The firmware for the USB Type-C power adapters uses raw binary
blobs for the public keys and signatures instead of
readily-identifiable structs. We've been able to sign these
firmware images for some time, but verifying the result generally
required testing them on hardware.
This CL adds some futilty support for recognizing and verifying
those images too. It just tries various sig and hash algorithms,
until it finds a combination for which the image is
self-consistent (where the pubkey blob verifies the signature
blob).
BUG=none
BRANCH=none
TEST=make runtests
This change also adds additional tests for usbpd1 images. We
ensure that we correctly recognize and verify an MP-signed
firmware, plus test signing and verifying usbpd1 images using
multiple signature and hash algorithms.
Change-Id: I4fbe8b37a694992f635d5469ae1c2449b1610dfd
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/302415
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The USB Type-C chargers released with Samus ("Pixel (2015)") have
upgradable firmware. Those firmware images are currently signed
by some custom scripts. This adds support for those images to
futility, so that those custom scripts can be replaced.
Note that due to space considerations, the usbpd firmware images
don't have room for handy things like an FMAP or headers for the
signatures. Accordingly, all the normally variable factors (image
size, signature algorithms, etc.) are hard coded and the image
itself just looks like a bunch of random numbers. Because of
this:
1. There's no way to recognize this type of file, and nothing to
display about it.
2. You have to give the "--type usbpd1" arg to the sign command.
3. I'm designating this file type "v1" because I hope that the
firmware for any future adapters will be more readily
identifiable.
BUG=chromium:231574
BRANCH=none
TEST=make runtests
This adds a new test that signs usbpd1 firmware images using
futility, and compares the result to the same files signed by the
custom scripts, ensuring that they are bitwise identical.
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: Idbe061db5b3c8e474ada47b40bcbe04bbecdba3a
Reviewed-on: https://chromium-review.googlesource.com/262899
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Instead of calling futil_traverse() to iterate through a preset
list of functions, this establishes a separate show() and sign()
function for each type of file.
The only significant change is that walking through the FMAP areas
within BIOS images is done in BIOS-specific functions instead of
that being the "normal" case with every other type of file
skipping that traversal.
This is a refactoring only. There is no externally visible change.
BUG=chromium:231574
BRANCH=none
TEST=make runtests
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: I7080afb43e35308c8bb618793c8382c2efb3d6a1
Reviewed-on: https://chromium-review.googlesource.com/262894
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This is preparation for a refactoring of how files are traversed.
file_type.inc will specify functions to recognize, show, or sign
each type of file.
This change puts the recognizer functions in file_type.inc, but
just stubs out the show and sign commands.
BUG=chromium:231574
BRANCH=none
TEST=make runtests
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: I1596a21319a8fb1182537abdf9be0196bef4b84b
Reviewed-on: https://chromium-review.googlesource.com/262893
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The help message for the sign command is much too long. This
breaks it into several subcategories.
BUG=none
BRANCH=none
TEST=make runtests
futility help sign
futility help sign pubkey
futility help sign fwblob
futility help sign bios
futility help sign vmlinuz
futility help sign kernel
Change-Id: I3e12b2cfdfb17a77c171f925a53748efb1d6c440
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/260496
Reviewed-by: Randall Spangler <rspangler@chromium.org>
