diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2022-03-25 10:46:34 -0700 |
|---|---|---|
| committer | Vadim Bendebury <vbendeb@chromium.org> | 2022-03-30 17:06:35 +0000 |
| commit | 4abb7e065dcdc9fa15b34da2ac53d9ab1e6a9db8 (patch) | |
| tree | 85cad49200eaa7779b2a7536df2a458ba5444ed2 | |
| parent | 26187f1d4e2534fe9d2fe90e7ce82af23ada1866 (diff) | |
| download | vboot-4abb7e065dcdc9fa15b34da2ac53d9ab1e6a9db8.tar.gz | |
sign_gsc_firmware: drop version number check for node locked images
With introduction of Ti50 images the version of the eraseflashinfo
capable images must change, which will prevent signing scripts from
accepting Ti50 images from node locked signing.
Enforcing the version number is proving to be a larger pain that in is
worth: we do need to modify the version once in a while, and it takes
a lot of effort and time to propagate the version adjustment through
signing stages.
We already have a quorum requirement for eraseflashinfo capable node
locked images, this provides enough guarantee from accidental signing
or malicious signing of such an image, version number enforcement does
not add security.
BRANCH=none
BUG=b:219774807
TEST=none
Change-Id: Ifd5ac17540595d71210445e6ad573c81fc25a47a
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3553419
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
| -rwxr-xr-x | scripts/image_signing/sign_gsc_firmware.sh | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/scripts/image_signing/sign_gsc_firmware.sh b/scripts/image_signing/sign_gsc_firmware.sh index af7b7dad..a5945ceb 100755 --- a/scripts/image_signing/sign_gsc_firmware.sh +++ b/scripts/image_signing/sign_gsc_firmware.sh @@ -148,13 +148,11 @@ paste_bin() { # needs to be verified and in certain cases altered. # # The function verifies that the input manifest is a proper json file, and -# that the manifest conforms to GSC version numbering and board ID flags -# conventions for various build images: -# -# - only binaries where version is set to CR50_NODE_LOCKED_VERSION can be -# converted to node locked images. Board IDs for node locked images come -# from signing instructions, and the config1 manifest field value must have -# the 0x80000000 bit set. +# that the manifest conforms to GSC board ID flags conventions for various +# build images: + +# - board IDs for node locked images come from signing instructions, and the +# config1 manifest field value must have the 0x80000000 bit set. # # - when signing pre-pvt binaries (major version number is even) the 0x10 # flags bit must be set. @@ -198,11 +196,6 @@ verify_and_prepare_gsc_manifest() { if [[ -z ${INSN_DEVICE_ID:-} ]]; then die "Node locked target without Device ID value" fi - # Case of a node locked image, it must have the fixed version. - if [[ "${epoch}.${major}.${minor}" != "${CR50_NODE_LOCKED_VERSION}" ]] - then - die "Won't create node locked images for version $epoch.$major.$minor" - fi local sub local devid0 |