diff options
| author | Bill Richardson <wfrichar@chromium.org> | 2015-09-25 14:39:52 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2015-09-25 19:36:37 -0700 |
| commit | 094a81f5deff3b8cf5342138afefef8d8f34f8ff (patch) | |
| tree | 5e0624367d5b9b7ca1c25b877db217b999f8e80c /board/zinger | |
| parent | e9000b22cb0e15df7d1389da30d78e7244086d0b (diff) | |
| download | chrome-ec-094a81f5deff3b8cf5342138afefef8d8f34f8ff.tar.gz | |
cleanup: Handle signed RW images a bit cleaner
For signed EC RW images (CONFIG_RWSIG), there's no point in
embedding the public key or signature into the image itself since
it will just be replaced by the signer (either as the next step
in the build process, or after the fact for MP releases). This
takes that out and just points to where the pubkey and signature
will be placed.
BUG=none
BRANCH=none
TEST=make buildall
I also checked the signatures with
futility show -t build/*/ec.bin
They still look good, and the one signed image I booted (Cr50)
works as before.
Change-Id: Ib39b7c508914851f81a1bebb2450e08ef0def76c
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/302630
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'board/zinger')
| -rw-r--r-- | board/zinger/board.c | 11 | ||||
| -rw-r--r-- | board/zinger/build.mk | 4 |
2 files changed, 3 insertions, 12 deletions
diff --git a/board/zinger/board.c b/board/zinger/board.c index f7552523a5..ac3b95db20 100644 --- a/board/zinger/board.c +++ b/board/zinger/board.c @@ -16,13 +16,6 @@ #include "util.h" #include "version.h" -/* Insert the RSA public key definition */ -const struct rsa_public_key pkey __attribute__((section(".rsa_pubkey"))) = -#include "gen_pub_key.h" -/* The RSA signature is stored at the end of the RW firmware */ -static const void *rw_sig = (void *)CONFIG_PROGRAM_MEMORY_BASE + - CONFIG_RW_MEM_OFF + CONFIG_RW_SIZE - - RSANUMBYTES; /* Large 768-Byte buffer for RSA computation : could be re-use afterwards... */ static uint32_t rsa_workbuf[3 * RSANUMWORDS]; @@ -64,7 +57,9 @@ static int check_rw_valid(void *rw_hash) if (*rw_rst == 0xffffffff) return 0; - good = rsa_verify(&pkey, (void *)rw_sig, rw_hash, rsa_workbuf); + good = rsa_verify((const struct rsa_public_key *)CONFIG_RO_PUBKEY_ADDR, + (const uint8_t *)CONFIG_RW_SIG_ADDR, + rw_hash, rsa_workbuf); if (!good) { debug_printf("RSA FAILED\n"); pd_log_event(PD_EVENT_ACC_RW_FAIL, 0, 0, NULL); diff --git a/board/zinger/build.mk b/board/zinger/build.mk index fd04fe0521..4e9e2f1f6d 100644 --- a/board/zinger/build.mk +++ b/board/zinger/build.mk @@ -12,7 +12,3 @@ CHIP_VARIANT:=stm32f03x board-y=board.o hardware.o runtime.o usb_pd_policy.o board-$(CONFIG_DEBUG_PRINTF)+=debug.o - -# Add dependency to generate the public key coefficients header -$(out)/RO/board/$(BOARD)/board.o: $(out)/gen_pub_key.h -$(out)/RW/board/$(BOARD)/board.o: $(out)/gen_pub_key.h |