From beaddbf1a365463cdef3ed9dd1d093ff6ff80d70 Mon Sep 17 00:00:00 2001 From: Vincent Palatin Date: Fri, 26 Sep 2014 15:20:42 -0700 Subject: zinger: check RW firmware signature The Zinger RW is now signed with 2048-bit RSA key (using SHA-256 as digest). This CL implements the verification mechanism. note: the RSA key used for signing must be provided as a .pem file. The path to .pem file must be provided in the PEM environment variable. By default, it's using the dev key stored in zinger_dev_key.pem. Signed-off-by: Vincent Palatin BRANCH=samus BUG=chrome-os-partner:28336 TEST=on Zinger, run with properly signed RW firmware and corrupted firmware and check the serial traces. Change-Id: Ia58482458904a3ed72d6b0e95996cae86a0ead83 Reviewed-on: https://chromium-review.googlesource.com/220178 Commit-Queue: Vincent Palatin Tested-by: Vincent Palatin Reviewed-by: Alec Berg --- core/cortex-m/ec.lds.S | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'core/cortex-m') diff --git a/core/cortex-m/ec.lds.S b/core/cortex-m/ec.lds.S index dcadd43a6a..ad0de62289 100644 --- a/core/cortex-m/ec.lds.S +++ b/core/cortex-m/ec.lds.S @@ -209,6 +209,13 @@ SECTIONS /* NOTHING MAY GO AFTER THIS! */ } > IRAM + .flash_suffix : AT(LOADADDR(.data) + SIZEOF(.data)) { + FILL(0xff); + /* Put the public key coefficients at the end of the partition */ + . = ORIGIN(FLASH) + LENGTH(FLASH) - 528; + *(.rsa_pubkey) + } > FLASH + /* The linker won't notice if the .data section is too big to fit, * apparently because we're sending it into IRAM, not FLASH. The following * symbol isn't used by the code, but running "objdump -t *.elf | grep hey" -- cgit v1.2.1