On 11/09/2015 10:19 AM, Alban Bedel wrote:
Add the support code needed to sign the RCM with RSA-PSS as needed to communicate with secured production devices. This mode is enabled by passing the --key command line argument. If such a key is set the RCM messages will be signed with it.
IIRC, (at least some) Tegra chips support both SBK (which I believe uses the CMAC hash) and (RSA) PKC. "--key" is a bit of a generic term. It seems best to rename this cmdline option --pkc to make it clear which of the two options it represents, and to allow possible future addition of --sbk support without backwards compatibility issues or inconsistency/confusion in cmdline option naming.
diff --git a/src/main.c b/src/main.c
@@ -123,6 +124,10 @@ static void usage(char *progname)
+ fprintf(stderr, "\t--key=<key.ber>\n"); + fprintf(stderr, "\t\tSpecify the key file for secured devices. The key should be\n"); + fprintf(stderr, "\t\tin DER format\n");
Is that the same format cbootimage uses for its keys? I want to make sure we're not requiring users to convert keys to different formats in order to use different tools.
diff --git a/src/rsa-pss.cpp b/src/rsa-pss.cpp
Please add a copyright header to the new files. -- To unsubscribe from this list: send the line "unsubscribe linux-tegra" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
