mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-12-30 02:20:48 +00:00
30cc21b932
Current code puts key at the end of the first half of flash, which
may not match the actual RO section size (e.g., it might be PSTATE,
not RO). This makes sure the key to be at the end of RO section, and
signature at the end of RW section, no matter the actual layout
being used.
However, the (deprecated) usbpd1 image type assumes that flash is
equally split between RO and RW, so we do not change that.
BRANCH=none
BUG=chrome-os-partner:61671
TEST=make BOARD=hammer -j && deploy
TEST=make BOARD=hoho -j && \
futility show --type usbpd1 build/hoho/ec.bin
Change-Id: Ia02e927f9128d6ec3d0b780c28312e0d18835d72
Reviewed-on: https://chromium-review.googlesource.com/426100
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
130 lines
3.8 KiB
C
130 lines
3.8 KiB
C
/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*/
|
|
|
|
#ifndef __CROS_EC_RSA_H
|
|
#define __CROS_EC_RSA_H
|
|
|
|
#include "config.h"
|
|
|
|
#ifndef CONFIG_RSA_KEY_SIZE
|
|
#define CONFIG_RSA_KEY_SIZE 2048 /* default to 2048-bit key length */
|
|
#endif
|
|
|
|
#define RSANUMBYTES ((CONFIG_RSA_KEY_SIZE) / 8)
|
|
#define RSANUMWORDS (RSANUMBYTES / sizeof(uint32_t))
|
|
|
|
#ifdef CONFIG_RSA /* reserve space for public key only if used */
|
|
/*
|
|
* The size of the public key structure is
|
|
* 2 x RSANUMBYTES for n and rr fields
|
|
* plus 4 for n0inv, aligned on a multiple of 16
|
|
* Put numerical constants here to please the linker script.
|
|
*/
|
|
#ifndef CONFIG_RWSIG_TYPE_RWSIG
|
|
/* vboot2 public keys are packed in a slightly different way. */
|
|
#if CONFIG_RSA_KEY_SIZE == 2048
|
|
#define RSA_PUBLIC_KEY_SIZE 528
|
|
#elif CONFIG_RSA_KEY_SIZE == 4096
|
|
#define RSA_PUBLIC_KEY_SIZE 1040
|
|
#elif CONFIG_RSA_KEY_SIZE == 8192
|
|
#define RSA_PUBLIC_KEY_SIZE 2064
|
|
#else
|
|
#error Unsupported RSA key size
|
|
#endif
|
|
#endif /* ! CONFIG_RWSIG_TYPE_RWSIG */
|
|
#endif /* CONFIG_RSA */
|
|
|
|
#ifndef __ASSEMBLER__
|
|
|
|
#include "common.h"
|
|
#include "util.h"
|
|
|
|
#ifdef CONFIG_RWSIG_TYPE_RWSIG
|
|
/* RSA public key definition, VBoot2 packing */
|
|
struct rsa_public_key {
|
|
uint32_t size;
|
|
uint32_t n0inv; /* -1 / n[0] mod 2^32 */
|
|
uint32_t n[RSANUMWORDS]; /* modulus as little endian array */
|
|
uint32_t rr[RSANUMWORDS]; /* R^2 as little endian array */
|
|
};
|
|
#else
|
|
/* RSA public key definition */
|
|
struct rsa_public_key {
|
|
uint32_t n[RSANUMWORDS]; /* modulus as little endian array */
|
|
uint32_t rr[RSANUMWORDS]; /* R^2 as little endian array */
|
|
uint32_t n0inv; /* -1 / n[0] mod 2^32 */
|
|
};
|
|
#endif
|
|
|
|
int rsa_verify(const struct rsa_public_key *key,
|
|
const uint8_t *signature,
|
|
const uint8_t *sha,
|
|
uint32_t *workbuf32);
|
|
|
|
void check_rw_signature(void);
|
|
|
|
#endif /* !__ASSEMBLER__ */
|
|
|
|
/*
|
|
* The signer puts the public key and signature into the RO and RW images
|
|
* (respectively) at known locations after the complete image is assembled. But
|
|
* since we compile the RO & RW images separately, the other image's addresses
|
|
* can't be computed by the linker. So we just hardcode the addresses here.
|
|
* These can be overridden in board.h files if desired.
|
|
*/
|
|
|
|
#ifndef CONFIG_RO_PUBKEY_SIZE
|
|
#ifdef CONFIG_RWSIG_TYPE_RWSIG
|
|
/*
|
|
* rwsig type: 1024 bytes is enough to fit RSA-3072 public key.
|
|
*
|
|
* TODO(crosbug.com/p/62321): This still wastes space. We could pack the key at
|
|
* any arbitrary location, but we need proper signer support to make sure it
|
|
* can overwrite the key correctly.
|
|
*/
|
|
#define CONFIG_RO_PUBKEY_SIZE 1024
|
|
#else
|
|
#define CONFIG_RO_PUBKEY_SIZE RSA_PUBLIC_KEY_SIZE
|
|
#endif
|
|
#endif /* ! CONFIG_RO_PUBKEY_SIZE */
|
|
#ifndef CONFIG_RO_PUBKEY_ADDR
|
|
#ifdef CONFIG_RWSIG_TYPE_RWSIG
|
|
/* The pubkey goes at the end of the RO region */
|
|
#define CONFIG_RO_PUBKEY_ADDR (CONFIG_PROGRAM_MEMORY_BASE \
|
|
+ CONFIG_RO_MEM_OFF \
|
|
+ CONFIG_RO_SIZE \
|
|
- CONFIG_RO_PUBKEY_SIZE)
|
|
#else
|
|
/*
|
|
* usbpd1 type assumes pubkey location at the end of first half of flash,
|
|
* which might actually be in the PSTATE region.
|
|
*/
|
|
#define CONFIG_RO_PUBKEY_ADDR (CONFIG_PROGRAM_MEMORY_BASE \
|
|
+ (CONFIG_FLASH_SIZE / 2) \
|
|
- CONFIG_RO_PUBKEY_SIZE)
|
|
#endif
|
|
#endif /* CONFIG_RO_PUBKEY_ADDR */
|
|
|
|
#ifndef CONFIG_RW_SIG_SIZE
|
|
#ifdef CONFIG_RWSIG_TYPE_RWSIG
|
|
/*
|
|
* rwsig type: futility expects signature to be 1024 bytes from the end of
|
|
* the file.
|
|
*/
|
|
#define CONFIG_RW_SIG_SIZE 1024
|
|
#else
|
|
#define CONFIG_RW_SIG_SIZE RSANUMBYTES
|
|
#endif
|
|
#endif /* ! CONFIG_RW_SIG_SIZE */
|
|
#ifndef CONFIG_RW_SIG_ADDR
|
|
/* The signature goes at the end of the RW region */
|
|
#define CONFIG_RW_SIG_ADDR (CONFIG_PROGRAM_MEMORY_BASE \
|
|
+ CONFIG_RW_MEM_OFF \
|
|
+ CONFIG_RW_SIZE \
|
|
- CONFIG_RW_SIG_SIZE)
|
|
#endif /* !CONFIG_RW_SIG_ADDR */
|
|
|
|
#endif /* __CROS_EC_RSA_H */
|