diff options
author | Nicolas Boichat <drinkcat@google.com> | 2017-02-10 13:59:39 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-02-17 04:09:37 -0800 |
commit | 07eccbb414962c09d411e8afeb6cfca71aebf838 (patch) | |
tree | cfd29416f3fe0ca397f5606ebbe19773ffa59e94 /include/2id.h | |
parent | cb6e3ec3a0db005e62c94e3d8b667d4ef4a2d8d9 (diff) | |
download | chrome-ec-07eccbb414962c09d411e8afeb6cfca71aebf838.tar.gz |
rwsig: Add support for rwsig image types
usbpd1 futility image type is deprecated and should not be used for
new designs. This adds proper support for rwsig image type.
Key and signatures are added at linker stage step (futility cannot
directly create such signed images). Thanks to VB21 header, rwsig.c
can now tell how many bytes of the RW image need to be
cryptographically verified, and ensure that the rest is blank (0xff).
BRANCH=none
BUG=chromium:690773
TEST=make BOARD=hammer; flash, RW image is verified correctly.
TEST=make runtests -j
TEST=For the rest of the tests:
Change config option to CONFIG_RWSIG_TYPE_RWSIG
TEST=make BOARD=hammer; flash, hammer still verifies correctly.
TEST=cp build/hammer/ec.RW.bin build/hammer/ec.RW.bin.orig;
futility sign --type rwsig --prikey build/hammer/key.vbprik2 \
build/hammer/ec.RW.bin
diff build/hammer/ec.RW.bin build/hammer/ec.RW.bin.orig
=> Same file
TEST=Add CONFIG_CMD_FLASH, flashwrite 0x1e000, reboot, EC does
not verify anymore.
TEST=dump_fmap build/hammer/ec.bin shows KEY_RO and SIG_RW at
correct locations.
Change-Id: I50ec828284c2d1eca67fa8cbddaf6f3b06606c82
Reviewed-on: https://chromium-review.googlesource.com/441546
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Diffstat (limited to 'include/2id.h')
-rw-r--r-- | include/2id.h | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/include/2id.h b/include/2id.h new file mode 100644 index 0000000000..8daa4d27db --- /dev/null +++ b/include/2id.h @@ -0,0 +1,32 @@ +/* Copyright 2015 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Key ID, used to quickly match keys with signatures. There's not a standard + * fingerprint for private keys, so we're using the sha1sum of the public key + * in our keyb format. Pretty much anything would work as long as it's + * resistant to collisions and easy to compare. + * + * Note: This file is copied from + * src/platform/vboot_reference/firmware/2lib/include/2id.h + * and should be updated if necessary. + */ + +#ifndef VBOOT_REFERENCE_VBOOT_2ID_H_ +#define VBOOT_REFERENCE_VBOOT_2ID_H_ +#include <stdint.h> + +#define VB2_ID_NUM_BYTES 20 + +struct vb2_id { + uint8_t raw[VB2_ID_NUM_BYTES]; +} __attribute__((packed)); + +#define EXPECTED_ID_SIZE VB2_ID_NUM_BYTES + +/* IDs to use for "keys" with sig_alg==VB2_SIG_NONE */ +#define VB2_ID_NONE_SHA1 {{0x00, 0x01,}} +#define VB2_ID_NONE_SHA256 {{0x02, 0x56,}} +#define VB2_ID_NONE_SHA512 {{0x05, 0x12,}} + +#endif /* VBOOT_REFERENCE_VBOOT_2ID_H_ */ |