| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We're going to add more rwsig-related functions, and adding them
to rsa.h seems increasingly incorrect.
BRANCH=none
BUG=b:35587171
TEST=make buildall -j
Change-Id: I334c1774ce9a6ed8e219140f65ebe94d653e22d2
Reviewed-on: https://chromium-review.googlesource.com/468708
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current code puts key at the end of the first half of flash, which
may not match the actual RO section size (e.g., it might be PSTATE,
not RO). This makes sure the key to be at the end of RO section, and
signature at the end of RW section, no matter the actual layout
being used.
However, the (deprecated) usbpd1 image type assumes that flash is
equally split between RO and RW, so we do not change that.
BRANCH=none
BUG=chrome-os-partner:61671
TEST=make BOARD=hammer -j && deploy
TEST=make BOARD=hoho -j && \
futility show --type usbpd1 build/hoho/ec.bin
Change-Id: Ia02e927f9128d6ec3d0b780c28312e0d18835d72
Reviewed-on: https://chromium-review.googlesource.com/426100
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
usbpd1 futility image type is deprecated and should not be used for
new designs. This adds proper support for rwsig image type.
Key and signatures are added at linker stage step (futility cannot
directly create such signed images). Thanks to VB21 header, rwsig.c
can now tell how many bytes of the RW image need to be
cryptographically verified, and ensure that the rest is blank (0xff).
BRANCH=none
BUG=chromium:690773
TEST=make BOARD=hammer; flash, RW image is verified correctly.
TEST=make runtests -j
TEST=For the rest of the tests:
Change config option to CONFIG_RWSIG_TYPE_RWSIG
TEST=make BOARD=hammer; flash, hammer still verifies correctly.
TEST=cp build/hammer/ec.RW.bin build/hammer/ec.RW.bin.orig;
futility sign --type rwsig --prikey build/hammer/key.vbprik2 \
build/hammer/ec.RW.bin
diff build/hammer/ec.RW.bin build/hammer/ec.RW.bin.orig
=> Same file
TEST=Add CONFIG_CMD_FLASH, flashwrite 0x1e000, reboot, EC does
not verify anymore.
TEST=dump_fmap build/hammer/ec.bin shows KEY_RO and SIG_RW at
correct locations.
Change-Id: I50ec828284c2d1eca67fa8cbddaf6f3b06606c82
Reviewed-on: https://chromium-review.googlesource.com/441546
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For signed EC RW images (CONFIG_RWSIG), there's no point in
embedding the public key or signature into the image itself since
it will just be replaced by the signer (either as the next step
in the build process, or after the fact for MP releases). This
takes that out and just points to where the pubkey and signature
will be placed.
BUG=none
BRANCH=none
TEST=make buildall
I also checked the signatures with
futility show -t build/*/ec.bin
They still look good, and the one signed image I booted (Cr50)
works as before.
Change-Id: Ib39b7c508914851f81a1bebb2450e08ef0def76c
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/302630
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This unifies all the EC header files to use __CROS_EC_FILENAME_H
as the include guard. Well, except for test/ util/ and extra/
which use __TEST_ __UTIL_ and __EXTRA_ prefixes respectively.
BUG=chromium:496895
BRANCH=none
TEST=make buildall -j
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: Iea71b3a08bdec94a11239de810a2b2e152b15029
Reviewed-on: https://chromium-review.googlesource.com/278121
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For accessories without software-sync mechanism, add the option to do a
RSA-based signature verification of the Read-Write firmware.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=samus
BUG=chrome-os-partner:31192
TEST=enable the configuration on Fruitpie and see the RW firmware
validated and jump to. Tried with good and bad RW images.
Change-Id: I3c886c2cbe17ca9543e19bf8599061c3f9751d4f
Reviewed-on: https://chromium-review.googlesource.com/229594
Reviewed-by: Todd Broch <tbroch@chromium.org>
Commit-Queue: Todd Broch <tbroch@chromium.org>
Tested-by: Todd Broch <tbroch@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow to use larger RSA keys by setting CONFIG_RSA_KEY_SIZE to 4096 or
8192 rather than using the default 2048-bit size.
It's mainly for benchmarking purpose right now as we don't have the RAM
to store the 3x key size buffer and the flash space for the public key
structure.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=samus
BUG=none
TEST=build Zinger with CONFIG_RSA_KEY_SIZE equals to 4096 and run it.
Change-Id: I9839121bf158d0a30dde1e48d875f345191bfec2
Reviewed-on: https://chromium-review.googlesource.com/228925
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
|
|
2048-bit RSA public key cryptography signature verification code
which uses a pre-processed key for computation.
it is based on the code from vboot :
platform/vboot_reference/firmware/2lib/2rsa.c
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=samus
BUG=chrome-os-partner:28336
TEST=using following CL, on Zinger, verify RW firmware signature.
Change-Id: I681a29144eb805cd5758aa6efe697ce2f656a298
Reviewed-on: https://chromium-review.googlesource.com/220186
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Alec Berg <alecaberg@chromium.org>
Commit-Queue: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
|