diff options
| author | Tom Hughes <tomhughes@chromium.org> | 2019-11-18 09:50:44 -0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2019-11-18 18:45:27 +0000 |
| commit | ade2bda733d09458f923e37c67a8b0bc304d906b (patch) | |
| tree | a91b59561f34f952452274f310f0452ed03f5cea | |
| parent | 6747da58fb5c07f34b4bfe27fff6715480ff1ec1 (diff) | |
| download | chrome-ec-ade2bda733d09458f923e37c67a8b0bc304d906b.tar.gz | |
docs/fingerprint: Add details on types of keys
BRANCH=none
BUG=none
TEST=none
Change-Id: I2c0b404ddfbd8e35fcc7455d93c1830167baa564
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1922229
Reviewed-by: Craig Hesling <hesling@chromium.org>
Commit-Queue: Craig Hesling <hesling@chromium.org>
| -rw-r--r-- | docs/fingerprint/fingerprint.md | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/docs/fingerprint/fingerprint.md b/docs/fingerprint/fingerprint.md index 90b6aeeb1c..b54b79d031 100644 --- a/docs/fingerprint/fingerprint.md +++ b/docs/fingerprint/fingerprint.md @@ -128,15 +128,27 @@ for development (through `flash_fp_mcu`) to erase and flash the entire chip. ## Keys The `RO` section of the fingerprint firmware contains the public portion of the -key used to sign the RW firmware. It uses the public key to validate the -signature of the RW firmware before jumping to it. It is not possible to -update the public key stored in the RO firmware once a device has been shipped -(i.e., once the hardware write protect is enabled). - -*** promo -TODO(tomhughes): Add details about different types of keys (`dev`, `premp`, -`mp`, etc). -*** +key used to sign the RW firmware. The RO firmware uses the public key to +validate the signature of the RW firmware before jumping to it. It is not +possible to update the public key stored in the RO firmware once a device has +been shipped (i.e., once [hardware write protection] is enabled). + +Different keys are used to sign the firmware during development and production. +The `dev` key is used for local builds and development and is not private; it +is called `dev_key.pem` and located in the "board" directory for the given +FPMCU (e.g., [`board/nocturne_fp/dev_key.pem`]). After doing a build, the +`ec.bin` in the `build` directory (e.g., `build/nocturne_fp/ec.bin`) will be +signed with the `dev` key. + +The two other types of keys are `premp` and `mp`, which stand for +"pre-mass production" and "mass production", respectively. Both the `premp` and +`mp` keys are only available to the buildbots as part of the official build. +The `premp` is typically used during bringup of new hardware to validate the +signing flow of the buildbots, while the `mp` key is used for PVT and production +devices. + +Switching keys is only possible when the `RO` firmware is not write protected, +since the public portion of the keypair is stored in the `RO` firmware. ### Resources @@ -227,3 +239,4 @@ This would make it a lot easier during both development and testing. [`flashrom`]: https://chromium.googlesource.com/chromiumos/third_party/flashrom/ [STM32F412]: https://www.st.com/resource/en/reference_manual/dm00180369.pdf [STM32H743]: https://www.st.com/resource/en/reference_manual/dm00314099.pdf +[`board/nocturne_fp/dev_key.pem`]: https://chromium.googlesource.com/chromiumos/platform/ec/+/master/board/nocturne_fp/dev_key.pem |