diff options
-rw-r--r-- | board/cr50/board.h | 9 | ||||
-rw-r--r-- | common/build.mk | 9 | ||||
-rw-r--r-- | common/rma_auth.c | 16 | ||||
-rw-r--r-- | include/config.h | 3 | ||||
-rw-r--r-- | test/test_config.h | 9 |
5 files changed, 26 insertions, 20 deletions
diff --git a/board/cr50/board.h b/board/cr50/board.h index 6bf889dad9..c87cd3e651 100644 --- a/board/cr50/board.h +++ b/board/cr50/board.h @@ -352,15 +352,6 @@ enum nvmem_users { #define CONFIG_RMA_AUTH #define CONFIG_RNG -/* Should be eventually injected into the image at build time. */ -#define CONFIG_RMA_AUTH_SERVER_PUBLIC_KEY { \ - 0xe3, 0xe5, 0x66, 0xf3, 0x12, 0x25, 0x74, 0xba, \ - 0xb3, 0x8f, 0x9f, 0x41, 0x80, 0x3b, 0x58, 0x9a, \ - 0xb0, 0xdc, 0x71, 0x64, 0x1b, 0x6d, 0x22, 0x82, \ - 0x9f, 0x22, 0x31, 0xb3, 0x56, 0x94, 0x8e, 0x13} - -#define CONFIG_RMA_AUTH_SERVER_KEY_ID 0 - #define CONFIG_ENABLE_H1_ALERTS #endif /* __CROS_EC_BOARD_H */ diff --git a/common/build.mk b/common/build.mk index e6b6a2da6c..37e8a322c1 100644 --- a/common/build.mk +++ b/common/build.mk @@ -172,3 +172,12 @@ ifneq ($(touchpad_fw_ls),$(old_touchpad_fw_ls)) .PHONY: $(out)/.touchpad_fw endif endif + +ifeq ($(TEST_BUILD),) + +$(out)/RW/common/rma_auth.o: $(out)/rma_key_from_blob.h + +$(out)/rma_key_from_blob.h: board/$(BOARD)/rma_key_blob.test util/bin2h.sh + $(Q)util/bin2h.sh RMA_KEY_BLOB $< $@ + +endif diff --git a/common/rma_auth.c b/common/rma_auth.c index 9d137b6b25..f5217b3938 100644 --- a/common/rma_auth.c +++ b/common/rma_auth.c @@ -22,6 +22,10 @@ #include "tpm_vendor_cmds.h" #include "util.h" +#ifndef TEST_BUILD +#include "rma_key_from_blob.h" +#endif + #ifdef CONFIG_DCRYPTO #include "dcrypto.h" #else @@ -38,11 +42,15 @@ /* Server public key and key ID */ static const struct { - uint8_t server_pub_key[32]; - uint8_t server_key_id; + union { + uint8_t raw_blob[33]; + struct { + uint8_t server_pub_key[32]; + uint8_t server_key_id; + }; + }; } __packed rma_key_blob = { - CONFIG_RMA_AUTH_SERVER_PUBLIC_KEY, - CONFIG_RMA_AUTH_SERVER_KEY_ID + .raw_blob = RMA_KEY_BLOB }; BUILD_ASSERT(sizeof(rma_key_blob) == 33); diff --git a/include/config.h b/include/config.h index 98e28b7078..69525249a5 100644 --- a/include/config.h +++ b/include/config.h @@ -2264,9 +2264,6 @@ /* Support RMA auth challenge-response */ #undef CONFIG_RMA_AUTH -/* If that's defined, the server public key and ID must also be defined */ -#undef CONFIG_RMA_AUTH_SERVER_PUBLIC_KEY /* 32 bytes: {0xNN, 0xNN, ... 0xNN} */ -#undef CONFIG_RMA_AUTH_SERVER_KEY_ID /* 6-bit key ID, 0xMM */ /* Enable hardware Random Number generator support */ #undef CONFIG_RNG diff --git a/test/test_config.h b/test/test_config.h index f46e61443f..1239e3c394 100644 --- a/test/test_config.h +++ b/test/test_config.h @@ -61,11 +61,14 @@ #ifdef TEST_RMA_AUTH /* Test server public and private keys */ -#define RMA_TEST_SERVER_PUBLIC_KEY { \ +#define RMA_KEY_BLOB { \ 0x03, 0xae, 0x2d, 0x2c, 0x06, 0x23, 0xe0, 0x73, \ 0x0d, 0xd3, 0xb7, 0x92, 0xac, 0x54, 0xc5, 0xfd, \ 0x7e, 0x9c, 0xf0, 0xa8, 0xeb, 0x7e, 0x2a, 0xb5, \ - 0xdb, 0xf4, 0x79, 0x5f, 0x8a, 0x0f, 0x28, 0x3f} + 0xdb, 0xf4, 0x79, 0x5f, 0x8a, 0x0f, 0x28, 0x3f, \ + 0x10 \ + } + #define RMA_TEST_SERVER_PRIVATE_KEY { \ 0x47, 0x3b, 0xa5, 0xdb, 0xc4, 0xbb, 0xd6, 0x77, \ 0x20, 0xbd, 0xd8, 0xbd, 0xc8, 0x7a, 0xbb, 0x07, \ @@ -76,8 +79,6 @@ #define CONFIG_BASE32 #define CONFIG_CURVE25519 #define CONFIG_RMA_AUTH -#define CONFIG_RMA_AUTH_SERVER_PUBLIC_KEY RMA_TEST_SERVER_PUBLIC_KEY -#define CONFIG_RMA_AUTH_SERVER_KEY_ID RMA_TEST_SERVER_KEY_ID #define CONFIG_RNG #define CONFIG_SHA256 #define CC_EXTENSION CC_COMMAND |