zinger: check RW firmware signature

The Zinger RW is now signed with 2048-bit RSA key (using SHA-256 as
digest).
This CL implements the verification mechanism.

note: the RSA key used for signing must be provided as a .pem file.
The path to .pem file must be provided in the PEM environment variable.
By default, it's using the dev key stored in zinger_dev_key.pem.

Signed-off-by: Vincent Palatin <vpalatin@chromium.org>

BRANCH=samus
BUG=chrome-os-partner:28336
TEST=on Zinger, run with properly signed RW firmware and corrupted
firmware and check the serial traces.

Change-Id: Ia58482458904a3ed72d6b0e95996cae86a0ead83
Reviewed-on: https://chromium-review.googlesource.com/220178
Commit-Queue: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Alec Berg <alecaberg@chromium.org>

1 files changed, 5 insertions, 6 deletions

diff --git a/board/zinger/usb_pd_policy.c b/board/zinger/usb_pd_policy.c
index bc2a0ede3b..f54841bb72 100644
--- a/board/zinger/usb_pd_policy.c
+++ b/board/zinger/usb_pd_policy.c
@@ -378,13 +378,12 @@ int pd_custom_vdm(int port, int cnt, uint32_t *payload, uint32_t **rpayload)
 		break;
 	case VDO_CMD_READ_INFO:
 		hash = flash_hash_rw();
-		/* copy hash into response */
-		memcpy(payload + 1, hash, SHA1_DIGEST_SIZE);
+		/* copy the 20 first bytes of the hash into response */
+		memcpy(payload + 1, hash, 5 * sizeof(uint32_t));
 		/* copy other info into response */
-		payload[SHA1_DIGEST_SIZE/4 + 1] = VDO_INFO(
-						USB_PD_HARDWARE_DEVICE_ID,
-						ver_get_numcommits(),
-						!is_ro_mode());
+		payload[6] = VDO_INFO(USB_PD_HARDWARE_DEVICE_ID,
+					ver_get_numcommits(),
+					!is_ro_mode());
 		rsize = 7;
 		break;
 	case VDO_CMD_FLASH_ERASE: