From cc7cddb39c118780439f86613924257d56476078 Mon Sep 17 00:00:00 2001 From: Randall Spangler Date: Fri, 31 Oct 2014 11:38:14 -0700 Subject: vboot2: Add GUIDs for VB2_SIG_NONE signature types Signatures with VB2_SIG_NONE are unsigned hashes. To make it easier to locate these signatures in the keyblock's list of signatures, define GUIDs for them. BUG=chromium:423882 BRANCH=none TEST=VBOOT2=1 make runtests Change-Id: I5bf9424107d7703b1a191b1bdf02954192ffc583 Signed-off-by: Randall Spangler Reviewed-on: https://chromium-review.googlesource.com/226813 Reviewed-by: Daisuke Nojiri --- firmware/2lib/include/2struct.h | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index 12e6e0b8..d1ee925e 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -32,6 +32,17 @@ struct vb2_guid { #define EXPECTED_GUID_SIZE GUID_SIZE +/* Key GUIDs to use for VB2_SIG_NONE and hash algorithms */ + +#define VB2_GUID_NONE_SHA1 \ + {{{0xcfb5687a,0x6092,0x11e4,0x96,0xe1,{0x8f,0x3b,0x1a,0x60,0xa2,0x1d}}}} + +#define VB2_GUID_NONE_SHA256 \ + {{{0x0e4114e0,0x6093,0x11e4,0x9d,0xcb,{0x8f,0x8a,0xf4,0xca,0x2e,0x32}}}} + +#define VB2_GUID_NONE_SHA512 \ + {{{0x1c695960,0x6093,0x11e4,0x82,0x63,{0xdb,0xee,0xe9,0x3c,0xcd,0x7e}}}} + /****************************************************************************/ /* * Vboot1-compatible data structures @@ -298,7 +309,10 @@ enum vb2_signature_algorithm { /* Invalid or unsupported signature type */ VB2_SIG_INVALID = 0, - /* No signature algorithm. The digest is unsigned. */ + /* + * No signature algorithm. The digest is unsigned. See + * VB2_GUID_NONE_* above for key GUIDs to use with this algorithm. + */ VB2_SIG_NONE = 1, /* RSA algorithms of the given length in bits (1024-8192) */ @@ -391,8 +405,7 @@ struct vb2_signature2 { /* * GUID of key used to generate this signature. This allows the * firmware to quickly determine which signature block (if any) goes - * with the key being used by the firmware. If the algorithm is an - * unsigned hash, this guid will be all 0. + * with the key being used by the firmware. */ struct vb2_guid key_guid; -- cgit v1.2.1