meta-aspeed: Add development key for socsec sign
Add a development (insecure, also known as 'imprint') key to
u-boot-aspeed-sdk that can be used through socsec for signing the SPL on
ASPEED AST2600 devices.
The keypair was generated according to socsec's documentation, using:
$ openssl genrsa -out rsa_oem_dss_key.pem 4096
$ openssl rsa -in rsa_oem_dss_key.pem -pubout \
-out rsa_pub_oem_dss_key.pem
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Change-Id: I9c03ed9603d7362e033862dd1e5138ba7164f13d
diff --git a/meta-aspeed/recipes-bsp/u-boot/files/rsa_oem_dss_key.pem b/meta-aspeed/recipes-bsp/u-boot/files/rsa_oem_dss_key.pem
new file mode 100644
index 0000000..a3474c4
--- /dev/null
+++ b/meta-aspeed/recipes-bsp/u-boot/files/rsa_oem_dss_key.pem
@@ -0,0 +1,59 @@
+# U-Boot SPL 'Insecure' key (also known as 'development' or
+# 'imprint' key), used to sign development images of the ASPEED
+# AST2600 boards' U-boot SPL. This key SHOULD NOT be used to
+# sign production images.
+# This key is 4096 bits in size and any key overriding it must
+# also change the SOCSEC_SIGN_ALGO variable.
+# See meta-aspeed/classes/socsec-sign.bbclass for more info.
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEA6hC1IHlB4SqRbesC8BtC00icAYUuYmAiO6CHCyph2Pv2CQT5
+Yct8WSKA/6kNAUpsJwlM18ZX0yMcGVZeS9058hgZdMgoDC57Jw5Tw5foN6CBBF72
+oJM5Z+wAjD41jiX1T2tsCvlWLeNOS1RcqViLDOdk++olpVgsSlAvW23DmblVxVhz
+67L55vK6lc4r/VcVtHJ2bdehjk6j/BcehdQchhz76fpL9EBZJ1tm9k+m7aRhhRqf
+BJUP5/Jl1+paRY1dBDVzjmE+DneVYvBuMfvh3gQlQVwomsdImH/VuWQc9xAozacB
+s6RtWHxIS+uf9qUDR622mKueKojH3PPMO+4su5EGRNKAAH9dS356pqhzpmZvgFvU
+J7zZFxQBfjpMrF+fGHUD0QkUofAxlpeyldv/+ubxzwUm0PrYGIhowuPItT7/ASqz
+xCKa/dfYVCTlPSJOP+Wi00pJBZOFuDk4HHao98BCUeGE4t065Di81GZ2F9amf5B/
+/jIjkM3o9vrThe3GWbWtP3kmw7OQyMeUzUKxIUTq3cvblNpo80gfYzYwWQakjhE6
+aV7xLQIxv28c8I2JrsvjXQIAg77W/XdT/+rS53k3DgrcjK7l7nWjmOxXr6p9f9fF
+HXF/fmEYeeuK6NaFH24LW97jk+IRjv8ig29ZyrzEctuzky80lHcVFYnE/3cCAwEA
+AQKCAgAqf0wTkFCIzEzJU0EeTSTN7cH9eKvaSrAMeXHrcg9/8QdTzeZlfieem2gm
+gxAMavHGCKc+ChIKELbaVtcaGRmbPgrpLCoxRAMyLSTCP4N3Dho+q+tFblWe67eR
+vv3ESFoIyG0+dNTT0hB2FuQYDy538k9gebvKEH9CItrmU8CO2ZqcERpC8iTzbKC5
