If an FMAP is detected in the rwsig image file, use it
to determine the location of:
- RW region
- RW signature
- public key in RO region
futility show uses that information to verify the signature,
and futility sign uses it is correctly resign the image,
and replace the public key a well.
This also adds tests for this use case. hammer_dev.bin sample
image uses huge RO public key and RW signature regions to make
sure all keys up to RSA-8192 can be used.
BRANCH=none
BUG=chrome-os-partner:62321
TEST=make -j
TEST=./build/futility/futility --debug show \
--pubkey hammer.vbpubk2 hammer.bin
TEST=./build/futility/futility --debug show hammer.bin
TEST=cp hammer.bin hammer.bin.orig
./build/futility/futility --debug sign \
--prikey hammer.vbprik2 hammer.bin
diff hammer.bin hammer.bin.orig => identical
TEST=openssl genrsa -3 -out hammer2.pem 2048
futility create --desc="Hammer 2nd key" hammer2.pem \
hammer2
./build/futility/futility --debug sign \
--version 2 --prikey hammer2.vbprik2 hammer.bin
These 2 commands succeed, but show different keys:
./build/futility/futility --debug show hammer.bin
./build/futility/futility --debug show hammer.bin.orig
TEST=make runtests
Change-Id: I2cebc421eaf97d1b92c9a58afc238d41487d0f6d
Reviewed-on: https://chromium-review.googlesource.com/445536
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
7c5d3b2240