diff options
author | Nicolas Boichat <drinkcat@google.com> | 2017-02-10 13:59:39 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-02-17 04:09:37 -0800 |
commit | 07eccbb414962c09d411e8afeb6cfca71aebf838 (patch) | |
tree | cfd29416f3fe0ca397f5606ebbe19773ffa59e94 /test/rsa2048-F4.h | |
parent | cb6e3ec3a0db005e62c94e3d8b667d4ef4a2d8d9 (diff) | |
download | chrome-ec-07eccbb414962c09d411e8afeb6cfca71aebf838.tar.gz |
rwsig: Add support for rwsig image types
usbpd1 futility image type is deprecated and should not be used for
new designs. This adds proper support for rwsig image type.
Key and signatures are added at linker stage step (futility cannot
directly create such signed images). Thanks to VB21 header, rwsig.c
can now tell how many bytes of the RW image need to be
cryptographically verified, and ensure that the rest is blank (0xff).
BRANCH=none
BUG=chromium:690773
TEST=make BOARD=hammer; flash, RW image is verified correctly.
TEST=make runtests -j
TEST=For the rest of the tests:
Change config option to CONFIG_RWSIG_TYPE_RWSIG
TEST=make BOARD=hammer; flash, hammer still verifies correctly.
TEST=cp build/hammer/ec.RW.bin build/hammer/ec.RW.bin.orig;
futility sign --type rwsig --prikey build/hammer/key.vbprik2 \
build/hammer/ec.RW.bin
diff build/hammer/ec.RW.bin build/hammer/ec.RW.bin.orig
=> Same file
TEST=Add CONFIG_CMD_FLASH, flashwrite 0x1e000, reboot, EC does
not verify anymore.
TEST=dump_fmap build/hammer/ec.bin shows KEY_RO and SIG_RW at
correct locations.
Change-Id: I50ec828284c2d1eca67fa8cbddaf6f3b06606c82
Reviewed-on: https://chromium-review.googlesource.com/441546
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Diffstat (limited to 'test/rsa2048-F4.h')
-rw-r--r-- | test/rsa2048-F4.h | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/test/rsa2048-F4.h b/test/rsa2048-F4.h index a145d756ac..afe66a198f 100644 --- a/test/rsa2048-F4.h +++ b/test/rsa2048-F4.h @@ -11,13 +11,9 @@ * # openssl rsa -in key.pem -pubout > key.pub * Then dump the key: * # dumpRSAPublicKey -pub key.pub | xxd -i - * That's a slightly different format, so comment out the 1st 4 bytes (length), - * and move the next 4 to the end (n0inv). */ const uint8_t rsa_data[] = { - /* Length */ - /* 0x40, 0x00, 0x00, 0x00, */ - 0x3d, 0xbe, 0xa2, 0xde, + 0x40, 0x00, 0x00, 0x00, 0xeb, 0xb6, 0x8c, 0xb4, 0x3d, 0xbe, 0xa2, 0xde, 0x0c, 0xa8, 0x6b, 0xcc, 0x1b, 0x58, 0x2e, 0x1b, 0x44, 0x3f, 0xda, 0xdb, 0x1d, 0xe1, 0xe4, 0xfd, 0x4b, 0xc5, 0x34, 0xc9, 0x7e, 0x58, 0xfc, 0x82, 0x6d, 0x95, 0x9f, 0x46, 0x01, 0xaf, 0x7c, 0xa1, 0x50, 0xd5, 0x9c, 0x22, @@ -61,8 +57,6 @@ const uint8_t rsa_data[] = { 0xcf, 0x5a, 0xa2, 0x66, 0x7a, 0xa2, 0x0e, 0x02, 0x56, 0x87, 0x98, 0x67, 0x90, 0xf4, 0x9f, 0x3b, 0xf7, 0xaa, 0x1c, 0xd9, 0xda, 0x0d, 0x49, 0x12, 0x50, 0xa3, 0x70, 0x62, - /* n0inv */ - 0xeb, 0xb6, 0x8c, 0xb4 }; const struct rsa_public_key *rsa_key = (struct rsa_public_key *)rsa_data; |