RE: [tegrarcm PATCH V2 1/4] Add support for production devices secured with PKC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


> -----Original Message-----
> From: Stephen Warren [mailto:swarren@xxxxxxxxxxxxx]
> Sent: Monday, March 14, 2016 11:40 AM
> To: Jimmy Zhang
> Cc: Allen Martin; Stephen Warren; alban.bedel@xxxxxxxxxxxxxxxxx; linux-
> tegra@xxxxxxxxxxxxxxx
> Subject: Re: [tegrarcm PATCH V2 1/4] Add support for production devices
> secured with PKC
> 
> On 03/11/2016 06:02 PM, Jimmy Zhang wrote:
> > From: Alban Bedel <alban.bedel@xxxxxxxxxxxxxxxxx>
> >
> > Add the support code needed to sign the RCM messages with RSA-PSS as
> > needed to communicate with secured production devices. This mode is
> > enabled by passing a key via the --pkc command line argument. If such
> > a key is set the RCM messages will be signed with it as well as the
> > bootloader.
> >
> > Signed-off-by: Alban Bedel <alban.bedel@xxxxxxxxxxxxxxxxx>
> > Signed-off-by: Jimmy Zhang <jimmzhang@xxxxxxxxxx>
> >
> > --
> 
> Nit: That needs to be --- not -- for git to recognize it as the end of the commit
> description.
> 
> > Changelog:
> > V3: * Download bl sig only when op_mode is SECURE_PKC
> >      * Generate cmac_hash even when --pkc option is present so that
> >        an unfused board can still run with --pkc option.
> >      * Added Error Check on key length
> 
> Nit: The message subject says "V2".
> 
> In all the patches in this series, please make sure that all the files you edit
> contain an NVIDIA copyright message which references the year 2016. If not,
> please add/update the message.
> 
> > diff --git a/src/rsa-pss.cpp b/src/rsa-pss.cpp
> 
> > +extern "C" int rsa_pss_sign_file(const char *key_file, const char
> *msg_file,
> > +			unsigned char *sig_buf)
> 
> > +		int length = signature.length();
> > +		// error check
> > +		if (length != RCM_RSA_SIG_SIZE)
> > +			throw std::length_error("incorrect rsa key length");
> 
> I think that check is required in rsa_pss_sign() too.

I checked key's modulus length there. Once it passes, key's length should be correct.
--
To unsubscribe from this list: send the line "unsubscribe linux-tegra" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [ARM Kernel]     [Linux ARM]     [Linux ARM MSM]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux