From patchwork Sat Aug 5 11:34:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 710647 Delivered-To: patch@linaro.org Received: by 2002:a05:6359:d30:b0:129:c516:61db with SMTP id gp48csp502109rwb; Sat, 5 Aug 2023 04:36:00 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFf4JLPhnKgLewqoeKetvDfsB+ji3BrYr1vTe7lSxOzc0xKU2LxDabwnzsbv4sGwTJVwQ6p X-Received: by 2002:a2e:890e:0:b0:2ba:18e5:106d with SMTP id d14-20020a2e890e000000b002ba18e5106dmr3504351lji.1.1691235359888; Sat, 05 Aug 2023 04:35:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691235359; cv=none; d=google.com; s=arc-20160816; b=pK0YgM4z54kTspoExKeJT5jsS7Gct9MM9nSLiRzt0sdMZ83Ry3Py4ZgT832kCD2oaD AVO0NpKzfKld4Ah1wDXddhnSi2rM2JJNkcug/1DGz//emxda/WDGTM0ZGiQ0dHVcGGGK Gkj9UL0KBVYIP+ELGwqBiJYEmoVxahD/QYg3rDNC+cTme+wmMK5RvoyVKlgGyr6WhK8z bFBGgj3bg3kgG5BzhmscwiGhD5rc4U6jENlYdo5jpLbTjgjXu7x0Tjl1Mx12a9GLt3Wk gBGeLyt9ueilHS2mv7NHdwwuGZIay6S54GbU00NK3hnaXXyAqfp47Y121B5QwiLmkoHQ 6M5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=A7lvXRf3B9E4315U+qE6c147ME1pW5iQy9FQoWJPHVo=; fh=pvWoYJ8DnC9IyTD46q2s71hlWpPSBdE/YYp0/eyIYcc=; b=cAqu+7ldOqZq+ZI04B3li39Clpyevnp8cnAMKchp/yM1+pu2te8pig4tzgta/wHeyY 8LU9uDQqRK95kG7x2DWK/qTmgOpq1SDfWDNHZwzCS6M8Wl1lUlTwLutnLK2Doo5pjDTW J/kOHjL+emAJ4oQ9FLC/x8XZ7gV9mDRNXAqqRf0/SOx/XVNFprSTuE0lF/jQiui3Ft1T GDPxJXfhvktXdyvlyvF3IBYtS86cRgf6dVnJnANbBnflG+e9+qMPhC+RGkPvdK2EfDIS 23kgvwtm4rdvdPdcF1nKRfBBc3wx5FSSD/lKQIn7COt6UHav7Gtz45/QeOPAWFZc904F fKeg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id e3-20020a056000194300b0031771ad848esi2065909wry.146.2023.08.05.04.35.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 05 Aug 2023 04:35:59 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2F09F867C3; Sat, 5 Aug 2023 13:35:39 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 03EA9861F7; Sat, 5 Aug 2023 13:35:38 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 8DF81867D6 for ; Sat, 5 Aug 2023 13:35:32 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9C59A1007; Sat, 5 Aug 2023 04:36:14 -0700 (PDT) Received: from a076522.blr.arm.com (unknown [10.162.46.7]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 20B943F5A1; Sat, 5 Aug 2023 04:35:28 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Malte Schmidt , Michal Simek , Tom Rini , Sughosh Ganu Subject: [PATCH v7 03/11] sandbox: capsule: Add keys and certificates needed for capsule update testing Date: Sat, 5 Aug 2023 17:04:50 +0530 Message-Id: <20230805113458.1430239-4-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230805113458.1430239-1-sughosh.ganu@linaro.org> References: <20230805113458.1430239-1-sughosh.ganu@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Add the private keys and public key certificates which are to be used for capsule authentication while testing the EFI capsule update functionality. There are two pairs of private and public keys. The SIGNER.{key,crt} pair will be used for signing capsules, whilst the SIGNER2.