On 7/14/23 12:52 AM, Manorit Chawdhry wrote:
Fit signature mechanism through the standards require the presence of .key and .crt in the folder with the same name, since we are using our custMpk only for the signing, update the format to that of standards to be compatible for packaging easily.
Signed-off-by: Manorit Chawdhry m-chawdhry@ti.com
board/ti/keys/custMpk.crt | 33 ++++++++++++++++++++++++++++++ board/ti/keys/custMpk.key | 51 +++++++++++++++++++++++++++++++++++++++++++++++
The key file should be the same as board/ti/keys/custMpk.pem, right? If so why do we need this new name?
Also the crt contains information about the person signing the images, it should be generated at build time from a template, not provided here in binary format. Certs also have an expiration data, so this would become invalid at some point.
This whole series needs split up, the first half seems like mostly reasonable cleanups. But the second half I'm not so sure about and depends on the binman patches.
Andrew
2 files changed, 84 insertions(+)
diff --git a/board/ti/keys/custMpk.crt b/board/ti/keys/custMpk.crt new file mode 100644 index 000000000000..01bd64aae577 --- /dev/null +++ b/board/ti/keys/custMpk.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFwzCCA6sCFHKW0ueol0+vsilVaZyqKhppo9ryMA0GCSqGSIb3DQEBCwUAMIGd +MQswCQYDVQQGEwJVUzELMAkGA1UECAwCVFgxDzANBgNVBAcMBkRhbGxhczEnMCUG +A1UECgweVGV4YXMgSW5zdHJ1bWVudHMgSW5jb3Jwb3JhdGVkMRMwEQYDVQQLDApQ +cm9jZXNzb3JzMRMwEQYDVQQDDApUSSBTdXBwb3J0MR0wGwYJKoZIhvcNAQkBFg5z +dXBwb3J0QHRpLmNvbTAeFw0yMzA2MDEwNTIxMTZaFw0zMzA1MjkwNTIxMTZaMIGd +MQswCQYDVQQGEwJVUzELMAkGA1UECAwCVFgxDzANBgNVBAcMBkRhbGxhczEnMCUG +A1UECgweVGV4YXMgSW5zdHJ1bWVudHMgSW5jb3Jwb3JhdGVkMRMwEQYDVQQLDApQ +cm9jZXNzb3JzMRMwEQYDVQQDDApUSSBTdXBwb3J0MR0wGwYJKoZIhvcNAQkBFg5z +dXBwb3J0QHRpLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL8U +rknYf3LTayPN60gOZdwiTfIOT4L27bXy3dt8kfpuWf/V97beBB2KzNKV2dHgxMH4 +UL//SAyRIlCaTHuL85YKKCazpNngqVVBGvs+Wydsv8rAca8vciLuRgElYq0+xwT2 +sRi2LMASbg/imz7lpqCoBkUDQRdOFh+pdNaETtZ5pxC4EakOkh8l3X+x8tG58mjY +M1lLgn13zNGc+iO0+1iI8s3q1RbyLHUt+mLDwQlu4AZw4LUHCZli2dbk52xtyIIH +UJP34tjt0V/j0J7Pk1TZX91dzjdg8asUigR7Zae6f99FRXxLoVuuTsaUPYxOh9KU +PKTzn9r88jZ85w2tWkI38SqB0G6hp2cDHoftALtzSmgoMaKCmqMEweiH/0V+qsGf +1DsFx4P9IXH+vX84yRYZUg7mAzONHR7JNhzNTp2CKYjNmyq+bF97srI6eQBqffWt +Gp0ezVgqz170ToCrO0/d+NTeNKLEINlZGS2FAl4faLFMjbkRBuktdrVYjFCoN25m +eG+DMEZNNJ+0GEq5u/p7xa7WMhCEhGw/moAzNfxNvNVuYFRQz35tgJcE+o8LIP29 +mCuhN71Z/UrsRaEJixfJchQztwVeEl3iWh3OIVT24erVVaon600J3xlAgi5miRdl +2W6z1jhOjWEW1nTU3hZfURnVQriD0sjeS6lpl7aNAgMBAAEwDQYJKoZIhvcNAQEL +BQADggIBAHy+h1FQKedFTJWgqGJkTwtcym5LyXD6ig8LyhJpVEbXmqK7ZKY2F2hB +PqVbfCZNogszIvl8q3ykz+tcGbfBk3rq+KMUwbk5E29mSMmAJ9DNNozudgKkKq9w +RmcO1bXCEspFgNvNEkYAQCBvMOyH/nCyFu9QzOzN35XIzf0fI3jM6rueLxSXq3xO +7yHUZ3mzAZp6e1Qo6cuABAw1q6KqKYJCnJ3Nq6F42bmGp8mSD+2AuGV8cU+7Z3sh +k/ooFMCsulj1R5+TlKgEfqspQXbefEsvRW3n3ZD8bcQF0ytiX7XVmDMFVpQkTzps +92fjZ08Zcj7bCZQsFXXACIQkMiTiiMW6NwLFZDyq11/B1oe1bhjFUuqqUkHC/PKx +gdWRwluGRt+onFRD5/upXnugKT99j/hQ7sy80a64A1xoCcKVbwcHU7YBQG1vLk6D +idg0vI3gj7v+/jZEPkv/KrqAI6YuvpplkcHkEKuAUFAkozvVJ5pPK3K0xHBJGNMK +kJ9FMAakFj6jfZaR5Ay3ZuOAn5oPMwd6RaauNOzVpBll6DFOyw2rU6fbId/gi841 +drmBfM6ufue6ecslkp9zSOpPLXhjt2g9NRVKPE20CmRetVSDLcMFet7ZImbxqggw +yjDxA7oR+Px+o+xr+djcDlfj6500Rys6W1SNHe99HXOCcpQqivX0 +-----END CERTIFICATE----- diff --git a/board/ti/keys/custMpk.key b/board/ti/keys/custMpk.key new file mode 100644 index 000000000000..adba378c8008 --- /dev/null +++ b/board/ti/keys/custMpk.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAvxSuSdh/ctNrI83rSA5l3CJN8g5PgvbttfLd23yR+m5Z/9X3 +tt4EHYrM0pXZ0eDEwfhQv/9IDJEiUJpMe4vzlgooJrOk2eCpVUEa+z5bJ2y/ysBx +ry9yIu5GASVirT7HBPaxGLYswBJuD+KbPuWmoKgGRQNBF04WH6l01oRO1nmnELgR +qQ6SHyXdf7Hy0bnyaNgzWUuCfXfM0Zz6I7T7WIjyzerVFvIsdS36YsPBCW7gBnDg +tQcJmWLZ1uTnbG3IggdQk/fi2O3RX+PQns+TVNlf3V3ON2DxqxSKBHtlp7p/30VF +fEuhW65OxpQ9jE6H0pQ8pPOf2vzyNnznDa1aQjfxKoHQbqGnZwMeh+0Au3NKaCgx +ooKaowTB6If/RX6qwZ/UOwXHg/0hcf69fzjJFhlSDuYDM40dHsk2HM1OnYIpiM2b +Kr5sX3uysjp5AGp99a0anR7NWCrPXvROgKs7T9341N40osQg2VkZLYUCXh9osUyN +uREG6S12tViMUKg3bmZ4b4MwRk00n7QYSrm7+nvFrtYyEISEbD+agDM1/E281W5g +VFDPfm2AlwT6jwsg/b2YK6E3vVn9SuxFoQmLF8lyFDO3BV4SXeJaHc4hVPbh6tVV +qifrTQnfGUCCLmaJF2XZbrPWOE6NYRbWdNTeFl9RGdVCuIPSyN5LqWmXto0CAwEA +AQKCAgAzkAwcJ0z1GnId/lJQZno8NhGckRoJuEKbR8dwlCP8VUz6Ca5H7Y9kvXDa +Hs/hn+rYgP6hYOz7XyrIX2rmJ/T6dxEwqGeC1+o59FConcIRWHpE5zuGT6JYJL5F +TuZa48bm4v8VMQvQZOjIZpkIFwao8c6HTwKAnHTB5IN/48I2hCt+Cn3RhfoOZ7Rm +4gkpaSkt+7GXlhXHb82YfujNO+hbktEamhUYlQ9EK70Wa8aqmf3gHxO0JgsEFjW8 +lJaSnultlTW8SDcx3LMUUjCYumECk4oX/VlJfmKYjPlVjkr3QQ+Cm3nNucb4K4hc +c+JL+2ERhSj8RjXL7VgbNgdPnIjvQDJuTNqecTU8xWPYrkOLQpNibbLjnutLkhJz +fMyRtmDtrsey8WiCDuCHkPJ8/f8RjL2zWI9fzTDDIzdlEKouUFGOovaHVnbua6pn +hymcu9d9FV3p2rcbj0ivCs7e8j+vhSxFJEJoAbcQdXCTi/n2uR7pLtoMNiUzsejy +d46Uz+KEU920NTwE2z6JJq8I2vegnxjc7PDDrV3/5rK04B93aXiqvwWseCpxelrI +xaMkRHbXrIXRO6MXQ3N+zNq8Dg3hjGTTvaBKuwgvqLwlXY8+Aa3ooFzEOInIOSsI +XcWqXxt/tgZgsj9RwpC42t8kbA+BkbNk9EIUa+P5kEr2P/fO7QKCAQEA4EtArnOX +D6tQF8uTw8USOZC2P9s/ez1z4jRq3oKP0Kv4tJiuIObJ/dUvGVD7aM5v2xaCfhm8 +xpk09VPUgghfG5jR5qVvQr75kCNToJQudWi4ngk1HwKJzzTO11giFEdybvTUA+Pj +fmxCM0dYYqRWZoj0hLqXlUCwxE74BFIhJVjeYbf+nTQrqpllTLoW7MTZHzGx5SXx +4dNzyVAUH49Yt2D8mgXXCkf5sGLh762wj34b/rR10Kr4O5utGMZrfTRIbuQ1pNjU +m66baPzq+mC0BzqZEW70TgEb7lOr8rcVXLOi3r36omfd9/MHx7iZD6o3K1axSO15 +grD4ZrN7Ac3QJwKCAQEA2heCoBdpvy6YUk8AO2k8qDygTdmPQRuwjjT+Z2fMslBt +D7DkpKwZ6Bl9OclcpiiLHmH+hv65KqYg+tR0RRb7PcogB9El9x7yKkGTPZEYWGky +n8P84rJpKwjnwWQvPQktI1cs3YGvZA9DQTFBavRrwuzgd1oSJq5aPQ2tme0kMvWp +l1/B/cPK+PKCi/Wfisaze1TjijP9qIeUwkdNN6WLrLU3QgsGppcg2I7RQtAIikT6 +GkuiOQAvWMsrJVV6PNrVKz4fJDJ59Rz6jbDHZNi1MEYNxQoB/Pl7QIakbfjWpHLv +8Ey7cB2JKxjQy8tmyl8WNQVbXbE6daPXcMTUmaRAKwKCAQBv1lYMJmq+T2eCVen6 +BbvOpE+bi5EdvEiaFBTtmiBnpjg+pJq+oRU60h/H+c9CNR0lGxY6Fk9An4f+g6xE +ojP6KLsQzJCrsVny+wpp2TlJJcxYULMCIVvhy60PR0zG29E9biqBPhJjKUvhEcQK +e3LxcXyq6fdHXphFajLUxLbuTl+kTgBRFoBnclFGbsubh5PTsA3J+p+fQLZNPPar +veg4l82cZykQYU8pGkUaI3sUMYd3+zd7sqRP5JHs9pMGPRmY4YW2CsAIWIn5UZNB +ARMDP76vKKn8cyUgMuxb+9pU/OVLN2NPs4bEaZQJjAwV+YPEwldny7F47xEM9JVz +EtKlAoIBAQDUt62u3GdGE/p5/ZgqWoDRTyDEDfmN9aYFbmbdEP80xQE7FrxMaZhz +K7laja6SWmUm40nQ/c45bQQp4uLtKHcxU15egX7YRBTLZl5o5IasZR79ebnEm2O8 +l9kEZeU1USf3mmWmP4GExOZCRfqaiYA6BbUCdJXTqKdXeWnkAssV8UrS3JFoJHpq +yo7OWGqefyQ8nRW6jO9SW7uaqtUD+7H6aF5XSk3YWvusfdBZrHNH+fM/hpnZovaL +Us7ogTDS/laA8PyK37jYfMVdQhmZoU1Iomt3zkUWK3gt/aWPpfAlQf4Jka4YspZB +tNiijefaZ1hPqsPs5Joyd/YAhdsfaHc1AoIBAQCn/9j6RRjRaw0ip756oad4AXHz +XBwVB2CrY96qT6Hj9Sq7tGgdskqGkOQkAivBLBizUdcWv0t1yenOsSgasQeMlvlh +B8md9cLvpKXPB3HM3rTDH/xNXe0TpVKLf7SXC8HfDyIweHwMW3QgO2DWrvI4BV/T +ckBatRNQ90HxkqGFhC/Mp529lQlyg3ifxPxJsvZOyPMUnrflAvsKQk5c2ZiQg3nZ +h7I2pjSYgCl+Ib52l8p9bf1kcrVGgPM+auzm496i0RPobFeDBoBvSoznJktHJ7+3 +NnZH+jLiZCODiQPGtQUi+T6eIZUIJF0YASpsCCtUzXCxwW3lYIDNy7UlMivF +-----END RSA PRIVATE KEY-----