From 3efb6a6cd8e8679b6f95c1088fa5c20cbb327478 Mon Sep 17 00:00:00 2001
From: Vadim Bendebury <vbendeb@google.com>
Date: Mon, 22 Nov 2021 21:24:56 -0800
Subject: gscvd: add dedicated test keys

This patch extends create_new_keys.sh to generate two additional key
pairs to use for AP RO verification signing. Both new pairs are
RSA4096/SHA256.

The script was ran to generate a new set of keys and the produced AP
RO verification key pairs were copied into tests/devkeys.

BRANCH=none
BUG=b:141191727
TEST=re-signed guybrush AP firmware image following the process
     described in cmd_gscvd.c comments, created a Cr50 image
     incorporating the new root public key hash, updated the DUT AP
     and Cr50 firmware and observed successful AP RO validation.

Change-Id: I03cba1446fc5ffdfef662c5ce1ea3e61950477d4
Signed-off-by: Vadim Bendebury <vbendeb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3297447
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
---
 futility/cmd_gscvd.c                     |  18 +++++++++---------
 scripts/keygeneration/common.sh          |   4 ++++
 scripts/keygeneration/create_new_keys.sh |   2 ++
 tests/devkeys/arv_platform.vbprivk       | Bin 0 -> 2356 bytes
 tests/devkeys/arv_platform.vbpubk        | Bin 0 -> 1064 bytes
 tests/devkeys/arv_root.vbprivk           | Bin 0 -> 2358 bytes
 tests/devkeys/arv_root.vbpubk            | Bin 0 -> 1064 bytes
 7 files changed, 15 insertions(+), 9 deletions(-)
 create mode 100644 tests/devkeys/arv_platform.vbprivk
 create mode 100644 tests/devkeys/arv_platform.vbpubk
 create mode 100644 tests/devkeys/arv_root.vbprivk
 create mode 100644 tests/devkeys/arv_root.vbpubk

diff --git a/futility/cmd_gscvd.c b/futility/cmd_gscvd.c
index 27eb16d8..7fff2933 100644
--- a/futility/cmd_gscvd.c
+++ b/futility/cmd_gscvd.c
@@ -22,18 +22,18 @@
 
 /*
  * for testing purposes let's use
- * - tests/devkeys/kernel_subkey.vbprivk as the root private key
- * - tests/devkeys/kernel_subkey.vbpubk as the root public key
+ * - tests/devkeys/arv_root.vbprivk as the root private key
+ * - tests/devkeys/arv_root.vbpubk as the root public key
  *   used for signing of the platform public key
- * - tests/devkeys/firmware_data_key.vbprivk signing platform key
- * - tests/devkeys/firmware_data_key.vbpubk - public key used for signature
+ * - tests/devkeys/arv_platform.vbprivk signing platform key
+ * - tests/devkeys/arv_platform.vbpubk - public key used for signature
  *       verification
  *------------
  * Command to create the signed public key block in ~/tmp/packed:
  *
   ./build/futility/futility vbutil_keyblock --pack ~/tmp/packed \
-       --datapubkey tests/devkeys/firmware_data_key.vbpubk	 \
-       --signprivate tests/devkeys/kernel_subkey.vbprivk
+      --datapubkey  tests/devkeys/arv_platform.vbpubk \
+      --signprivate tests/devkeys/arv_root.vbprivk
  *------------
  * Command to fill RO_GSCVD FMAP area in an AP firmware file. The input AP
  *   firmware file is ~/tmp/image-guybrush.serial.bin, the output signed
@@ -41,14 +41,14 @@
  *
   ./build/futility/futility gscvd --outfile ~/tmp/guybrush-signed \
      -R 818100:10000,f00000:100,f80000:2000,f8c000:1000,0x00804000:0x00000800 \
-     -k ~/tmp/packed -p tests/devkeys/firmware_data_key.vbprivk -b 5a5a4352  \
-     -r tests/devkeys/kernel_subkey.vbpubk ~/tmp/image-guybrush.serial.bin
+     -k ~/tmp/packed -p tests/devkeys/arv_platform.vbprivk -b 5a5a4352  \
+     -r tests/devkeys/arv_root.vbpubk ~/tmp/image-guybrush.serial.bin
  *------------
  * Command to validate a previously signed AP firmware file. The hash is the
  *  sha256sum of tests/devkeys/kernel_subkey.vbpubk:
  *
   build/futility/futility gscvd ~/tmp/guybrush-signed \
-   e432f23d811be795af8ddf6001d2a6c3e2675e3290bc024100e2a10d0fd9c6ee
+   3d74429f35be8d34bcb425d4397e2218e6961afed456a78ce30047f5b54ed158
  */
 
 /* Command line options processing support. */
diff --git a/scripts/keygeneration/common.sh b/scripts/keygeneration/common.sh
index da06f3cf..af6cd717 100644
--- a/scripts/keygeneration/common.sh
+++ b/scripts/keygeneration/common.sh
@@ -63,6 +63,10 @@ INSTALLER_KERNEL_ALGOID=${RSA4096_SHA512_ALGOID}
 KERNEL_SUBKEY_ALGOID=${RSA4096_SHA256_ALGOID}
 KERNEL_DATAKEY_ALGOID=${RSA2048_SHA256_ALGOID}
 
+# AP RO Verification.
+ARV_ROOT_ALGOID=${RSA4096_SHA256_ALGOID}
+ARV_PLATFORM_ALGOID=${RSA4096_SHA256_ALGOID}
+
 # Keyblock modes determine which boot modes a signing key is valid for use
 # in verification.
 #    !DEV 0x1      DEV 0x2
diff --git a/scripts/keygeneration/create_new_keys.sh b/scripts/keygeneration/create_new_keys.sh
index 11aedc1d..2e1fd22c 100755
--- a/scripts/keygeneration/create_new_keys.sh
+++ b/scripts/keygeneration/create_new_keys.sh
@@ -169,6 +169,8 @@ main() {
   make_pair recovery_kernel_data_key ${recovery_kernel_algoid}
   make_pair minios_kernel_data_key   ${minios_kernel_algoid}
   make_pair installer_kernel_data_key ${installer_kernel_algoid}
+  make_pair arv_root ${ARV_ROOT_ALGOID}
+  make_pair arv_platform ${ARV_PLATFORM_ALGOID}
 
   # Create the firmware keyblock for use only in Normal mode. This is redundant,
   # since it's never even checked during Recovery mode.
diff --git a/tests/devkeys/arv_platform.vbprivk b/tests/devkeys/arv_platform.vbprivk
new file mode 100644
index 00000000..e0bc6700
Binary files /dev/null and b/tests/devkeys/arv_platform.vbprivk differ
diff --git a/tests/devkeys/arv_platform.vbpubk b/tests/devkeys/arv_platform.vbpubk
new file mode 100644
index 00000000..2ac3bdeb
Binary files /dev/null and b/tests/devkeys/arv_platform.vbpubk differ
diff --git a/tests/devkeys/arv_root.vbprivk b/tests/devkeys/arv_root.vbprivk
new file mode 100644
index 00000000..7747717a
Binary files /dev/null and b/tests/devkeys/arv_root.vbprivk differ
diff --git a/tests/devkeys/arv_root.vbpubk b/tests/devkeys/arv_root.vbpubk
new file mode 100644
index 00000000..aebe2a48
Binary files /dev/null and b/tests/devkeys/arv_root.vbpubk differ
-- 
cgit v1.2.1