From 58bfa1d53c4a1be40680775bd004ddb5b80ad8cb Mon Sep 17 00:00:00 2001
From: Vadim Bendebury <vbendeb@chromium.org>
Date: Thu, 21 Apr 2022 20:25:48 -0700
Subject: Revert "keygeneration: add ability to generate GSC RW signing key
 pairs"

This reverts commit 2981c0bacbaa0446562aaa04f23e3e9f07c86069, as that
patch is not the proper way to generate accessory keys.

BUG=b:221423468
BRANCH=none
TEST=none

Change-Id: I5500424b01ef45cc353468173f60f9b202b92b54
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3600150
Reviewed-by: Mike Frysinger <vapier@chromium.org>
---
 scripts/keygeneration/common.sh          | 33 +-------------------------------
 scripts/keygeneration/create_new_keys.sh |  2 --
 2 files changed, 1 insertion(+), 34 deletions(-)

diff --git a/scripts/keygeneration/common.sh b/scripts/keygeneration/common.sh
index 4ec445a9..af6cd717 100644
--- a/scripts/keygeneration/common.sh
+++ b/scripts/keygeneration/common.sh
@@ -43,15 +43,8 @@ RSA4096_SHA512_ALGOID=8
 RSA8192_SHA1_ALGOID=9
 RSA8192_SHA256_ALGOID=10
 RSA8192_SHA512_ALGOID=11
-RSA3070_NOSIG_ALGOID=12
 alg_to_keylen() {
-  local alg="$1"
-
-  # GSC RW signing key does not fit the pattern, return its size explicitly.
-  case ${alg} in
-    (${RSA3070_NOSIG_ALGOID}) echo 3070;;
-    (*) echo $(( 1 << (10 + (alg / 3)) ));;
-  esac
+  echo $(( 1 << (10 + ($1 / 3)) ))
 }
 
 # Default algorithms.
@@ -74,9 +67,6 @@ KERNEL_DATAKEY_ALGOID=${RSA2048_SHA256_ALGOID}
 ARV_ROOT_ALGOID=${RSA4096_SHA256_ALGOID}
 ARV_PLATFORM_ALGOID=${RSA4096_SHA256_ALGOID}
 
-# GSC signing.
-GSC_RW_KEY_ALGOID=${RSA3070_NOSIG_ALGOID}
-
 # Keyblock modes determine which boot modes a signing key is valid for use
 # in verification.
 #    !DEV 0x1      DEV 0x2
@@ -138,27 +128,6 @@ make_pair() {
   rm -f "${base}_${len}.pem" "${base}_${len}.crt" "${base}_${len}.keyb"
 }
 
-# Emit .pem and .pem.pub using given basename and algorithm
-# This is a special case for GSC signing where vboot reference format keys are
-# not being used.
-make_gsc_pair() {
-  local base=$1
-  local alg=$2
-  local key_version=${3:-1}
-  local len="$(alg_to_keylen "${alg}")"
-  local base_name="${base}_${len}"
-
-  echo "creating ${base} key pair (version = ${key_version})..."
-
-  # Make the RSA key pair.
-  openssl genrsa -F4 -out "${base_name}.pem" "${len}"
-
-  echo "skipping wrapping of ${base_name} keys"
-  echo "Preserving ${base_name}.pem and generating ${base_name}.pem.pub"
-  openssl rsa -in "${base_name}.pem" -outform PEM \
-    -pubout -out "${base_name}.pem.pub"
-}
-
 # Used to generate keys for signing update payloads.
 make_au_payload_key() {
   local dir=$1
diff --git a/scripts/keygeneration/create_new_keys.sh b/scripts/keygeneration/create_new_keys.sh
index 7c036fa2..2e1fd22c 100755
--- a/scripts/keygeneration/create_new_keys.sh
+++ b/scripts/keygeneration/create_new_keys.sh
@@ -172,8 +172,6 @@ main() {
   make_pair arv_root ${ARV_ROOT_ALGOID}
   make_pair arv_platform ${ARV_PLATFORM_ALGOID}
 
-  make_gsc_pair gsc_rw ${GSC_RW_KEY_ALGOID}
-
   # Create the firmware keyblock for use only in Normal mode. This is redundant,
   # since it's never even checked during Recovery mode.
   make_keyblock firmware ${FIRMWARE_KEYBLOCK_MODE} firmware_data_key root_key
-- 
cgit v1.2.1