From 902a07b5c8efa59e03e57b3c45f17fc1d17e3125 Mon Sep 17 00:00:00 2001
From: Vincent Palatin <vpalatin@chromium.org>
Date: Thu, 13 Nov 2014 08:28:50 -0800
Subject: Add RW firmware signature verification for common runtime

For accessories without software-sync mechanism, add the option to do a
RSA-based signature verification of the Read-Write firmware.

Signed-off-by: Vincent Palatin <vpalatin@chromium.org>

BRANCH=samus
BUG=chrome-os-partner:31192
TEST=enable the configuration on Fruitpie and see the RW firmware
validated and jump to. Tried with good and bad RW images.

Change-Id: I3c886c2cbe17ca9543e19bf8599061c3f9751d4f
Reviewed-on: https://chromium-review.googlesource.com/229594
Reviewed-by: Todd Broch <tbroch@chromium.org>
Commit-Queue: Todd Broch <tbroch@chromium.org>
Tested-by: Todd Broch <tbroch@chromium.org>
---
 common/main.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'common/main.c')

diff --git a/common/main.c b/common/main.c
index 269781f9f6..00bc19df4a 100644
--- a/common/main.c
+++ b/common/main.c
@@ -21,6 +21,7 @@
 #ifdef CONFIG_MPU
 #include "mpu.h"
 #endif
+#include "rsa.h"
 #include "system.h"
 #include "task.h"
 #include "timer.h"
@@ -141,6 +142,14 @@ test_mockable int main(void)
 	keyboard_scan_init();
 #endif
 
+#ifdef CONFIG_RWSIG
+	/*
+	 * Check the RW firmware signature
+	 * and eventually jump to it if it is good.
+	 */
+	check_rw_signature();
+#endif
+
 	/* Initialize the hook library.  This calls HOOK_INIT hooks. */
 	hook_init();
 
-- 
cgit v1.2.1