diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2021-10-10 11:02:57 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-10-19 02:30:49 +0000 |
| commit | fd3d2aa11e2f0248c4ca721c4da2eb6f856a8edb (patch) | |
| tree | ba9e356b94cab51e30752403e42b017743ad0ddb /board | |
| parent | 2bf2051125c993a1bcc5584803ab5f06bd675c93 (diff) | |
| download | chrome-ec-fd3d2aa11e2f0248c4ca721c4da2eb6f856a8edb.tar.gz | |
ap_ro_verification: rework to match the new GVD layout
As a result of further discussion GVD layout has been changed to
include signature and root key headers in the GVD header. This patch
makes modification to accommodate the new header structure.
BUG=b:141191727
TEST=A guybrush RO image created in vboot reference tree as follows:
build/futility/futility vbutil_keyblock --pack ~/tmp/packed \
--datapubkey tests/devkeys/firmware_data_key.vbpubk \
--signprivate tests/devkeys/kernel_subkey.vbprivk
build/futility/futility gscvd --outfile ~/tmp/guybrush-signed \
-R 818100:10000,f00000:100,f80000:2000,f8c000:1000 \
-k ~/tmp/packed -p tests/devkeys/firmware_data_key.vbprivk \
-b 5a5a4352 -r tests/devkeys/kernel_subkey.vbpubk \
~/tmp/image-guybrush.serial.bin
A guybrush device was programmed with ~/tmp/guybrush-signed, and AP
RO verification was attempted by pressing the appropriate button
combination, GVD verification succeeded.
Generate a signed image again, using an incorrect Board ID value, try
verification, observe failure due to incorrect Board ID.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I4da753649eef6e10353619e0f7af19d2f6846b75
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3224808
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'board')
| -rw-r--r-- | board/cr50/ap_ro_root_key_hash.inc | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/board/cr50/ap_ro_root_key_hash.inc b/board/cr50/ap_ro_root_key_hash.inc index 77cd53bd8f..af6ffa53fc 100644 --- a/board/cr50/ap_ro_root_key_hash.inc +++ b/board/cr50/ap_ro_root_key_hash.inc @@ -10,7 +10,8 @@ * sha256sum tests/devkeys/kernel_subkey.vbpubk */ -0x36, 0xb9, 0xc5, 0xfa, 0x6f, 0x5d, 0x04, 0x32, -0xb9, 0xac, 0xbe, 0x8e, 0x2b, 0x7d, 0xa2, 0xe6, -0x02, 0x16, 0x2a, 0x87, 0xa4, 0x25, 0x57, 0x5c, -0x6d, 0x7b, 0xa9, 0x75, 0xa0, 0x44, 0x07, 0x08, +0xe4, 0x32, 0xf2, 0x3d, 0x81, 0x1b, 0xe7, 0x95, +0xaf, 0x8d, 0xdf, 0x60, 0x01, 0xd2, 0xa6, 0xc3, +0xe2, 0x67, 0x5e, 0x32, 0x90, 0xbc, 0x02, 0x41, +0x00, 0xe2, 0xa1, 0x0d, 0x0f, 0xd9, 0xc6, 0xee + |