scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-12-27 18:25:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

cr50: provide plumbing for prod mode RO signing

Browse Source 
Creating bootloader for the chip involves signing the image with an
'air gap' - some physical presence action is required. We don't want
this to be required when the builder is building cr50 for test
purposes.

The solution is to keep using the dummy private key when building by
default, and invoking make differently when building an image which
would be accepted by the hardware.

Setting CR50_RO_KEY variable in the environment or in the make command
line will cause the signer use the value of this variable as the name
of the file containing the key to use for signing the RO image.

Should this file be a public key, the signer will stop and look for a
fob containing the matching private key, and will stream the RO image
through the fob for signing.

Using the fob requires that the signer runs under sudo, but we do not
want the generated files to belong to root, some more code is added to
change the generated files' ownership to user running the make.

BRANCH=none
BUG=chrome-os-partner:49950
TEST=ran the following tests:
 - verified that the build still succeeds by default.

 - invoked make as follows:

   CR50_RO_KEY=cr50_rom0-dev-blsign.pem.pub  make BOARD=cr50

  observed the signer stop to wait for the user to interact with the
  USB fob and proceed. Made sure that the generated image runs
  successfully on the evaluation board.

 - verified that 'make BOARD=cr50 clean' still works (i.e. none of the
   generated files is owned by root).

Change-Id: I733ec6386c1dfd838d83d22fb589fa64e5eeaced
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/326484
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
This commit is contained in:
Vadim Bendebury
2016-02-05 15:01:07 -08:00
committed by chrome-bot
parent d6c6dc5150
commit c17c447a25
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Makefile.rules
View File

@@ -41,9 +41,9 @@ cmd_flat_to_obj = $(CC) -T $(out)/firmware_image.lds -nostdlib $(CPPFLAGS) \
# Allow the .roshared section to overlap other sections (itself)
cmd_ec_elf_to_flat ?= $(OBJCOPY) --set-section-flags .roshared=share \
-O binary $< $@
cmd_elf_to_signed ?= $(out)/util/signer --key=util/signer/$(3).pem \
cmd_elf_to_signed ?= sudo $(out)/util/signer --key=util/signer/$(3) \
--input=$< --format=bin --output=$@.signed \
&& mv $@.signed $@
&& sudo chown $(shell whoami) $@.signed && mv $@.signed $@
cmd_elf_to_dis = $(OBJDUMP) -D $< > $@
cmd_elf_to_hex = $(OBJCOPY) -O ihex $< $@
cmd_bin_to_hex = $(OBJCOPY) -I binary -O ihex \
@@ -222,10 +222,10 @@ $(out)/RO/%.hex: $(out)/RO/%.elf $(out)/RO/%.smap
$(call quiet,elf_to_hex,OBJCOPY)
else
$(out)/RO/%.flat: $(out)/RO/%.elf $(out)/RO/%.smap
$(call quiet,elf_to_signed,RO_SIGN,rom-testkey-A)
$(call quiet,elf_to_signed,RO_SIGN,$(CR50_RO_KEY))
$(out)/RW/%.flat: $(out)/RW/%.elf $(out)/RW/%.smap
$(call quiet,elf_to_signed,RW_SIGN,loader-testkey-A)
$(call quiet,elf_to_signed,RW_SIGN,loader-testkey-A.pem)
$(out)/RO/%.hex: $(out)/RO/%.flat
$(call quiet,bin_to_hex,OBJCOPY)

2
chip/g/build.mk
View File

@@ -78,3 +78,5 @@ ifneq ($(CONFIG_RW_B),)
$(out)/$(PROJECT).obj: $(out)/RW/ec.RW_B.flat
$(out)/RW/ec.RW_B.flat: $(out)/util/signer
endif
CR50_RO_KEY ?= rom-testkey-A.pem