On 03/11/2016 06:02 PM, Jimmy Zhang wrote:
From: Alban Bedel <alban.bedel@xxxxxxxxxxxxxxxxx>
Add the support code needed to sign the RCM messages with RSA-PSS as
needed to communicate with secured production devices. This mode is
enabled by passing a key via the --pkc command line argument. If such
a key is set the RCM messages will be signed with it as well as the
bootloader.
Signed-off-by: Alban Bedel <alban.bedel@xxxxxxxxxxxxxxxxx>
Signed-off-by: Jimmy Zhang <jimmzhang@xxxxxxxxxx>
--
Nit: That needs to be --- not -- for git to recognize it as the end of
the commit description.
Changelog:
V3: * Download bl sig only when op_mode is SECURE_PKC
* Generate cmac_hash even when --pkc option is present so that
an unfused board can still run with --pkc option.
* Added Error Check on key length
Nit: The message subject says "V2".
In all the patches in this series, please make sure that all the files
you edit contain an NVIDIA copyright message which references the year
2016. If not, please add/update the message.
diff --git a/src/rsa-pss.cpp b/src/rsa-pss.cpp
+extern "C" int rsa_pss_sign_file(const char *key_file, const char *msg_file,
+ unsigned char *sig_buf)
+ int length = signature.length();
+ // error check
+ if (length != RCM_RSA_SIG_SIZE)
+ throw std::length_error("incorrect rsa key length");
I think that check is required in rsa_pss_sign() too.
--
To unsubscribe from this list: send the line "unsubscribe linux-tegra" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
