Use the recovery key to authenticate recovery images
Change-Id: I41777ac762967b0372b4b757e48fb5f4b5eb3fee
diff --git a/arch/arm/boards/optimus/optimus.c b/arch/arm/boards/optimus/optimus.c
index b00210d..17beae0 100644
--- a/arch/arm/boards/optimus/optimus.c
+++ b/arch/arm/boards/optimus/optimus.c
@@ -55,6 +55,7 @@
#include <board_id.h>
#include <tpm_lite/tlcl.h>
#include <environment.h>
+#include <recovery.h>
#define PHY_DEVICE "phy0"
diff --git a/commands/bootm.c b/commands/bootm.c
index c193819..747b8a8 100644
--- a/commands/bootm.c
+++ b/commands/bootm.c
@@ -49,6 +49,7 @@
#include <secure_boot.h>
#include <antirebootloop.h>
#include <board_id.h>
+#include <recovery.h>
#ifdef CONFIG_NAND_COMCERTO_ECC_HW_BCH
extern uint32_t temp_nand_ecc_errors[];
@@ -334,9 +335,16 @@
goto err_out;
}
- if (rsa_get_public_key(board_id, &public_key) != 0) {
- printf("Could not get public key!\n");
- goto err_out;
+ if (!is_recovery_mode()) {
+ if (rsa_get_public_key(board_id, &public_key) != 0) {
+ printf("Could not get public key!\n");
+ goto err_out;
+ }
+ } else {
+ if (rsa_get_recovery_key(board_id, &public_key) != 0) {
+ printf("Could not get public key!\n");
+ goto err_out;
+ }
}
if (rsa_verify(public_key, sig, SB_SIG_LEN, hash) != 0) {
diff --git a/include/recovery.h b/include/recovery.h
new file mode 100644
index 0000000..a815bbd
--- /dev/null
+++ b/include/recovery.h
@@ -0,0 +1,6 @@
+#ifndef __RECOVERY_H
+#define __RECOVERY_H
+
+int is_recovery_mode(void);
+
+#endif /* __RECOVERY_H */
diff --git a/include/rsa_public_key.h b/include/rsa_public_key.h
index 71a0825..447cec6 100644
--- a/include/rsa_public_key.h
+++ b/include/rsa_public_key.h
@@ -19,4 +19,8 @@
int rsa_get_public_key(int board_id, const struct rsa_public_key **key);
+#ifdef CONFIG_COMCERTO_BOOTLOADER
+int rsa_get_recovery_key(int board_id, const struct rsa_public_key **key);
+#endif
+
#endif
diff --git a/lib/rsa/rsa_public_keys.c b/lib/rsa/rsa_public_keys.c
index fa40dc9..871aac6 100644
--- a/lib/rsa/rsa_public_keys.c
+++ b/lib/rsa/rsa_public_keys.c
@@ -142,6 +142,45 @@
};
#endif
+#ifdef CONFIG_COMCERTO_BOOTLOADER
+/* Keys to verify the signature of a recovery image */
+static const struct rsa_public_key recovery_keys[] = {
+ /* Optimus / Sideswipe */
+ {
+ },
+
+ /* SpaceCast */
+ { .n0inv = 2795114361u,
+ .modulus = {
+ 0xe17fd537, 0xa3c8cb00, 0x932ee36d, 0xc73c251a, 0xfab26fa4, 0x60c7ab00,
+ 0x1468dbfd, 0xcff11b21, 0xcff22a1d, 0x98057ec2, 0x052fc7ea, 0x8adc183c,
+ 0xcb273fca, 0xca676ea5, 0x32ec71b3, 0xf85c1297, 0xd1361b2f, 0x3b042ba7,
+ 0x6f1298a3, 0x3cbb1ec3, 0xf3f3236f, 0xc5911a46, 0x5763bb53, 0x8245bffc,
+ 0xca4164d8, 0xc1bf0062, 0x85471268, 0x68a0c01d, 0x3c296f90, 0xabd8d75d,
+ 0xe23924fa, 0xcc5662cf, 0x77a4d814, 0x113c5183, 0x31e559ba, 0xb6c08aa4,
+ 0x22a2bef9, 0x313739a1, 0xa8a57320, 0xab7241eb, 0x9e0c9dea, 0x01c255eb,
+ 0xe40b3989, 0x2f01f596, 0x8356d053, 0x78e23be2, 0x8f0d9f9f, 0x09022096,
+ 0x34a371a4, 0x0920ec0a, 0x5436f15d, 0x747537ec, 0xaf363081, 0xdbb6cc2e,
+ 0x229d8b82, 0x4b9b298c, 0x7bf3f4c9, 0xf2447fb3, 0xf95c482f, 0x4413e804,
+ 0x122bab97, 0x4f99ee1e, 0x148b2564, 0xad1c425d
+ },
+ .rr = {
+ 0xb5e135c2, 0xe5d20b16, 0xd657f9f6, 0xe957d210, 0x9dfd33c9, 0x71bedfc7,
+ 0xeb570397, 0x356df96e, 0x30d89660, 0x90f4f10a, 0x88113810, 0x785cf0e1,
+ 0xb14858e8, 0xd7aeba86, 0xc7995ce2, 0x14872d4e, 0x1d87cf00, 0xa97490ff,
+ 0x8c4bdf64, 0x61dcbe9d, 0x989499eb, 0x4bd61725, 0x9625bf64, 0x288391af,
+ 0xbfaa0134, 0xf90b0d27, 0x951a1bd2, 0xa9f5468f, 0x76e41638, 0xefcb50f4,
+ 0xaa8eec52, 0x0421f434, 0xbf89794f, 0x08ed9a86, 0x9808d3e7, 0xc34c72f8,
+ 0xd25c759a, 0x10d0442c, 0x35e606fc, 0x977e88e8, 0x2c3b4f81, 0x973bcf11,
+ 0x7704760d, 0xbba4cbcd, 0xf0fe3a2b, 0x76813378, 0x90791b81, 0xad678e73,
+ 0x8620d2cc, 0x3fa28ae1, 0xdf9f91c3, 0xba2fa335, 0x4dffb2c0, 0x61c27230,
+ 0x98665fe1, 0x6378d57b, 0xcbb52ffd, 0xecda0f98, 0x69635ba9, 0xe9f2d4a1,
+ 0x8ae1b8d7, 0x079a8d27, 0x62294cff, 0x75017f67
+ },
+ },
+};
+#endif
+
static int get_key_id(int board_id) {
if ((board_id < 0) || (board_id > MAX_BOARD_ID)) {
printf("Invalid board ID: %d\n", board_id);
@@ -161,3 +200,16 @@
return 0;
}
+
+#ifdef CONFIG_COMCERTO_BOOTLOADER
+int rsa_get_recovery_key(int board_id, const struct rsa_public_key **key) {
+ int index = get_key_id(board_id);
+ if (index < 0) {
+ return -1;
+ }
+
+ *key = &recovery_keys[index];
+
+ return 0;
+}
+#endif