+8EwGXFhhgeLEwMDhcJ/PdnchP0jKhNqsObiuqTxGrA6+q+mX/h+Cpjm3AEV6DIW3
+NSKcvDTmPbo0YK1+vPGPnC21v5Db2Y7WFiB9Ma+ZmKQ6W9Xyeame5TKm5jTAOxh5
+SFer1XwJ+J1NjONTv6/iCxXKz8ypDJ9wiFQ7Hb3u84+jQiTWhjpFbnvT3lkN+Z8i
+Q7z7QSYcIGHdH1q9x/LkuG5zzGB0yRMAnayzUiyTyQbNRZZHbB4mNB1zWFocUwv5
+bpnACt5NtsxwCJHVZRpffBcekM0AjKXWQ4oxJPcAmhqh2MIu4vmEG6cfMYGP+dpP
+R2unAbs3kSAEwvZaydPZmgi9TYLViYWrxXuloGBow1naisQCY3R9XVzLYmCVEvng
+20C7odj8or+Qrx6qa1m06RLUsHexKyniIYLbwfPcHIf9afdKv7N/ruGH4u+Nv/2B
+I62a9IfOUobBBnSbeA5nHk9bC2G2MBUCwW9jP1Vd4TcXwJwmsQKCAQEA98gY0ZGC
+rlj/SOxTYo/6GSfmjHeXJzxWXmH6UDFUMphkaO0RWa/cq2szShdaQa2JKrU4G5xR
+K+hYKSotlWb5EjQPQX5uaieI61UWsPbAqs6MSqZyYvgDKeBV40urXrR5ImivsUAO
+DKwoNMa4z8JIaKdHB0kT1vK9G/QiLPtJ6Wh8q0+hp+1T/IodXOR3zFHkURJVwVob
+Wbas0ZXXMhi1ywO7ZmZRXpnNOQv/m09hBUYGwITAp/KBxaeseGxhR3r6l9rmNtJI
+i40/90QHMCXtEwHRvUGTOP8he2n4AhhXQrlr3WOqFrku3y1e+BfLFEOo92j+WjA3
+skFsQsFy8motrwKCAQEA8dQlQMqeC69+ldd/64xaaqa5LuxLhPY5aYu5d3OCuoTF
+l6cviKut3h18QLyuy28ZFaI1b/pPS8lvZntw6ryXGNutH6sz0Wtf0Joe/2JT1ZLs
+Ra2Np0VZcJmlaFk0XC/CX344gGv5CqSwPqtNn2/Ej76ReRLh0q/hdJdTqKtTHYMe
+t3VDZIJwrd5iqFH8Yygd/FFqIfgPSRo1V7ylXj9UEke2zy82dki2kBeeMo+wDLGV
+rULejvN9h8IVBK0bBymBSjLXcSN5q4T092lGAV6aMBRcD5n2g6RMeFGE9oimfIWy
+WmThXgV6O1OQYA7t6SxCDAcfQZc41Zj2y3dOhPDEuQKCAQBN9MNyM9Ckn9V5kPjP
+GrM59ObBLOL+cipOOY8yacKuxGla5bM+v2iy+eBCIETCQyHTsP49GZokMU6DbQS4
+a5RTWNOv7GI6vcODHtsrxAZr9t4GooV8g8EjDLSY9XauLiOqYrtcDeYdsJBZwmfk
+3aBAZNig/ynhx68du1qBQnJHoBsRHtWiarWwz5dbYXoba2xk4VrfoUTXnfSTYAw7
+c7DGdZ8hIXHaTJNXrmG18Gx650Q6j8m5TT/s+sr1fEvC3Hs5CaLCfrhaR49ncRy9
+1kDXaQwe+iGingpftMBVkGjr0kCQf8nEqnCHwNOPRJUdBAiGBp93qpHrYE/6VLig
+ci17AoIBAQC3+F0y0jGz0Blr4tqFFmw+kIF2qfq1tx9sJQi+T9jXDmTHfz+RKJIH
+1MSO9zu+tdEOfS1L98/VZvPhsezwFvKXzZ8B5ZtxKM9mgaktPd9rLe+i/moyI3bs
+S2bjYGGN9CNZxEs1n26BY1JVCrrtnPibJi3DPtMfFgBdUzYordV4MSTwCjxvvS/9
+hZ3mUSDBSmataj5kgzMVuON10KS5c1IA6h+vtEopaB3CtsT50AftUDf+7E0l0STh
+X4vf19Uk+LVL/iuZ/ZP1IRu/EI5aQl7oTsTOdaFs+lPWgKW3a7PELW3GiNJOVbps
+YaEHArSJW8sPHWfw3Rs2m7y8gxHv3r65AoIBAQCmrMwqEnN3J4S0rx62/Kohkfqo
+QQNnG/r4d07z0UbBheO2PRWFqBbyv32j3stoQeNmbA1Fzn6Wsx434o5n/VyA+g9D
+dRc4X0l46UAPkuZrB20vxgso06QkPtSy7IFVGgqKYy+JG94me5nfIRUhqqF57N+x
