futility: add subcommand for creating and verifying the RO_GSCVD area

The help text of the new subcommand is as follows: ------- This utility creates an RO verification space in the Chrome OS AP firmware image or allows to validate a previously prepared image containing the RO verification space. Usage: futilitygscvd PARAMS <AP FIRMWARE FILE> [<root key hash>] Creation of RO Verification space: Required PARAMS: -R|--ranges STRING Comma separated colon delimited hex tuples <offset>:<size>, the areas of the RO covered by the signature -r|--root_pub_key <file> The main public key, in .vbpubk format, used to verify platform key -k|--keyblock <file> Signed platform public key in .keyblock format, used for run time RO verifcation -p|--platform_priv <file> Private platform key in .vbprivk format, used for signing RO verification data Optional PARAMS: [--outfile] OUTFILE Output firmware image containing RO verification information Validation of RO Verification space: The only required parameter is <AP FIRMWARE FILE>, if optional <root key hash> is given, it is compared to the hash of the body of the root key found in <AP_FIRMWARE_FILE>. -h|--help Print this message ------- When creating GVD section, the sha256 hash of the root public key payload is printed on stdout, this is the hash to include in the GSC image to for the root key verification. Code converting ASCII hex string into binary is refactored into a misc function. BRANCH=none BUG=b:141191727 TEST=testing included the following steps: . modified guybrush coreboot to allocate an 8KB RO_GSCVD area in FMAP and built a guybrush BIOS image . filled GVD space as described in the source file comments . verified the created space as described in the source file comments . verified AP RO integrity on the GSC size using crrev.com/c/3172256 Change-Id: I51a80be5007a32d5286b93499f71da84f41b3d81 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3174570 Reviewed-by: Julius Werner <jwerner@chromium.org>
author: Vadim Bendebury <vbendeb@chromium.org> 2021-09-21 19:53:34 -0700
committer: Commit Bot <commit-bot@chromium.org> 2021-10-18 22:11:41 +0000
commit: 06780662c89b05684a934ea3a1538df02f512e1c (patch)
tree: 24a1292be3f5812886fcf4706be96301923cd235 /Makefile
parent: 2ffa62d35c7be7217287151ab9de14266ee6df66 (diff)
download: vboot-06780662c89b05684a934ea3a1538df02f512e1c.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/Makefile b/Makefile
index 9e41123d..7d074b42 100644
--- a/Makefile
+++ b/Makefile
@@ -656,6 +656,7 @@ FUTIL_SRCS = \
 	futility/cmd_dump_fmap.c \
 	futility/cmd_dump_kernel_config.c \
 	futility/cmd_gbb_utility.c \
+	futility/cmd_gscvd.c \
 	futility/cmd_load_fmap.c \
 	futility/cmd_pcr.c \
 	futility/cmd_show.c \
@@ -665,9 +666,8 @@ FUTIL_SRCS = \
 	futility/cmd_vbutil_firmware.c \
 	futility/cmd_vbutil_firmware.c \
 	futility/cmd_vbutil_kernel.c \
-	futility/cmd_vbutil_keyblock.c \
-	futility/cmd_vbutil_key.c \
 	futility/cmd_vbutil_key.c \
+	futility/cmd_vbutil_keyblock.c \
 	futility/file_type_bios.c \
 	futility/file_type.c \
 	futility/file_type_rwsig.c \
author	Vadim Bendebury <vbendeb@chromium.org>	2021-09-21 19:53:34 -0700
committer	Commit Bot <commit-bot@chromium.org>	2021-10-18 22:11:41 +0000
commit	06780662c89b05684a934ea3a1538df02f512e1c (patch)
tree	24a1292be3f5812886fcf4706be96301923cd235 /Makefile
parent	2ffa62d35c7be7217287151ab9de14266ee6df66 (diff)
download	vboot-06780662c89b05684a934ea3a1538df02f512e1c.tar.gz