From 7ed261297f7b730e9f545ba59cbe2ed216850e19 Mon Sep 17 00:00:00 2001 From: Bill Richardson Date: Mon, 12 Oct 2015 13:58:12 -0700 Subject: futility: Support for signing RO+RW firmware This adds the "rwsig" type, with initial support for RO+RW firmware images that need to verify themselves instead of using software sync. This uses our vb2 structs instead of raw binary blobs. That will help us locate, identify, and verify the keys and signatures in the signed firmware images. BUG=chrome-os-partner:46254 BRANCH=smaug,ToT TEST=make runtests I also hacked up a test board with the EC-side signature verification routines from a preliminary CL and tested this signing scheme with that. It works. Additional work is needed to make this seamless, but you can try it out like so: futility create ./tests/testkeys/key_rsa2048.pem foo futility sign --type rwsig --prikey foo.vbprik2 --pubkey foo.vbpubk2 ec.bin Change-Id: I876ab312a2b0b36411c5f739fe3252529728d034 Signed-off-by: Bill Richardson Reviewed-on: https://chromium-review.googlesource.com/305394 Reviewed-by: Randall Spangler --- futility/futility_options.h | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'futility/futility_options.h') diff --git a/futility/futility_options.h b/futility/futility_options.h index c8d0a8a6..e02ef2f6 100644 --- a/futility/futility_options.h +++ b/futility/futility_options.h @@ -16,6 +16,9 @@ #include "file_type.h" #include "2rsa.h" +struct vb2_private_key; +struct vb2_packed_key; + struct show_option_s { VbPublicKey *k; uint8_t *fv; @@ -58,6 +61,9 @@ struct sign_option_s { enum vb2_hash_algorithm hash_alg; uint32_t ro_size, rw_size; uint32_t ro_offset, rw_offset; + uint32_t pkey_offset, sig_offset; + struct vb2_private_key *prikey; + struct vb2_packed_key *pkey; }; extern struct sign_option_s sign_option; -- cgit v1.2.1