Google Git
Sign in
chromium / chromiumos / platform / vboot_reference / 4abb7e065dcdc9fa15b34da2ac53d9ab1e6a9db8
commit4abb7e065dcdc9fa15b34da2ac53d9ab1e6a9db8[log] [tgz]
authorVadim Bendebury <vbendeb@chromium.org>Fri Mar 25 17:46:34 2022
committerVadim Bendebury <vbendeb@chromium.org>Wed Mar 30 17:06:35 2022
tree85cad49200eaa7779b2a7536df2a458ba5444ed2
parent26187f1d4e2534fe9d2fe90e7ce82af23ada1866 [diff]
sign_gsc_firmware: drop version number check for node locked images

With introduction of Ti50 images the version of the eraseflashinfo
capable images must change, which will prevent signing scripts from
accepting Ti50 images from node locked signing.

Enforcing the version number is proving to be a larger pain that in is
worth: we do need to modify the version once in a while, and it takes
a lot of effort and time to propagate the version adjustment through
signing stages.

We already have a quorum requirement for eraseflashinfo capable node
locked images, this provides enough guarantee from accidental signing
or malicious signing of such an image, version number enforcement does
not add security.

BRANCH=none
BUG=b:219774807
TEST=none

Change-Id: Ifd5ac17540595d71210445e6ad573c81fc25a47a
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3553419
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
1 file changed
tree: 85cad49200eaa7779b2a7536df2a458ba5444ed2
  1. cgpt/
  2. firmware/
  3. futility/
  4. host/
  5. rust/
  6. scripts/
  7. tests/
  8. utility/
  9. .checkpatch.conf
  10. .clang-format
  11. .gitignore
  12. Android.mk
  13. emerge_test.sh
  14. LICENSE
  15. Makefile
  16. OWNERS
  17. PRESUBMIT.cfg
  18. README
  19. unblocked_terms.txt
  20. vboot_host.pc.in