Create vbutil_ec tool for signing EC firmware.

This just adds the vbutil_ec tool (and a simple test of the library functions related to it). BUG=chrome-os-partner:7459, chromium-os:27142 TEST=manual make make runtests Change-Id: I2a2c4e7cfb8ac6ce2229c5de4252a5cc89321fa5 Reviewed-on: https://gerrit.chromium.org/gerrit/21868 Commit-Ready: Bill Richardson <wfrichar@chromium.org> Tested-by: Bill Richardson <wfrichar@chromium.org> Reviewed-by: Stefan Reinauer <reinauer@google.com> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
2025-11-24 02:05:01 +00:00 · 2012-05-03 08:40:44 -07:00
parent f47291926a
commit 2448d3b3bc
20 changed files with 748 additions and 8 deletions
--- a/firmware/lib/include/vboot_common.h
+++ b/firmware/lib/include/vboot_common.h
@@ -81,10 +81,14 @@ int VerifyData(const uint8_t* data, uint64_t size, const VbSignature* sig,


 /* Verifies a secure hash digest from DigestBuf() or DigestFinal(),
- * using [key]. */
+ * using [key]. Returns 0 on success. */
 int VerifyDigest(const uint8_t* digest, const VbSignature *sig,
                 const RSAPublicKey* key);

+/* Uses [key] algorithm to hash [data], then compares that to the expected
+ * [hash]. Returns 0 if they're equal, non-zero if error. */
+int EqualData(const uint8_t* data, uint64_t size, const VbSignature *hash,
+              const RSAPublicKey* key);

 /* Checks the sanity of a key block of size [size] bytes, using public
 * key [key].  If hash_only is non-zero, uses only the block checksum
@@ -94,6 +98,14 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
                   const VbPublicKey *key, int hash_only);


+/* Checks the sanity of an EC preamble of size [size] bytes,
+ * using public key [key].
+ *
+ * Returns VBOOT_SUCCESS if successful. */
+int VerifyECPreamble(const VbECPreambleHeader* preamble,
+                     uint64_t size, const RSAPublicKey* key);
+
+
 /* Checks the sanity of a firmware preamble of size [size] bytes,
 * using public key [key].
 *