futility: Support for signing RO+RW firmwarestabilize-smaug-7547.B

This adds the "rwsig" type, with initial support for RO+RW
firmware images that need to verify themselves instead of using
software sync. This uses our vb2 structs instead of raw binary
blobs. That will help us locate, identify, and verify the keys
and signatures in the signed firmware images.

BUG=chrome-os-partner:46254
BRANCH=smaug,ToT
TEST=make runtests

I also hacked up a test board with the EC-side signature
verification routines from a preliminary CL and tested this
signing scheme with that. It works.

Additional work is needed to make this seamless, but you can try
it out like so:

  futility create ./tests/testkeys/key_rsa2048.pem foo

  futility sign --type rwsig --prikey foo.vbprik2 --pubkey foo.vbpubk2 ec.bin

Change-Id: I876ab312a2b0b36411c5f739fe3252529728d034
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/305394
Reviewed-by: Randall Spangler <rspangler@chromium.org>

1 files changed, 2 insertions, 2 deletions

diff --git a/futility/file_type_usbpd1.c b/futility/file_type_usbpd1.c
index acf3de06..36cb5cf2 100644
--- a/futility/file_type_usbpd1.c
+++ b/futility/file_type_usbpd1.c
@@ -12,7 +12,7 @@
  * and the image itself just looks like a bunch of random numbers.
  *
  * This file handles those images, but PLEASE don't use it as a template for
- * new devices.
+ * new devices. Look at file_type_rwsig.c instead.
  */
 
 #include <stdint.h>
@@ -259,7 +259,7 @@ static enum vb2_signature_algorithm sigs[] = {
 	VB2_SIG_RSA4096,
 	VB2_SIG_RSA8192,
 };
-enum vb2_hash_algorithm hashes[] = {
+static enum vb2_hash_algorithm hashes[] = {
 	VB2_HASH_SHA256,
 	VB2_HASH_SHA1,
 	VB2_HASH_SHA512,