+gR73fSnykARPFqvG8XG78Aki43U9gQUlq0094eenZu4ikZq1bHslR4/zPMGzwHzb
+6gMk5/nAdCrI9F1mKmSt3AnfpkWIYiGZUIoOnv12+dUZc7E5sT+cUI2JZr1CegJ1
+c4XKN2hkZb4MP95cE4rh7DGodZDW5KjiViXHVExUrdv3jBoZlX+Af6atm0K0
+-----END RSA PRIVATE KEY-----
diff --git a/meta-aspeed/recipes-bsp/u-boot/files/rsa_pub_oem_dss_key.pem b/meta-aspeed/recipes-bsp/u-boot/files/rsa_pub_oem_dss_key.pem
new file mode 100644
index 0000000..e380017
--- /dev/null
+++ b/meta-aspeed/recipes-bsp/u-boot/files/rsa_pub_oem_dss_key.pem
@@ -0,0 +1,18 @@
+# Public portion of the U-Boot SPL 'Insecure' key kept here
+# as a convenience.
+# Please refer to 'rsa_oem_dss_key.pem' for more info
+
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6hC1IHlB4SqRbesC8BtC
+00icAYUuYmAiO6CHCyph2Pv2CQT5Yct8WSKA/6kNAUpsJwlM18ZX0yMcGVZeS905
+8hgZdMgoDC57Jw5Tw5foN6CBBF72oJM5Z+wAjD41jiX1T2tsCvlWLeNOS1RcqViL
+DOdk++olpVgsSlAvW23DmblVxVhz67L55vK6lc4r/VcVtHJ2bdehjk6j/BcehdQc
+hhz76fpL9EBZJ1tm9k+m7aRhhRqfBJUP5/Jl1+paRY1dBDVzjmE+DneVYvBuMfvh
+3gQlQVwomsdImH/VuWQc9xAozacBs6RtWHxIS+uf9qUDR622mKueKojH3PPMO+4s
+u5EGRNKAAH9dS356pqhzpmZvgFvUJ7zZFxQBfjpMrF+fGHUD0QkUofAxlpeyldv/
++ubxzwUm0PrYGIhowuPItT7/ASqzxCKa/dfYVCTlPSJOP+Wi00pJBZOFuDk4HHao
+98BCUeGE4t065Di81GZ2F9amf5B//jIjkM3o9vrThe3GWbWtP3kmw7OQyMeUzUKx
+IUTq3cvblNpo80gfYzYwWQakjhE6aV7xLQIxv28c8I2JrsvjXQIAg77W/XdT/+rS
+53k3DgrcjK7l7nWjmOxXr6p9f9fFHXF/fmEYeeuK6NaFH24LW97jk+IRjv8ig29Z
+yrzEctuzky80lHcVFYnE/3cCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb b/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb
index 54884b0..727c62d 100644
--- a/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb
+++ b/meta-aspeed/recipes-bsp/u-boot/u-boot-aspeed-sdk_2019.04.bb
@@ -9,6 +9,10 @@
DEPENDS += "bc-native dtc-native"
SRC_URI_append_df-phosphor-mmc = " file://u-boot-env-ast2600.txt"
+SRC_URI += " \
+ file://rsa_oem_dss_key.pem;sha256sum=64a379979200d39949d3e5b0038e3fdd5548600b2f7077a17e35422336075ad4 \
+ file://rsa_pub_oem_dss_key.pem;sha256sum=40132a694a10af2d1b094b1cb5adab4d6b4db2a35e02d848b2b6a85e60738264 \
+ "
UBOOT_ENV_SIZE_df-phosphor-mmc = "0x10000"
UBOOT_ENV_df-phosphor-mmc = "u-boot-env"