From aecc80b05d1da6d006d6a281e5d51ea28e2319f6 Mon Sep 17 00:00:00 2001 From: Klaus Heinrich Kiwi Date: Tue, 9 Mar 2021 21:09:40 -0300 Subject: meta-aspeed: Add development key for socsec sign Add a development (insecure, also known as 'imprint') key to u-boot-aspeed-sdk that can be used through socsec for signing the SPL on ASPEED AST2600 devices. The keypair was generated according to socsec's documentation, using: $ openssl genrsa -out rsa_oem_dss_key.pem 4096 $ openssl rsa -in rsa_oem_dss_key.pem -pubout \ -out rsa_pub_oem_dss_key.pem Signed-off-by: Klaus Heinrich Kiwi Change-Id: I9c03ed9603d7362e033862dd1e5138ba7164f13d --- .../recipes-bsp/u-boot/files/rsa_oem_dss_key.pem | 59 ++++++++++++++++++++++ .../u-boot/files/rsa_pub_oem_dss_key.pem | 18 +++++++ .../u-boot/u-boot-aspeed-sdk_2019.04.bb | 4 ++ 3 files changed, 81 insertions(+) create mode 100644 meta-aspeed/recipes-bsp/u-boot/files/rsa_oem_dss_key.pem create mode 100644 meta-aspeed/recipes-bsp/u-boot/files/rsa_pub_oem_dss_key.pem diff --git a/meta-aspeed/recipes-bsp/u-boot/files/rsa_oem_dss_key.pem b/meta-aspeed/recipes-bsp/u-boot/files/rsa_oem_dss_key.pem new file mode 100644 index 000000000..a3474c437 --- /dev/null +++ b/meta-aspeed/recipes-bsp/u-boot/files/rsa_oem_dss_key.pem @@ -0,0 +1,59 @@ +# U-Boot SPL 'Insecure' key (also known as 'development' or +# 'imprint' key), used to sign development images of the ASPEED +# AST2600 boards' U-boot SPL. This key SHOULD NOT be used to +# sign production images. +# This key is 4096 bits in size and any key overriding it must +# also change the SOCSEC_SIGN_ALGO variable. +# See meta-aspeed/classes/socsec-sign.bbclass for more info. + +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEA6hC1IHlB4SqRbesC8BtC00icAYUuYmAiO6CHCyph2Pv2CQT5 +Yct8WSKA/6kNAUpsJwlM18ZX0yMcGVZeS9058hgZdMgoDC57Jw5Tw5foN6CBBF72 +oJM5Z+wAjD41jiX1T2tsCvlWLeNOS1RcqViLDOdk++olpVgsSlAvW23DmblVxVhz +67L55vK6lc4r/VcVtHJ2bdehjk6j/BcehdQchhz76fpL9EBZJ1tm9k+m7aRhhRqf +BJUP5/Jl1+paRY1dBDVzjmE+DneVYvBuMfvh3gQlQVwomsdImH/VuWQc9xAozacB +s6RtWHxIS+uf9qUDR622mKueKojH3PPMO+4su5EGRNKAAH9dS356pqhzpmZvgFvU +J7zZFxQBfjpMrF+fGHUD0QkUofAxlpeyldv/+ubxzwUm0PrYGIhowuPItT7/ASqz +xCKa/dfYVCTlPSJOP+Wi00pJBZOFuDk4HHao98BCUeGE4t065Di81GZ2F9amf5B/ +/jIjkM3o9vrThe3GWbWtP3kmw7OQyMeUzUKxIUTq3cvblNpo80gfYzYwWQakjhE6 +aV7xLQIxv28c8I2JrsvjXQIAg77W/XdT/+rS53k3DgrcjK7l7nWjmOxXr6p9f9fF +HXF/fmEYeeuK6NaFH24LW97jk+IRjv8ig29ZyrzEctuzky80lHcVFYnE/3cCAwEA +AQKCAgAqf0wTkFCIzEzJU0EeTSTN7cH9eKvaSrAMeXHrcg9/8QdTzeZlfieem2gm +gxAMavHGCKc+ChIKELbaVtcaGRmbPgrpLCoxRAMyLSTCP4N3Dho+q+tFblWe67eR +vv3ESFoIyG0+dNTT0hB2FuQYDy538k9gebvKEH9CItrmU8CO2ZqcERpC8iTzbKC5 +8EwGXFhhgeLEwMDhcJ/PdnchP0jKhNqsObiuqTxGrA6+q+mX/h+Cpjm3AEV6DIW3 +NSKcvDTmPbo0YK1+vPGPnC21v5Db2Y7WFiB9Ma+ZmKQ6W9Xyeame5TKm5jTAOxh5 +SFer1XwJ+J1NjONTv6/iCxXKz8ypDJ9wiFQ7Hb3u84+jQiTWhjpFbnvT3lkN+Z8i +Q7z7QSYcIGHdH1q9x/LkuG5zzGB0yRMAnayzUiyTyQbNRZZHbB4mNB1zWFocUwv5 +bpnACt5NtsxwCJHVZRpffBcekM0AjKXWQ4oxJPcAmhqh2MIu4vmEG6cfMYGP+dpP +R2unAbs3kSAEwvZaydPZmgi9TYLViYWrxXuloGBow1naisQCY3R9XVzLYmCVEvng +20C7odj8or+Qrx6qa1m06RLUsHexKyniIYLbwfPcHIf9afdKv7N/ruGH4u+Nv/2B +I62a9IfOUobBBnSbeA5nHk9bC2G2MBUCwW9jP1Vd4TcXwJwmsQKCAQEA98gY0ZGC +rlj/SOxTYo/6GSfmjHeXJzxWXmH6UDFUMphkaO0RWa/cq2szShdaQa2JKrU4G5xR +K+hYKSotlWb5EjQPQX5uaieI61UWsPbAqs6MSqZyYvgDKeBV40urXrR5ImivsUAO +DKwoNMa4z8JIaKdHB0kT1vK9G/QiLPtJ6Wh8q0+hp+1T/IodXOR3zFHkURJVwVob +Wbas0ZXXMhi1ywO7ZmZRXpnNOQv/m09hBUYGwITAp/KBxaeseGxhR3r6l9rmNtJI +i40/90QHMCXtEwHRvUGTOP8he2n4AhhXQrlr3WOqFrku3y1e+BfLFEOo92j+WjA3 +skFsQsFy8motrwKCAQEA8dQlQMqeC69+ldd/64xaaqa5LuxLhPY5aYu5d3OCuoTF +l6cviKut3h18QLyuy28ZFaI1b/pPS8lvZntw6ryXGNutH6sz0Wtf0Joe/2JT1ZLs +Ra2Np0VZcJmlaFk0XC/CX344gGv5CqSwPqtNn2/Ej76ReRLh0q/hdJdTqKtTHYMe +t3VDZIJwrd5iqFH8Yygd/FFqIfgPSRo1V7ylXj9UEke2zy82dki2kBeeMo+wDLGV +rULejvN9h8IVBK0bBymBSjLXcSN5q4T092lGAV6aMBRcD5n2g6RMeFGE9oimfIWy +WmThXgV6O1OQYA7t6SxCDAcfQZc41Zj2y3dOhPDEuQKCAQBN9MNyM9Ckn9V5kPjP +GrM59ObBLOL+cipOOY8yacKuxGla5bM+v2iy+eBCIETCQyHTsP49GZokMU6DbQS4 +a5RTWNOv7GI6vcODHtsrxAZr9t4GooV8g8EjDLSY9XauLiOqYrtcDeYdsJBZwmfk +3aBAZNig/ynhx68du1qBQnJHoBsRHtWiarWwz5dbYXoba2xk4VrfoUTXnfSTYAw7 +c7DGdZ8hIXHaTJNXrmG18Gx650Q6j8m5TT/s+sr1fEvC3Hs5CaLCfrhaR49ncRy9 +1kDXaQwe+iGingpftMBVkGjr0kCQf8nEqnCHwNOPRJUdBAiGBp93qpHrYE/6VLig +ci17AoIBAQC3+F0y0jGz0Blr4tqFFmw+kIF2qfq1tx9sJQi+T9jXDmTHfz+RKJIH +1MSO9zu+tdEOfS1L98/VZvPhsezwFvKXzZ8B5ZtxKM9mgaktPd9rLe+i/moyI3bs +S2bjYGGN9CNZxEs1n26BY1JVCrrtnPibJi3DPtMfFgBdUzYordV4MSTwCjxvvS/9 +hZ3mUSDBSmataj5kgzMVuON10KS5c1IA6h+vtEopaB3CtsT50AftUDf+7E0l0STh +X4vf19Uk+LVL/iuZ/ZP1IRu/EI5aQl7oTsTOdaFs+lPWgKW3a7PELW3GiNJOVbps +YaEHArSJW8sPHWfw3Rs2m7y8gxHv3r65AoIBAQCmrMwqEnN3J4S0rx62/Kohkfqo +QQNnG/r4d07z0UbBheO2PRWFqBbyv32j3stoQeNmbA1Fzn6Wsx434o5n/VyA+g9D +dRc4X0l46UAPkuZrB20vxgso06QkPtSy7IFVGgqKYy+JG94me5nfIRUhqqF57N+x +gR73fSnykARPFqvG8XG78Aki43U9gQUlq0094eenZu4ikZq1bHslR4/zPMGzwHzb +6gMk5/nAdCrI9F1mKmSt3AnfpkWIYiGZUIoOnv12+dUZc7E5sT+cUI2JZr1CegJ1 +c4XKN2hkZb4MP95cE4rh7DGodZDW5KjiViXHVExUrdv3jBoZlX+Af6atm0K0 +-----END RSA PRIVATE KEY----- diff --git a/meta-aspeed/recipes-bsp/u-boot/files/rsa_pub_oem_dss_key.pem b/meta-aspeed/recipes-bsp/u-boot/files/rsa_pub_oem_dss_key.pem new file mode 100644 index 000000000..e3800179c --- /dev/null +++ b/meta-aspeed/recipes-bsp/u-boot/files/rsa_pub_oem_dss_key.pem @@ -0,0 +1,18 @@ +# Public portion of the U-Boot SPL 'Insecure' key kept here +# as a convenience. +# Please refer to 'rsa_oem_dss_key.pem' for more info + +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6hC1IHlB4SqRbesC8BtC +00icAYUuYmAiO6CHCyph2Pv2CQT5Yct8WSKA/6kNAUpsJwlM18ZX0yMcGVZeS905 +8hgZdMgoDC57Jw5Tw5foN6CBBF72oJM5Z+wAjD41jiX1T2tsCvlWLeNOS1RcqViL +DOdk++olpVgsSlAvW23DmblVxVhz67L55vK6lc4r/VcVtHJ2bdehjk6j/BcehdQc +hhz76fpL9EBZJ1tm9k+m7aRhhRqfBJUP5/Jl1+paRY1dBDVzjmE+DneVYvBuMfvh +3gQlQVwomsdImH/VuWQc9xAozacBs6RtWHxIS+uf9qUDR622mKueKojH3PPMO+4s +u5EGRNKAAH9dS356pqhzpmZvgFvUJ7zZFxQBfjpMrF+fGHUD0QkUofAxlpeyldv/ ++ubxzwUm0PrYGIhowuPItT7/ASqzxCKa/dfYVCTlPSJOP+Wi00pJBZOFuDk4HHao +98BCUeGE4t065Di81GZ2F9amf5B//jIjkM3o9vrThe3GWbWtP3kmw7OQyMeUzUKx +IUTq3cvblNpo80gfYzYwWQakjhE6aV7xLQIxv28c8I2JrsvjXQIAg77W/XdT/+rS +53k3DgrcjK7l7nWjmOxXr6p9f9fFHXF/fmEYeeuK6NaFH24LW97jk+IRjv8ig29Z +yrzEctuzky80lHcVFYnE/3cCAwEAAQ== +-----END PUBLIC KEY----- diff --git a/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb b/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb index 54884b0f1..727c62d27 100644 --- a/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb +++ b/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb @@ -9,6 +9,10 @@ PROVIDES += "u-boot" DEPENDS += "bc-native dtc-native" SRC_URI_append_df-phosphor-mmc = " file://u-boot-env-ast2600.txt" +SRC_URI += " \ + file://rsa_oem_dss_key.pem;sha256sum=64a379979200d39949d3e5b0038e3fdd5548600b2f7077a17e35422336075ad4 \ + file://rsa_pub_oem_dss_key.pem;sha256sum=40132a694a10af2d1b094b1cb5adab4d6b4db2a35e02d848b2b6a85e60738264 \ + " UBOOT_ENV_SIZE_df-phosphor-mmc = "0x10000" UBOOT_ENV_df-phosphor-mmc = "u-boot-env" -- cgit v1.2.3