diff options
| author | Jimmy Zhang <jimmzhang@nvidia.com> | 2015-10-19 16:01:54 -0700 |
|---|---|---|
| committer | Stephen Warren <swarren@nvidia.com> | 2015-10-19 17:33:18 -0600 |
| commit | dc126cfdc11bccbdb37708598451d6cabb5d02c2 (patch) | |
| tree | b87d69aec7df2db6211a255b17dbfd8671cb9cef /src/t210 | |
| parent | d4d2e8a65ce794836abbe3d0115e13a39c01edf2 (diff) | |
| download | cbootimage-dc126cfdc11bccbdb37708598451d6cabb5d02c2.tar.gz | |
Add support for update pubkey and rsa-pss signatures
Create new configuration keywords:
RsaKeyModulusFile: pubkey modulus
RsaPssSigBlFile: bootloader rsa pss signature
RsaPssSigBctFile: bct rsa pss signature
Sample Configuration file update_bl_sig.cfg
RsaKeyModulusFile = pubkey.mod;
RsaPssSigBlFile = bl.sig;
where pubkey.mod and bl.sig are files that contain the public key
modulus and bootloader's rsa-pss signature respectively.
public key modulus and signature are created through utilities
outside cbootimage.
Command line example:
$ cbootimage -s tegra210 -u update_bl_sig.cfg image.bin image.bin-bl-signed
Above three new keywords added in this CL are only implemented to support
for T210.
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Diffstat (limited to 'src/t210')
| -rw-r--r-- | src/t210/nvbctlib_t210.c | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/src/t210/nvbctlib_t210.c b/src/t210/nvbctlib_t210.c index 9921bbb..3380411 100644 --- a/src/t210/nvbctlib_t210.c +++ b/src/t210/nvbctlib_t210.c @@ -113,7 +113,10 @@ parse_token t210_root_token_list[] = { token_crypto_length, token_max_bct_search_blks, token_unique_chip_id, - token_secure_debug_control + token_secure_debug_control, + token_rsa_key_modulus, + token_rsa_pss_sig_bl, + token_rsa_pss_sig_bct }; int @@ -2174,6 +2177,28 @@ t210_bct_get_value(parse_token id, void *data, u_int8_t *bct) } int +t210_bct_get_value_size(parse_token id) +{ + switch (id) { + case token_rsa_key_modulus: + return sizeof(nvboot_rsa_key_modulus); + + case token_rsa_pss_sig_bl: + return sizeof(nvboot_rsa_pss_sig); + + case token_rsa_pss_sig_bct: + return sizeof(nvboot_rsa_pss_sig); + + /* + * Other bct fields can be added in when needed + */ + default: + return -ENODATA; + } + return 0; +} + +int t210_bct_set_value(parse_token id, void *data, u_int8_t *bct) { nvboot_config_table *bct_ptr = (nvboot_config_table *)bct; @@ -2198,6 +2223,26 @@ t210_bct_set_value(parse_token id, void *data, u_int8_t *bct) memcpy(&bct_ptr->unique_chip_id, data, sizeof(nvboot_ecid)); break; + case token_rsa_key_modulus: + reverse_byte_order((u_int8_t *)&bct_ptr->key, data, + sizeof(nvboot_rsa_key_modulus)); + break; + + case token_rsa_pss_sig_bl: + /* + * Update bootloader 0 since there is only one copy + * of bootloader being built in. + */ + reverse_byte_order( + (u_int8_t *)&bct_ptr->bootloader[0].signature.rsa_pss_sig, + data, sizeof(nvboot_rsa_pss_sig)); + break; + + case token_rsa_pss_sig_bct: + reverse_byte_order((u_int8_t *)&bct_ptr->signature.rsa_pss_sig, + data, sizeof(nvboot_rsa_pss_sig)); + break; + default: return -ENODATA; } @@ -2279,6 +2324,7 @@ cbootimage_soc_config tegra210_config = { .getbl_param = t210_getbl_param, .set_value = t210_bct_set_value, .get_value = t210_bct_get_value, + .get_value_size = t210_bct_get_value_size, .set_data = t210_bct_set_data, .get_bct_size = t210_get_bct_size, .token_supported = t210_bct_token_supported, |