diff options
author | Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> | 2021-03-10 03:09:40 +0300 |
---|---|---|
committer | Joel Stanley <joel@jms.id.au> | 2021-05-19 04:31:20 +0300 |
commit | f920e74c0c9d9096c87cbc1e610fef83747f4a06 (patch) | |
tree | 2032ad69f57c1b383709e14ab84b40ddb77faf18 /meta-aspeed/recipes-kernel/linux/linux-aspeed | |
parent | bc9cc306859ee83a5eb92eb755bef75d8139ed56 (diff) | |
download | openbmc-f920e74c0c9d9096c87cbc1e610fef83747f4a06.tar.xz |
meta-aspeed: Add development key for Kernel sign
Add a development (insecure, also known as 'imprint') key to
linux-aspeed that can be used for signing the Kernel fitImage
for U-Boot FIT Signature Verification.
The key was generated according to U-Boot documentation, using:
$ openssl genpkey -algorithm RSA -out rsa_oem_fitimage_key.key \
-pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_keygen_pubexp:65537
The certificate was created according to U-Boot documentation, using:
$ openssl req -batch -new -x509 -key rsa_oem_fitimage_key.key \
-out rsa_oem_fitimage_key.crt
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Change-Id: Ic67024ab389c8a4a3fc6709e1d7d92dc72783ca5
Diffstat (limited to 'meta-aspeed/recipes-kernel/linux/linux-aspeed')
-rw-r--r-- | meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.crt | 35 | ||||
-rw-r--r-- | meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.key | 60 |
2 files changed, 95 insertions, 0 deletions
diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.crt b/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.crt new file mode 100644 index 000000000..0e8f25704 --- /dev/null +++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.crt @@ -0,0 +1,35 @@ +# Certificate for the 'Insecure' Kernel fitimage key, required +# by the signing process for U-Boot FIT Signature Validation. +# Please refer to 'rsa_oem_fitimage_key.key' for more info + +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIUMP4fGTalbDhpTcr7sr+VKnUunRUwDQYJKoZIhvcNAQEL +BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTA0MjgxMzAzMDhaFw0yMTA1 +MjgxMzAzMDhaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw +HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDMZ5gF78Jx+yzI4bh0imCi0kgRdljANokDu1DZpa2S +tPybosJk1453fWy8ZEsJupS1l6IPhEvWkehxL4pviADKle1S4yx5vmKV7b+ppKqV +LBXrVF4kphcbSTBqfOGa0mQeGBFUuhTKamjy9yyV6UhIBgutK5bJvQZThzU5ZBtG +g4zWIHSSyVMc5ACWfZuLcfjAp1s3hqY1Fi2grcTHQquPvyuyT5Xr2utmT2tdNr6D +9tdhdS3Xfb7HTjPRCcjRXhCPWxKqTneLrttRhK18vyg0LTPQ4vtVSHnCt2JpVCrV +Vg5YqvyfEu+fSh8kL0aveLK0afEGorb9XY0e2JmIUtJoONRGUaZCHdJ6R7v8fpgu +uEe0kBBOi1QLUUbFu7v/FQzgGbCaCA2E+aJRoBTooxM6RHsJp4s/LTsb+Pdl2sDM +Hno8fJ2qDVPO3vserrHunwTXUWcwyWhpWaYx+P7tDilH5K6cNTgivbvepfcbNDNl +8ZeZCK3EH6fdMkxTb0giqGpVjMlBgwf/RH2cYMzF83BchXoljpoyQmXhoi14uDS7 +LjgA5JUBeeqq1xEyFn+iYPrcnBFubetIg5zBiTjMZmz4aANQxlUGZ9sKAlHzQwPv +J+rkpR3dHzi9PHpzY3+5ptwGfLYP1sLbozNY3qE3wAIerkGgCgMuVp5XDJAlkO4M +HQIDAQABo1MwUTAdBgNVHQ4EFgQU5Du6F0E1sZpyDCGQswhvPuFlKUQwHwYDVR0j +BBgwFoAU5Du6F0E1sZpyDCGQswhvPuFlKUQwDwYDVR0TAQH/BAUwAwEB/zANBgkq +hkiG9w0BAQsFAAOCAgEAYnBJi9l9zvJldrVuVIa7IZQhKlLXuVU2yL3Az3Hr8ejg +FNwF9XdxXDxvBiQatIdZ/fv8ukqo+OBCyw1sE8u668S9ca1rr5+vq2PaxNn//ZLV +zmJ12yZa7SOkJgsWsjNlSwM+VWIbLKC+25nRYuA3S03XcLLmXzxEbxIYFuynds8W +pQqYMn1CZ9y6Yz7MtDo9p+JU1kFqgxocBLKpgcRgqbQ1vWHjE91r10iS6E1N8YAi +EPsO7Nh6DzfhFY4Wo+S9tTZwBL/dKqO4Ft4XPFKA1nEH8ZyGTI3jfRUYn5IaRc7g +5Hy8Mla/n7UvKrZIEitD5fqOvxm2g7Bck28cpr2gH+Cy5q6ivfJkycGRfy6BDfDl +fv41PJSnrrvxNuXB9ylBXat8K0nBPjY8vOr0uFXPzVHC3Rj2e8zD6GsOzFvkyvfQ +qYrUYKVs1U74PMTdu9wc9z+sS1CBvdq2KZPaZImqvctS3VP3mfmqxCHQLYx3WX23 +J0KGpbfmBOtHwcgBHna0ZAY7ImbF47+FL1eHzITVoMagFteEYC4LI4uqsznI2dNi +gjrTmQLnm8DkwvBFwXOa2QyaM2I4Dk+q7+FHwCxiTJdmTnd6LFH5nufmq5oIAy2d +/G0EqPom0AZz1i+Ee90xCjiFLd2vzdv5U+EWKkOjUiM/XdvglrsVCUdQ41gorRo= +-----END CERTIFICATE----- diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.key b/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.key new file mode 100644 index 000000000..d9bc4a748 --- /dev/null +++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed/rsa_oem_fitimage_key.key @@ -0,0 +1,60 @@ +# Kernel fitImage 'Insecure' key (also known as 'development' or +# 'imprint' key), used to sign development images of the OpenBMC +# Kernel fitImage. This key SHOULD NOT be used to sign +# production images. +# This key is 4096 bits in size and can be used by adjusting +# the UBOOT_SIGN_KEYNAME, UBOOT_SIGN_KEYDIR and FIT_SIGN_ALG +# variables (see uboot-sign.bbclass for more info) + +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDMZ5gF78Jx+yzI +4bh0imCi0kgRdljANokDu1DZpa2StPybosJk1453fWy8ZEsJupS1l6IPhEvWkehx +L4pviADKle1S4yx5vmKV7b+ppKqVLBXrVF4kphcbSTBqfOGa0mQeGBFUuhTKamjy +9yyV6UhIBgutK5bJvQZThzU5ZBtGg4zWIHSSyVMc5ACWfZuLcfjAp1s3hqY1Fi2g +rcTHQquPvyuyT5Xr2utmT2tdNr6D9tdhdS3Xfb7HTjPRCcjRXhCPWxKqTneLrttR +hK18vyg0LTPQ4vtVSHnCt2JpVCrVVg5YqvyfEu+fSh8kL0aveLK0afEGorb9XY0e +2JmIUtJoONRGUaZCHdJ6R7v8fpguuEe0kBBOi1QLUUbFu7v/FQzgGbCaCA2E+aJR +oBTooxM6RHsJp4s/LTsb+Pdl2sDMHno8fJ2qDVPO3vserrHunwTXUWcwyWhpWaYx ++P7tDilH5K6cNTgivbvepfcbNDNl8ZeZCK3EH6fdMkxTb0giqGpVjMlBgwf/RH2c +YMzF83BchXoljpoyQmXhoi14uDS7LjgA5JUBeeqq1xEyFn+iYPrcnBFubetIg5zB +iTjMZmz4aANQxlUGZ9sKAlHzQwPvJ+rkpR3dHzi9PHpzY3+5ptwGfLYP1sLbozNY +3qE3wAIerkGgCgMuVp5XDJAlkO4MHQIDAQABAoICAQCQ0IgdFJtfI4O8ImcLcgo6 +8N4MORtxunFiCnCickXB3aXmIe61gR43O84wvqGHGABJk09GzQTp1N+oaPUcRW/C +F2xXQAl/i0nPTOxwJPCR1PUGj/RO5LkUJMs/dpBjntE9nPGSZG9cZP1LvaCB6Q/D +rzzQiERBU0FLJkyoB2tnjsXV4pKUeDwBCOv9sqnjpnCFFUyDz0qr67WR0+rI/UwN +AHTV1JqzyZrjFjtLhAB///7h1iIPPNBP5fDCFbuH0avL1Mspi4QYm15Yp7Y93jR+ +mtPOFzHXXwyczk3Tr8TU9i4d1a46iTDpWpsriK78nHeHaFNRzy/z2zai9vP3aC4W +UV0F/57y7KS++lQKG+fZZVz7DcV1CysehL/xxZo+B1RmBXfmWD0hGhnKeIL6jShh +FfILWQ63EgTAMRzvEmOpnW6VemF5IHAA0yYHbfs8uebZrXRf7v3WdyWwK57/d9Gy +YHCNMH3cP1J+/1BCzvNhXBRu/YDLgcPMJFklMm6gOdcsy3lA5GpNIRmOiiGaoYQs +KozLyPlmt7s6dP3VrAnnRXCzm140wMzKAq8L1o1gNOsXV06ig609DUMHUbfxT04W +4anjyiJTvBWrNr2FxOjuZPqleIApZR+GPFm17IFapmlPN7cOrYlXs786a5qyYoED +jdjNh6RWNdDM0iiPVt9VBQKCAQEA+fBvRiphuSnqiSVvosb3gB1bY2phHzLJjTPB +2sx2L9TdBQdv5JMh9ugbJO06CQgT1JLghtB4/CKDAjgAvSayXeNws1KVgpIUQdq4 +Nat6G+UNRtRuCQwrEkiKEmHbMQHdkzirzDPdzgp/tnl/HXDgji9UZEItnSi8OCdM +Ofocp1SHBpdbxDm3OEGH/v46MhT0S+nfL6Y1V8pYBd52tTv+CWh5yDDHtrsDmJfq +tVv6Gs1EOq4L8DcdDQltqf31KXC2YR6ANA4/XvuK+nsObjkj2jHIFrUMzaOWwxxd +mLlLdqy98M3+kiLTzCyhxLY5/WPB1+stgDi9QSYm7cxfnNK3MwKCAQEA0Vx9v84a +TH/2NUGciLTDmrwXZ5Au18JZJk6JYYRsxekT+C8HgGxKz3UY411Bxj2ZDRprrnMh +XCQz0BjOrSpaDnB7mlLUWoo7ykLoDWWarSD4sJjlK6fJm0D3ke4Na8RJNWLUxqoH +wyqx5ikJXc/g8aRFlHWu5g2gkjIp+Tl572xMx/XaT+IJ/ZCZU6Fzq+IBf258Z7Dn +/HowxPgxd63wsZPTo4H+H0xUkjad9ggfurBgGfGUkxCOc2pw/vm4URuQGEHb6aNe +DHoHT/8vI/wsAaLB0aCSq4aWRe/2GVYV1xueWpd8EWM0KE1N7PAMGCjE6AuWd7fU +Ksu+D7onpVjvbwKCAQEAyBE6QUQzrXBsGRQqZHY4MAlP2iiRTdPtmmXPy0DXajpO +IXRukN1l1qq877YlOo2IsiRQLho6fjlx/RivHroXFSi2UhTNMROVu5FE21FEEYgs +NIJfAkcHQz9lpolGV9hScUJv4qmx5vhoeryOkBaG6cnhF9ARizfMUnbCgbY/sYHs +A86s2koI67MpFWiTVPuJAitXSGEXWgrSowAMrc4z73v9382MUC0rF76jVkEl1sZw +0zf2vnaffowJiIWM9XsPwnYT0ZeGCpX4DcDrMDf1BvfKXsLWWNWWHOBb26CXU4u7 +D0MVgAz41Pr1Eu17ReXQiPHsHjNM6xWLG9b4wiO6GQKCAQBibJMJiwE+GaJL4y6N +7j1PD0IJg/UhpdJ3edCIMdNZL3wd3y4tp7t70FcE/KCha+/6AwPAnYt/X92j5SW0 +rwZrZ2IUaQBAGGCHc/DX635OCgQgMaD7ZwQWovJAfqN8mGi6Wl4hj2nazMWZqI0o +t0PPFiVH6BNzP9DPKholemnirw1hrCkYCPIdbM9IS8yvb664k96UeMx3G5K15uCK +nRFcylxisAgh+qZ/noGgWq1f/O8RA0uP3+a4R8AbfpayOr0BSmTyb8UVJIEvkI4+ +4pxloHhx7oVFch5PfsI5owjdebR2bmT7X6HzmHQcAbYN3YzEcj4oxhlOjT4q8p8U +0rytAoIBAC0+u5KwNUYHzgi7nnQeCNwoYnJpo3+8Sm2GKxzntj7omyMJQd9MsvjI +tWdvuwGv04B9WxEz+oY1RDP+5GETd0PrYaDJwIuqbsCHU4g0R5gy0gF5msb07NIw +/+wTTTcYpgUc166KBCTXZk68W86KL2F2i3q4pHx4HB2xYdNnqFjn3Ih7c4sYTuX1 ++iWxOQtgZVwAC6kc/FW1kV0Jhmq5FCsiIExfTRmObmjO/R1lZS5PuzYPmwpbJ/9m +4dlne1W/MIiVLcQgXHnNzFLcOHrLCTR/TLV6l4vVe9BHFnc6OX4Vf/hAwA93sEm0 +xaPMnGMcWU4pg8ytNSMuYDfobC5hPxo= +-----END PRIVATE KEY----- |