Google Git
Sign in
chromium / chromiumos / platform / vboot_reference / 2981c0bacbaa0446562aaa04f23e3e9f07c86069
commit2981c0bacbaa0446562aaa04f23e3e9f07c86069[log] [tgz]
authorVadim Bendebury <vbendeb@chromium.org>Tue Apr 19 00:32:24 2022
committerChromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Apr 20 12:10:45 2022
tree0809685defe30eaefaff7c5ad1540983bb598793
parent3308065075cd5d55ee61f0b2fd456866c8286400 [diff]
keygeneration: add ability to generate GSC RW signing key pairs

GSC RW signing requires an 3070 bit RSA key. The codesigner tool when
invoked expects the public key in .pem format, the same format is used
by the RO codebase when incorporating the public key in the RO image.

This patch introduces a new key option, RSA3070_NOSIG_ALGOID. The keys
of this kind are not going to be processed by futility, hence no need
to specify the signing algorithm.

BUG=b:221423468
BRANCH=none
TEST=ran ./create_new_keys.sh and observed two gsc keys generated:
    $ ls *gsc*
    gsc_rw_3070.pem  gsc_rw_3070.pem.pub

    in the FPGA setup confirmed that Ti50 RW can be signed and
    verified using the generated key pair.

Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Ie676ba8043c34900388372270329a4903656d499
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3591642
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
2 files changed
tree: 0809685defe30eaefaff7c5ad1540983bb598793
  1. cgpt/
  2. firmware/
  3. futility/
  4. host/
  5. rust/
  6. scripts/
  7. tests/
  8. utility/
  9. .checkpatch.conf
  10. .clang-format
  11. .gitignore
  12. Android.mk
  13. emerge_test.sh
  14. LICENSE
  15. Makefile
  16. OWNERS
  17. PRESUBMIT.cfg
  18. README
  19. unblocked_terms.txt
  20. vboot_host.pc.in