socsec: change rsa order to big endian for AST2600 A3

In general, software such as openssl calculates digest(big endian) of input data and uses big-endian digest to sign for RSA signature creation.

However, AST2600 A1 only supports little endian. In other words, AST2600 A1 crypto hardware engine digest output is “little endian”.
That is why our SOCSEC tool reverse signature and digest to match the AST2600 A1 crypto engine design(little endian).

AST2600 A3 changed the design to support big endian. ASPEED recommends using big endian to remain compatible with general software tool design
and therefore SOCSEC tool does not need to reverse digest and signature.

Default to big endian for OpenBMC platforms as A3 is production silicon, and earlier revisions are not well supported.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Change-Id: Iba46f704b86990d53937f104c3c601da5a3c111f

1 files changed, 1 insertions, 1 deletions

diff --git a/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb b/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb
index 1b2820cb5e..575d3876c1 100644
--- a/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb
+++ b/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb
@@ -17,7 +17,7 @@ SRC_URI += " \
 
 SOCSEC_SIGN_KEY ?= "${WORKDIR}/rsa_oem_dss_key.pem"
 SOCSEC_SIGN_ALGO ?= "RSA4096_SHA512"
-SOCSEC_SIGN_EXTRA_OPTS ?= "--stack_intersects_verification_region=false"
+SOCSEC_SIGN_EXTRA_OPTS ?= "--stack_intersects_verification_region=false --rsa_key_order=big"
 
 inherit socsec-sign