New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 649555 link

Starred by 2 users
Status: Archived
Owner:
dnojiri@chromium.org
Closed: Oct 2016
Cc:
rspangler@chromium.org
adurbin@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

Rotor: Develop a tool which derives secrets from BDS

Project Member Reported by dnojiri@chromium.org, Sep 23 2016 
Rotor's maskrom derives several secrets from a base device secret. We need a tool which emulate this process so that we can verify the extended secrets match with those produced by the maskrom.
Project Member

Comment 1 by bugdroid1@chromium.org, Oct 1 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/626e0b034db4c3c395cc5eb716d8725b4f030fe0

commit 626e0b034db4c3c395cc5eb716d8725b4f030fe0
Author: Daisuke Nojiri <dnojiri@chromium.org>
Date: Mon Sep 12 19:47:14 2016

bdb: Add secret deriving code for SP-RO

This patch adds code which dervies secrets from BDS. It's supposed to be
done by SP-RO, hence the code is mostly useful for testing (or emulation).

vba_extend_secrets_ro takes a function pointer to a hash extend
function. It'll be used to try different sha256 extend algorithms.

BUG= chromium:649555 
BRANCH=none
TEST=make runtests

Change-Id: I8fef6b851fb84686d8bcdd948b36160016687c51
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/384354
Reviewed-by: Randall Spangler <rspangler@chromium.org>

[modify] https://crrev.com/626e0b034db4c3c395cc5eb716d8725b4f030fe0/firmware/bdb/bdb_flag.h
[modify] https://crrev.com/626e0b034db4c3c395cc5eb716d8725b4f030fe0/firmware/bdb/secrets.c
[modify] https://crrev.com/626e0b034db4c3c395cc5eb716d8725b4f030fe0/tests/bdb_sprw_test.c
[modify] https://crrev.com/626e0b034db4c3c395cc5eb716d8725b4f030fe0/firmware/bdb/secrets.h
[modify] https://crrev.com/626e0b034db4c3c395cc5eb716d8725b4f030fe0/firmware/bdb/nvm.c
[modify] https://crrev.com/626e0b034db4c3c395cc5eb716d8725b4f030fe0/firmware/bdb/bdb_api.h
Project Member

Comment 2 by bugdroid1@chromium.org, Oct 1 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/8130e503414f16b9e4c5395b3acad69ad34b7baf

commit 8130e503414f16b9e4c5395b3acad69ad34b7baf
Author: Daisuke Nojiri <dnojiri@chromium.org>
Date: Wed Sep 14 19:55:20 2016

bdb: Add bdb_extend

bdb_extend prints out secrets derived from the given BDS based on
the given BDB.

BUG= chromium:649555 
BRANCH=none
TEST=make runtests. Ran bdb_extend -s bds.bin -b bdb.bin (with/without -m)

Change-Id: I8d9f73468992dad4cb93a422c0eae0977be9a16f
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/385539

[add] https://crrev.com/8130e503414f16b9e4c5395b3acad69ad34b7baf/utility/bdb_extend.c
[modify] https://crrev.com/8130e503414f16b9e4c5395b3acad69ad34b7baf/firmware/bdb/rsa.c
[modify] https://crrev.com/8130e503414f16b9e4c5395b3acad69ad34b7baf/Makefile
[add] https://crrev.com/8130e503414f16b9e4c5395b3acad69ad34b7baf/firmware/bdb/sha.c
Project Member

Comment 3 by bugdroid1@chromium.org, Oct 1 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/01fb293825877edb83e8ddb9555733876f7556ea

commit 01fb293825877edb83e8ddb9555733876f7556ea
Author: Daisuke Nojiri <dnojiri@chromium.org>
Date: Wed Sep 14 19:49:33 2016

bdb: Make bdb_verify accept null pointer for key digest

If key digest matching is not required (i.e. verify-bdb-key efuse
flag is not set), bdb_verify skips digest matching. This change makes
bdb_verify accept null pointer for the key digest parameter.

BUG= chromium:649555 
BRANCH=none
TEST=make runtests

Change-Id: I14e5bd02526684b7b7bca1e1701cf04056df83ea
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/385538
Reviewed-by: Randall Spangler <rspangler@chromium.org>

[modify] https://crrev.com/01fb293825877edb83e8ddb9555733876f7556ea/tests/bdb_test.c
[modify] https://crrev.com/01fb293825877edb83e8ddb9555733876f7556ea/firmware/bdb/bdb.c
[modify] https://crrev.com/01fb293825877edb83e8ddb9555733876f7556ea/firmware/bdb/bdb.h

Comment 4 by dnojiri@chromium.org, Oct 10 2016

Status: Fixed (was: Untriaged)
Project Member

Comment 5 by bugdroid1@chromium.org, Oct 14 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/e96e46a5185e9bd9bc758a6757500c5e97dc2829

commit e96e46a5185e9bd9bc758a6757500c5e97dc2829
Author: Daisuke Nojiri <dnojiri@chromium.org>
Date: Tue Sep 27 15:55:07 2016

bdb: Enable futility-show to dump hash info

This patch makes futility show command print out hash information.

BUG= chromium:649555 
BRANCH=none
TEST=make runtests. Ran futility show tests/futility/data/bdb.bin.

Change-Id: I4d0e933b7b9dca6548aa8488d9ca85b8692a5d49
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/392948

[modify] https://crrev.com/e96e46a5185e9bd9bc758a6757500c5e97dc2829/futility/bdb_helper.c

Comment 6 by dchan@google.com, Jan 21 2017

Labels: VerifyIn-57

Comment 7 by dchan@google.com, Mar 4 2017

Labels: VerifyIn-58

Comment 8 by dchan@google.com, Apr 17 2017

Labels: VerifyIn-59

Comment 9 by dchan@google.com, May 30 2017

Labels: VerifyIn-60

Comment 10 by dchan@chromium.org, Aug 1 2017

Labels: VerifyIn-61

Comment 11 by dchan@chromium.org, Oct 14 2017

Status: Archived (was: Fixed)

Sign in to add a comment