summaryrefslogtreecommitdiff
path: root/include/rsa.h
Commit message (Collapse)AuthorAgeFilesLines
* common: Split rwsig parts from rsa.h headerNicolas Boichat2017-04-111-61/+0
| | | | | | | | | | | | | | | | We're going to add more rwsig-related functions, and adding them to rsa.h seems increasingly incorrect. BRANCH=none BUG=b:35587171 TEST=make buildall -j Change-Id: I334c1774ce9a6ed8e219140f65ebe94d653e22d2 Reviewed-on: https://chromium-review.googlesource.com/468708 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
* rwsig: Put key/signature at the end of RO/RW sectionsNicolas Boichat2017-02-221-4/+17
| | | | | | | | | | | | | | | | | | | | | | | Current code puts key at the end of the first half of flash, which may not match the actual RO section size (e.g., it might be PSTATE, not RO). This makes sure the key to be at the end of RO section, and signature at the end of RW section, no matter the actual layout being used. However, the (deprecated) usbpd1 image type assumes that flash is equally split between RO and RW, so we do not change that. BRANCH=none BUG=chrome-os-partner:61671 TEST=make BOARD=hammer -j && deploy TEST=make BOARD=hoho -j && \ futility show --type usbpd1 build/hoho/ec.bin Change-Id: Ia02e927f9128d6ec3d0b780c28312e0d18835d72 Reviewed-on: https://chromium-review.googlesource.com/426100 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
* rwsig: Add support for rwsig image typesNicolas Boichat2017-02-171-0/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | usbpd1 futility image type is deprecated and should not be used for new designs. This adds proper support for rwsig image type. Key and signatures are added at linker stage step (futility cannot directly create such signed images). Thanks to VB21 header, rwsig.c can now tell how many bytes of the RW image need to be cryptographically verified, and ensure that the rest is blank (0xff). BRANCH=none BUG=chromium:690773 TEST=make BOARD=hammer; flash, RW image is verified correctly. TEST=make runtests -j TEST=For the rest of the tests: Change config option to CONFIG_RWSIG_TYPE_RWSIG TEST=make BOARD=hammer; flash, hammer still verifies correctly. TEST=cp build/hammer/ec.RW.bin build/hammer/ec.RW.bin.orig; futility sign --type rwsig --prikey build/hammer/key.vbprik2 \ build/hammer/ec.RW.bin diff build/hammer/ec.RW.bin build/hammer/ec.RW.bin.orig => Same file TEST=Add CONFIG_CMD_FLASH, flashwrite 0x1e000, reboot, EC does not verify anymore. TEST=dump_fmap build/hammer/ec.bin shows KEY_RO and SIG_RW at correct locations. Change-Id: I50ec828284c2d1eca67fa8cbddaf6f3b06606c82 Reviewed-on: https://chromium-review.googlesource.com/441546 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
* cleanup: Handle signed RW images a bit cleanerBill Richardson2015-09-251-1/+29
| | | | | | | | | | | | | | | | | | | | | | | | | For signed EC RW images (CONFIG_RWSIG), there's no point in embedding the public key or signature into the image itself since it will just be replaced by the signer (either as the next step in the build process, or after the fact for MP releases). This takes that out and just points to where the pubkey and signature will be placed. BUG=none BRANCH=none TEST=make buildall I also checked the signatures with futility show -t build/*/ec.bin They still look good, and the one signed image I booted (Cr50) works as before. Change-Id: Ib39b7c508914851f81a1bebb2450e08ef0def76c Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/302630 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* cleanup: fix all the header guardsBill Richardson2015-06-181-3/+3
| | | | | | | | | | | | | | | This unifies all the EC header files to use __CROS_EC_FILENAME_H as the include guard. Well, except for test/ util/ and extra/ which use __TEST_ __UTIL_ and __EXTRA_ prefixes respectively. BUG=chromium:496895 BRANCH=none TEST=make buildall -j Signed-off-by: Bill Richardson <wfrichar@chromium.org> Change-Id: Iea71b3a08bdec94a11239de810a2b2e152b15029 Reviewed-on: https://chromium-review.googlesource.com/278121 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* Add RW firmware signature verification for common runtimeVincent Palatin2014-12-011-0/+2
| | | | | | | | | | | | | | | | | | For accessories without software-sync mechanism, add the option to do a RSA-based signature verification of the Read-Write firmware. Signed-off-by: Vincent Palatin <vpalatin@chromium.org> BRANCH=samus BUG=chrome-os-partner:31192 TEST=enable the configuration on Fruitpie and see the RW firmware validated and jump to. Tried with good and bad RW images. Change-Id: I3c886c2cbe17ca9543e19bf8599061c3f9751d4f Reviewed-on: https://chromium-review.googlesource.com/229594 Reviewed-by: Todd Broch <tbroch@chromium.org> Commit-Queue: Todd Broch <tbroch@chromium.org> Tested-by: Todd Broch <tbroch@chromium.org>
* rsa: add support for 4096 and 8192 bit keysVincent Palatin2014-11-151-3/+31
| | | | | | | | | | | | | | | | | | | | | Allow to use larger RSA keys by setting CONFIG_RSA_KEY_SIZE to 4096 or 8192 rather than using the default 2048-bit size. It's mainly for benchmarking purpose right now as we don't have the RAM to store the 3x key size buffer and the flash space for the public key structure. Signed-off-by: Vincent Palatin <vpalatin@chromium.org> BRANCH=samus BUG=none TEST=build Zinger with CONFIG_RSA_KEY_SIZE equals to 4096 and run it. Change-Id: I9839121bf158d0a30dde1e48d875f345191bfec2 Reviewed-on: https://chromium-review.googlesource.com/228925 Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Vincent Palatin <vpalatin@chromium.org> Tested-by: Vincent Palatin <vpalatin@chromium.org>
* add RSA signature verification codeVincent Palatin2014-09-301-0/+26
2048-bit RSA public key cryptography signature verification code which uses a pre-processed key for computation. it is based on the code from vboot : platform/vboot_reference/firmware/2lib/2rsa.c Signed-off-by: Vincent Palatin <vpalatin@chromium.org> BRANCH=samus BUG=chrome-os-partner:28336 TEST=using following CL, on Zinger, verify RW firmware signature. Change-Id: I681a29144eb805cd5758aa6efe697ce2f656a298 Reviewed-on: https://chromium-review.googlesource.com/220186 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Alec Berg <alecaberg@chromium.org> Commit-Queue: Vincent Palatin <vpalatin@chromium.org> Tested-by: Vincent Palatin <vpalatin@chromium.org>
View Lorry Controller Status