diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2016-11-11 16:12:27 -0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2016-11-15 17:42:44 -0800 |
| commit | ae632fa21e14dd0e345cdef876268c6ffd8c13cb (patch) | |
| tree | c3e3cf379812a79ea0782cd6d3cbe5b48166d31b | |
| parent | 703d134977e9bf648a8c15512ff7fc89646a86f1 (diff) | |
| download | chrome-ec-ae632fa21e14dd0e345cdef876268c6ffd8c13cb.tar.gz | |
cr50: add a function to tell between prod and dev keys
To keep things simple it has been decided to use a certain key ID bit
as an indication of a prod versus dev key type.
The key ID value is derived from the key value, and is easy to enforce
(by generating another key in case the value does not match the
required key type).
This information will also be available through the cr50 userspace
tool.
BRANCH=none
BUG=chrome-os-partner:58230
TEST=ran the new code on prod and dev devices; On prod:
> sysinfo
Reset flags: 0x00000800 (hard)
Chip: g cr50 B2
RO keyid: 0x3716ee6b(dev)
RW keyid: 0xb93d6539(dev)
DEV_ID: 0x015bb2a9 0x04656742
on dev:
> sysinfo
Reset flags: 0x00000800 (hard)
Chip: g cr50 B2
RO keyid: 0xaa66150f(prod)
RW keyid: 0xde88588d(prod)
DEV_ID: 0x0180305d 0x04656742
Change-Id: I37b12e02eb62f4f86bb58468ee301e77446451da
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/410291
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
| -rw-r--r-- | board/cr50/board.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/board/cr50/board.c b/board/cr50/board.c index 09b0ef022f..46a642b676 100644 --- a/board/cr50/board.c +++ b/board/cr50/board.c @@ -727,6 +727,23 @@ void i2cs_set_pinmux(void) GWRITE_FIELD(PINMUX, EXITEN0, DIOA1, 1); /* enable powerdown exit */ } +/* Determine key type based on the key ID. */ +static const char *key_type(uint32_t key_id) +{ + + /* + * It is a mere convention, but all prod keys are required to have key + * IDs such, that bit D2 is set, and all dev keys are required to have + * key IDs such, that bit D2 is not set. + * + * This convention is enforced at the key generation time. + */ + if (key_id & (1 << 2)) + return "prod"; + else + return "dev"; +} + static int command_sysinfo(int argc, char **argv) { enum system_image_copy_t active; @@ -743,12 +760,12 @@ static int command_sysinfo(int argc, char **argv) active = system_get_ro_image_copy(); vaddr = get_program_memory_addr(active); h = (const struct SignedHeader *)vaddr; - ccprintf("RO keyid: 0x%08x\n", h->keyid); + ccprintf("RO keyid: 0x%08x(%s)\n", h->keyid, key_type(h->keyid)); active = system_get_image_copy(); vaddr = get_program_memory_addr(active); h = (const struct SignedHeader *)vaddr; - ccprintf("RW keyid: 0x%08x\n", h->keyid); + ccprintf("RW keyid: 0x%08x(%s)\n", h->keyid, key_type(h->keyid)); ccprintf("DEV_ID: 0x%08x 0x%08x\n", GREG32(FUSE, DEV_ID0), GREG32(FUSE, DEV_ID1)); |