diff options
author | Vadim Bendebury <vbendeb@google.com> | 2021-11-22 21:24:56 -0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-12-03 05:16:14 +0000 |
commit | 3efb6a6cd8e8679b6f95c1088fa5c20cbb327478 (patch) | |
tree | 905cf1bc56b4da92bc4645752cafcfd73ab91af3 | |
parent | dd180f6d8545eace4ccc4569c32dbf7bff0354f5 (diff) | |
download | vboot-3efb6a6cd8e8679b6f95c1088fa5c20cbb327478.tar.gz |
gscvd: add dedicated test keys
This patch extends create_new_keys.sh to generate two additional key
pairs to use for AP RO verification signing. Both new pairs are
RSA4096/SHA256.
The script was ran to generate a new set of keys and the produced AP
RO verification key pairs were copied into tests/devkeys.
BRANCH=none
BUG=b:141191727
TEST=re-signed guybrush AP firmware image following the process
described in cmd_gscvd.c comments, created a Cr50 image
incorporating the new root public key hash, updated the DUT AP
and Cr50 firmware and observed successful AP RO validation.
Change-Id: I03cba1446fc5ffdfef662c5ce1ea3e61950477d4
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3297447
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
-rw-r--r-- | futility/cmd_gscvd.c | 18 | ||||
-rw-r--r-- | scripts/keygeneration/common.sh | 4 | ||||
-rwxr-xr-x | scripts/keygeneration/create_new_keys.sh | 2 | ||||
-rw-r--r-- | tests/devkeys/arv_platform.vbprivk | bin | 0 -> 2356 bytes | |||
-rw-r--r-- | tests/devkeys/arv_platform.vbpubk | bin | 0 -> 1064 bytes | |||
-rw-r--r-- | tests/devkeys/arv_root.vbprivk | bin | 0 -> 2358 bytes | |||
-rw-r--r-- | tests/devkeys/arv_root.vbpubk | bin | 0 -> 1064 bytes |
7 files changed, 15 insertions, 9 deletions
diff --git a/futility/cmd_gscvd.c b/futility/cmd_gscvd.c index 27eb16d8..7fff2933 100644 --- a/futility/cmd_gscvd.c +++ b/futility/cmd_gscvd.c @@ -22,18 +22,18 @@ /* * for testing purposes let's use - * - tests/devkeys/kernel_subkey.vbprivk as the root private key - * - tests/devkeys/kernel_subkey.vbpubk as the root public key + * - tests/devkeys/arv_root.vbprivk as the root private key + * - tests/devkeys/arv_root.vbpubk as the root public key * used for signing of the platform public key - * - tests/devkeys/firmware_data_key.vbprivk signing platform key - * - tests/devkeys/firmware_data_key.vbpubk - public key used for signature + * - tests/devkeys/arv_platform.vbprivk signing platform key + * - tests/devkeys/arv_platform.vbpubk - public key used for signature * verification *------------ * Command to create the signed public key block in ~/tmp/packed: * ./build/futility/futility vbutil_keyblock --pack ~/tmp/packed \ - --datapubkey tests/devkeys/firmware_data_key.vbpubk \ - --signprivate tests/devkeys/kernel_subkey.vbprivk + --datapubkey tests/devkeys/arv_platform.vbpubk \ + --signprivate tests/devkeys/arv_root.vbprivk *------------ * Command to fill RO_GSCVD FMAP area in an AP firmware file. The input AP * firmware file is ~/tmp/image-guybrush.serial.bin, the output signed @@ -41,14 +41,14 @@ * ./build/futility/futility gscvd --outfile ~/tmp/guybrush-signed \ -R 818100:10000,f00000:100,f80000:2000,f8c000:1000,0x00804000:0x00000800 \ - -k ~/tmp/packed -p tests/devkeys/firmware_data_key.vbprivk -b 5a5a4352 \ - -r tests/devkeys/kernel_subkey.vbpubk ~/tmp/image-guybrush.serial.bin + -k ~/tmp/packed -p tests/devkeys/arv_platform.vbprivk -b 5a5a4352 \ + -r tests/devkeys/arv_root.vbpubk ~/tmp/image-guybrush.serial.bin *------------ * Command to validate a previously signed AP firmware file. The hash is the * sha256sum of tests/devkeys/kernel_subkey.vbpubk: * build/futility/futility gscvd ~/tmp/guybrush-signed \ - e432f23d811be795af8ddf6001d2a6c3e2675e3290bc024100e2a10d0fd9c6ee + 3d74429f35be8d34bcb425d4397e2218e6961afed456a78ce30047f5b54ed158 */ /* Command line options processing support. */ diff --git a/scripts/keygeneration/common.sh b/scripts/keygeneration/common.sh index da06f3cf..af6cd717 100644 --- a/scripts/keygeneration/common.sh +++ b/scripts/keygeneration/common.sh @@ -63,6 +63,10 @@ INSTALLER_KERNEL_ALGOID=${RSA4096_SHA512_ALGOID} KERNEL_SUBKEY_ALGOID=${RSA4096_SHA256_ALGOID} KERNEL_DATAKEY_ALGOID=${RSA2048_SHA256_ALGOID} +# AP RO Verification. +ARV_ROOT_ALGOID=${RSA4096_SHA256_ALGOID} +ARV_PLATFORM_ALGOID=${RSA4096_SHA256_ALGOID} + # Keyblock modes determine which boot modes a signing key is valid for use # in verification. # !DEV 0x1 DEV 0x2 diff --git a/scripts/keygeneration/create_new_keys.sh b/scripts/keygeneration/create_new_keys.sh index 11aedc1d..2e1fd22c 100755 --- a/scripts/keygeneration/create_new_keys.sh +++ b/scripts/keygeneration/create_new_keys.sh @@ -169,6 +169,8 @@ main() { make_pair recovery_kernel_data_key ${recovery_kernel_algoid} make_pair minios_kernel_data_key ${minios_kernel_algoid} make_pair installer_kernel_data_key ${installer_kernel_algoid} + make_pair arv_root ${ARV_ROOT_ALGOID} + make_pair arv_platform ${ARV_PLATFORM_ALGOID} # Create the firmware keyblock for use only in Normal mode. This is redundant, # since it's never even checked during Recovery mode. diff --git a/tests/devkeys/arv_platform.vbprivk b/tests/devkeys/arv_platform.vbprivk Binary files differnew file mode 100644 index 00000000..e0bc6700 --- /dev/null +++ b/tests/devkeys/arv_platform.vbprivk diff --git a/tests/devkeys/arv_platform.vbpubk b/tests/devkeys/arv_platform.vbpubk Binary files differnew file mode 100644 index 00000000..2ac3bdeb --- /dev/null +++ b/tests/devkeys/arv_platform.vbpubk diff --git a/tests/devkeys/arv_root.vbprivk b/tests/devkeys/arv_root.vbprivk Binary files differnew file mode 100644 index 00000000..7747717a --- /dev/null +++ b/tests/devkeys/arv_root.vbprivk diff --git a/tests/devkeys/arv_root.vbpubk b/tests/devkeys/arv_root.vbpubk Binary files differnew file mode 100644 index 00000000..aebe2a48 --- /dev/null +++ b/tests/devkeys/arv_root.vbpubk |