h" +#include "rsa.h" +#include "sha256.h" #include "task.h" #include "timer.h" #include "util.h" @@ -374,11 +375,11 @@ exit_er: return res; } -static struct sha1_ctx ctx; +static struct sha256_ctx ctx; uint8_t *flash_hash_rw(void) { - sha1_init(&ctx); - sha1_update(&ctx, (void *)CONFIG_FLASH_BASE + CONFIG_FW_RW_OFF, - CONFIG_FW_RW_SIZE - 32); - return sha1_final(&ctx); + SHA256_init(&ctx); + SHA256_update(&ctx, (void *)CONFIG_FLASH_BASE + CONFIG_FW_RW_OFF, + CONFIG_FW_RW_SIZE - RSANUMBYTES); + return SHA256_final(&ctx); } |