ec: Add support for futility rwsig image type |
|||||
Issue descriptionIn https://chromium-review.googlesource.com/c/426100/, Randall pointed out that usbpd1 image type should not be used anymore, as highlighted in this comment (https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/HEAD/futility/file_type_usbpd1.c#7): /* * The USB Type-C chargers released with Samus ("Pixel (2015)") have upgradable * firmware. Due to space considerations, we don't have room for handy things * like an FMAP or headers for the signatures. Accordingly, all the normally * variable factors (image size, signature algorithms, etc.) are hard coded * and the image itself just looks like a bunch of random numbers. * * This file handles those images, but PLEASE don't use it as a template for * new devices. Look at file_type_rwsig.c instead. */ Let's add proper support for rwsig image type in EC codebase.
,
Feb 15 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/94bd5c5069e6ca0c99754f39152bd4e059968904 commit 94bd5c5069e6ca0c99754f39152bd4e059968904 Author: Nicolas Boichat <drinkcat@google.com> Date: Wed Feb 15 18:47:35 2017 futility: create: Output "wrote XX.vb[pub|pri]k" to stdout Let's keep stderr for actual errors. BRANCH=none BUG= chromium:690773 TEST=make runtests TEST=futility create key.pem out > /dev/null is quiet Change-Id: Id7ce658a0dc08f45d4d035b68e355e49d9717674 Reviewed-on: https://chromium-review.googlesource.com/442524 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org> [modify] https://crrev.com/94bd5c5069e6ca0c99754f39152bd4e059968904/futility/cmd_create.c
,
Feb 15 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/94bd5c5069e6ca0c99754f39152bd4e059968904 commit 94bd5c5069e6ca0c99754f39152bd4e059968904 Author: Nicolas Boichat <drinkcat@google.com> Date: Wed Feb 15 18:47:35 2017 futility: create: Output "wrote XX.vb[pub|pri]k" to stdout Let's keep stderr for actual errors. BRANCH=none BUG= chromium:690773 TEST=make runtests TEST=futility create key.pem out > /dev/null is quiet Change-Id: Id7ce658a0dc08f45d4d035b68e355e49d9717674 Reviewed-on: https://chromium-review.googlesource.com/442524 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org> [modify] https://crrev.com/94bd5c5069e6ca0c99754f39152bd4e059968904/futility/cmd_create.c
,
Feb 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/07eccbb414962c09d411e8afeb6cfca71aebf838 commit 07eccbb414962c09d411e8afeb6cfca71aebf838 Author: Nicolas Boichat <drinkcat@google.com> Date: Fri Feb 17 12:09:37 2017 rwsig: Add support for rwsig image types usbpd1 futility image type is deprecated and should not be used for new designs. This adds proper support for rwsig image type. Key and signatures are added at linker stage step (futility cannot directly create such signed images). Thanks to VB21 header, rwsig.c can now tell how many bytes of the RW image need to be cryptographically verified, and ensure that the rest is blank (0xff). BRANCH=none BUG= chromium:690773 TEST=make BOARD=hammer; flash, RW image is verified correctly. TEST=make runtests -j TEST=For the rest of the tests: Change config option to CONFIG_RWSIG_TYPE_RWSIG TEST=make BOARD=hammer; flash, hammer still verifies correctly. TEST=cp build/hammer/ec.RW.bin build/hammer/ec.RW.bin.orig; futility sign --type rwsig --prikey build/hammer/key.vbprik2 \ build/hammer/ec.RW.bin diff build/hammer/ec.RW.bin build/hammer/ec.RW.bin.orig => Same file TEST=Add CONFIG_CMD_FLASH, flashwrite 0x1e000, reboot, EC does not verify anymore. TEST=dump_fmap build/hammer/ec.bin shows KEY_RO and SIG_RW at correct locations. Change-Id: I50ec828284c2d1eca67fa8cbddaf6f3b06606c82 Reviewed-on: https://chromium-review.googlesource.com/441546 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org> [add] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/include/2id.h [modify] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/test/rsa2048-F4.h [modify] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/board/hammer/board.h [modify] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/board/dingdong/board.h [modify] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/common/rwsig.c [modify] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/board/honeybuns/board.h [add] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/include/vb21_struct.h [modify] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/common/firmware_image.lds.S [modify] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/board/lucid/board.h [modify] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/include/config.h [modify] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/board/hoho/board.h [modify] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/board/zinger/board.h [modify] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/test/test_config.h [modify] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/test/rsa2048-3.h [modify] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/common/firmware_image.S [modify] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/common/fmap.c [modify] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/Makefile.rules [modify] https://crrev.com/07eccbb414962c09d411e8afeb6cfca71aebf838/include/rsa.h
,
Feb 22 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/5fbdd1dbd710bb88c25ff9b287a8f3e24ceec516 commit 5fbdd1dbd710bb88c25ff9b287a8f3e24ceec516 Author: Nicolas Boichat <drinkcat@google.com> Date: Wed Feb 22 14:31:41 2017 hammer: Switch to CONFIG_RWSIG_TYPE_RWSIG This is the recommended futility signature type for new boards. BRANCH=none BUG= chromium:690773 TEST=Flash hammer, RW image checked correctly TEST=futility show --type rwsig \ --pubkey build/hammer/key.vbpubk2 build/hammer/ec.RW.bin Change-Id: Id8648199891fdd4df63ecb599e0c5e927bc861d0 Reviewed-on: https://chromium-review.googlesource.com/441549 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Vincent Palatin <vpalatin@chromium.org> [modify] https://crrev.com/5fbdd1dbd710bb88c25ff9b287a8f3e24ceec516/board/hammer/board.h
,
Mar 5 2017
,
May 30 2017
,
Aug 1 2017
,
Jan 22 2018
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by vpalatin@google.com
, Feb 10 2017