diff options
author | Joel Kitching <kitching@google.com> | 2021-06-16 05:23:19 +0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-07-05 02:46:24 +0000 |
commit | 9ea1e75805cfb7523729c5f5d48df0d05ced1b11 (patch) | |
tree | 5ce8f16f296b745a800762c42e76e7889ac34d54 /tests/devkeys | |
parent | b95414c73b1b44485a072abdd55e0d8f965deb9d (diff) | |
download | vboot-9ea1e75805cfb7523729c5f5d48df0d05ced1b11.tar.gz |
vboot: introduce minios_kernel.keyblock
miniOS requires a distinct kernel data key, whose dev key pair
is added in this CL as minios_kernel_data_key.vb{pub,priv}k.
A distinct keyblock is also required. The keyblock should set
the kernel keyblock flag MINIOS_1. Other keyblocks are modified
appropriately to set MINIOS_0. Keyblocks were generated using
the following commands:
$ futility vbutil_keyblock
--flags 23
--datapubkey tests/devkeys/ec_data_key.vbpubk
--signprivate tests/devkeys/ec_root_key.vbprivk
--pack tests/devkeys/ec.keyblock
Keyblock file: tests/devkeys/ec.keyblock
Signature valid
Flags: 23 !DEV DEV !REC !MINIOS
Data key algorithm: 7 RSA4096 SHA256
Data key version: 1
Data key sha1sum: 5833470fe934be76753cb6501dbb8fbf88ab272b
$ futility vbutil_keyblock
--flags 23
--datapubkey tests/devkeys/firmware_data_key.vbpubk
--signprivate tests/devkeys/root_key.vbprivk
--pack tests/devkeys/firmware.keyblock
Keyblock file: tests/devkeys/firmware.keyblock
Signature valid
Flags: 23 !DEV DEV !REC !MINIOS
Data key algorithm: 7 RSA4096 SHA256
Data key version: 1
Data key sha1sum: e2c1c92d7d7aa7dfed5e8375edd30b7ae52b7450
$ futility vbutil_keyblock
--flags 27
--datapubkey tests/devkeys/recovery_kernel_data_key.vbpubk
--signprivate tests/devkeys/recovery_key.vbprivk
--pack tests/devkeys/recovery_kernel.keyblock
Keyblock file: tests/devkeys/recovery_kernel.keyblock
Signature valid
Flags: 27 !DEV DEV REC !MINIOS
Data key algorithm: 11 RSA8192 SHA512
Data key version: 1
Data key sha1sum: e78ce746a037837155388a1096212ded04fb86eb
$ futility vbutil_keyblock
--flags 43
--datapubkey tests/devkeys/minios_kernel_data_key.vbpubk
--signprivate tests/devkeys/recovery_key.vbprivk
--pack tests/devkeys/minios_kernel.keyblock
Keyblock file: tests/devkeys/minios_kernel.keyblock
Signature valid
Flags: 43 !DEV DEV REC MINIOS
Data key algorithm: 8 RSA4096 SHA512
Data key version: 1
Data key sha1sum: 65441886bc54cbfe3a7308b650806f4b61d8d142
$ futility vbutil_keyblock
--flags 23
--datapubkey tests/devkeys/kernel_data_key.vbpubk
--signprivate tests/devkeys/kernel_subkey.vbprivk
--pack tests/devkeys/kernel.keyblock
Keyblock file: tests/devkeys/kernel.keyblock
Signature valid
Flags: 23 !DEV DEV !REC !MINIOS
Data key algorithm: 4 RSA2048 SHA256
Data key version: 1
Data key sha1sum: d6170aa480136f1f29cf339a5ab1b960585fa444
$ futility vbutil_keyblock
--flags 26
--datapubkey tests/devkeys/installer_kernel_data_key.vbpubk
--signprivate tests/devkeys/recovery_key.vbprivk
--pack tests/devkeys/installer_kernel.keyblock
Keyblock file: tests/devkeys/installer_kernel.keyblock
Signature valid
Flags: 26 DEV REC !MINIOS
Data key algorithm: 11 RSA8192 SHA512
Data key version: 1
Data key sha1sum: e78ce746a037837155388a1096212ded04fb86eb
BUG=b:188121855
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I5b3e4def83ff29ca156b3c84dfcb8398f4985e67
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2965485
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Diffstat (limited to 'tests/devkeys')
-rw-r--r-- | tests/devkeys/ec.keyblock | bin | 1720 -> 1720 bytes |
-rw-r--r-- | tests/devkeys/firmware.keyblock | bin | 2232 -> 2232 bytes |
-rw-r--r-- | tests/devkeys/installer_kernel.keyblock | bin | 3256 -> 3256 bytes |
-rw-r--r-- | tests/devkeys/kernel.keyblock | bin | 1208 -> 1208 bytes |
-rw-r--r-- | tests/devkeys/minios_kernel.keyblock | bin | 0 -> 2232 bytes |
-rw-r--r-- | tests/devkeys/minios_kernel_data_key.vbprivk | bin | 0 -> 2356 bytes |
-rw-r--r-- | tests/devkeys/minios_kernel_data_key.vbpubk | bin | 0 -> 1064 bytes |
-rw-r--r-- | tests/devkeys/recovery_kernel.keyblock | bin | 3256 -> 3256 bytes |
8 files changed, 0 insertions, 0 deletions
diff --git a/tests/devkeys/ec.keyblock b/tests/devkeys/ec.keyblock Binary files differindex 6b088f32..d9342918 100644 --- a/tests/devkeys/ec.keyblock +++ b/tests/devkeys/ec.keyblock diff --git a/tests/devkeys/firmware.keyblock b/tests/devkeys/firmware.keyblock Binary files differindex 1e2273e5..e3653f85 100644 --- a/tests/devkeys/firmware.keyblock +++ b/tests/devkeys/firmware.keyblock diff --git a/tests/devkeys/installer_kernel.keyblock b/tests/devkeys/installer_kernel.keyblock Binary files differindex cfa3bd18..282e1d62 100644 --- a/tests/devkeys/installer_kernel.keyblock +++ b/tests/devkeys/installer_kernel.keyblock diff --git a/tests/devkeys/kernel.keyblock b/tests/devkeys/kernel.keyblock Binary files differindex 9740be4e..6bb72137 100644 --- a/tests/devkeys/kernel.keyblock +++ b/tests/devkeys/kernel.keyblock diff --git a/tests/devkeys/minios_kernel.keyblock b/tests/devkeys/minios_kernel.keyblock Binary files differnew file mode 100644 index 00000000..3675690b --- /dev/null +++ b/tests/devkeys/minios_kernel.keyblock diff --git a/tests/devkeys/minios_kernel_data_key.vbprivk b/tests/devkeys/minios_kernel_data_key.vbprivk Binary files differnew file mode 100644 index 00000000..da3a15bf --- /dev/null +++ b/tests/devkeys/minios_kernel_data_key.vbprivk diff --git a/tests/devkeys/minios_kernel_data_key.vbpubk b/tests/devkeys/minios_kernel_data_key.vbpubk Binary files differnew file mode 100644 index 00000000..34ff93be --- /dev/null +++ b/tests/devkeys/minios_kernel_data_key.vbpubk diff --git a/tests/devkeys/recovery_kernel.keyblock b/tests/devkeys/recovery_kernel.keyblock Binary files differindex ad16e399..c1c8effd 100644 --- a/tests/devkeys/recovery_kernel.keyblock +++ b/tests/devkeys/recovery_kernel.keyblock |