{key,crt} pair is to be used as malicious keys for testing authentication failure cases. The SIGNER.crt is also converted to an EFI Signature List(ESL) file, SIGNER.esl, which is embedded in the platform's device-tree for capsule authentication. Signed-off-by: Sughosh Ganu --- Changes since V6: * New patch that puts the keys and cert files under board/sandbox/ directory as suggested Simon Glass. board/sandbox/SIGNER.crt | 19 +++++++++++++++++++ board/sandbox/SIGNER.esl | Bin 0 -> 831 bytes board/sandbox/SIGNER.key | 28 ++++++++++++++++++++++++++++ board/sandbox/SIGNER2.crt | 19 +++++++++++++++++++ board/sandbox/SIGNER2.key | 28 ++++++++++++++++++++++++++++ 5 files changed, 94 insertions(+) create mode 100644 board/sandbox/SIGNER.crt create mode 100644 board/sandbox/SIGNER.esl create mode 100644 board/sandbox/SIGNER.key create mode 100644 board/sandbox/SIGNER2.crt create mode 100644 board/sandbox/SIGNER2.key diff --git a/board/sandbox/SIGNER.crt b/board/sandbox/SIGNER.crt new file mode 100644 index 0000000000..82d8576a64 --- /dev/null +++ b/board/sandbox/SIGNER.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDzCCAfegAwIBAgIUUzrWhMi7oPFshQP6eFlccqf7exswDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLVEVTVF9TSUdORVIwIBcNMjMwODA0MTgwNzQyWhgPMzAw +MzEwMDYxODA3NDJaMBYxFDASBgNVBAMMC1RFU1RfU0lHTkVSMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAX2ldD9Y0c0utd1NU/uFW7jFbMRV4cByWOc ++Rcer/nFgX9yta7ivu3BJ1ueWR17zRNiQpIzLyEipoSPwyyViD5wLrPLRXVP0dru +aCWyiPm+hm7mpjvwhvR7F2efJTguq9nJI4scaL7APUhbIXHHSL9mK8IlbFnshaR/ +qwd//nBW64HVqWlHNd+uxpFP2Qp0kQwb1b80USNWuMtjaIBam2R1xxDac1jSd001 +4X/XcDORxRpJl+0gONw7Ws2nuggeBGlCsy2Fo9/mngEG3bwa7qSmUM9T1Cp+1+vg +Rmi7ox7Yb4m2KaTXoD76mydcQW7+fQkCvpUVC8AtOTWMOfrCMQIDAQABo1MwUTAd +BgNVHQ4EFgQUHvG7Xchqzwdggky+oyzlpNem8UowHwYDVR0jBBgwFoAUHvG7Xchq +zwdggky+oyzlpNem8UowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAUn1ncSqeXbQAHNrVOFldLwu70hNlMxf2z4EfH2M7vJgrpwkRuIFw7PXNITBh +CImd/ghm5NGFysrK7BwdHkFvUXZV3rE93BhcLC9leWfky33kW9olIzpE14i5FfBn +ABmaokPhOrzAneGzU35sZHNotlqOrzgpKVkpOWrykhYZ5Qjk8Sz0xvzuG8TJc20s +2og+W8Rm2u/xI9xPxtFbq9vUjvFS35o1pm+vkzpgNdo4YS1PG37BW/aopsooLSk7 +9Rxv5vzNXtQqeZ5qBdKbAVh3OsgqwigTmXVvOX3xpy9r9qiimhaISxCt83RZ7wQW +I19t9pXyxAi6u7MRhJZlAeH/3w== +-----END CERTIFICATE----- diff --git a/board/sandbox/SIGNER.esl b/board/sandbox/SIGNER.esl new file mode 100644 index 0000000000000000000000000000000000000000..f8cc272309b2f80113c29e22bc9fdd5c767b4667 GIT binary patch literal 831 zcmZ1&d0^?2Da*aux2_hA(f&|m&&&V@%1|1@gOCPI%=`vTjNcb9GchtTi3D3+YdNud z!N;6d=3f<&F-6ONS4$i4vT_x7NA^t?#f z>a)U0PLquF6_u8?^dHul+F@6qxB0YdssF`W?=n<3b^P4dmiKI#^@p}E)#B;%RW0;Z z-#n?@Et9eDfUQTgV&QR*{b|~VRC6NVv@WS%&0hbnAnbMH)s>mjlOWk4kw?f2&||$2#il@?9KqESXN5 zbz2wTe>RVi?d~3_cT1K9oDaUDRd@aM1GkLbi{)Ma(#i_ui5G`j(PuTIhpoN z73DslYiZhJ`RkA&6EhzH z-bULy5-~dZsg>zZPS-w(zNM;c<#N4ar|5@t2FY2AoF7{4IWYI(=HR-Vl;VtSQGM$z zG&LhNEwesN5|ez&@#LeqJ9NJDsL xX})Fc$L0Fj-&QP|CD!3Bu=aCF