Stage1: allow signing with ecc384/sha384

2023-08-21 13:23:32 +02:00 · 2023-08-21 13:23:32 +02:00 · 0babaae04a
parent e0d9e65892
commit 0babaae04a
5 changed files with 14 additions and 11 deletions
--- a/config/examples/x86_fsp_qemu.config
+++ b/config/examples/x86_fsp_qemu.config
@ -1,8 +1,8 @@
 ARCH=x86_64
 TARGET=x86_fsp_qemu
 WOLFBOOT_SMALL_STACK=1
-SIGN?=ECC256
-HASH?=SHA256
+SIGN?=ECC384
+HASH?=SHA384
 DEBUG=1
 SPMATH=1
 FORCE_32BIT=1
@ -30,6 +30,7 @@ WOLFBOOT_DATA_ADDRESS=0x1000000
 FSP_M_BASE=0xffe30000
 FSP_S_BASE=0xffed6000
 FSP_T_BASE=0xfffe0000
+FSP_S_LOAD_BASE=0x0FED5F00
 WOLFBOOT_ORIGIN=0xfffa0000
 LINUX_PAYLOAD=1

--- a/config/examples/x86_fsp_qemu_tpm.config
+++ b/config/examples/x86_fsp_qemu_tpm.config
@ -1,14 +1,14 @@
 ARCH=x86_64
 TARGET=x86_fsp_qemu
 WOLFBOOT_SMALL_STACK=1
-SIGN?=ECC256
-HASH?=SHA256
+SIGN?=ECC384
+HASH?=SHA384
 DEBUG=1
 SPMATH=1
 FORCE_32BIT=1
 ENCRYPTION=0
 WOLFBOOT_FIXED_PARTITIONS=1
-WOLFBOOT_PARTITION_SIZE=0x800000
+WOLFBOOT_PARTITION_SIZE=0x8000000
 WOLFTPM=1

 # TPM Keystore options
@ -30,7 +30,8 @@ WOLFBOOT_DATA_ADDRESS=0x1000000
 FSP_M_BASE=0xffe30000
 FSP_S_BASE=0xffed6000
 FSP_T_BASE=0xfffe0000
-WOLFBOOT_ORIGIN=0xffff0000
+FSP_S_LOAD_BASE=0x0FED5F00
+WOLFBOOT_ORIGIN=0xfffa0000
 LINUX_PAYLOAD=1

 BOOTLOADER_PARTITION_SIZE=0xa0000
@ -39,3 +40,4 @@ MACHINE_OBJ=src/x86/qemu_fsp.o
 FSP_T_BIN=./src/x86/fsp_t.bin
 FSP_M_BIN=./src/x86/fsp_m.bin
 FSP_S_BIN=./src/x86/fsp_s.bin
+STAGE1_AUTH=1
--- a/stage1/x86_fsp.mk
+++ b/stage1/x86_fsp.mk
@ -1,5 +1,5 @@
 SIGN_TOOL?=../tools/keytools/sign
-SIGN_OPTIONS?=--ecc256 --sha256
+SIGN_OPTIONS?=--ecc384 --sha384
 SIGN_KEY?=../wolfboot_signing_private_key.der
 X86FSP_PATH?=../`dirname $(FSP_M_BIN)`

--- a/tools/scripts/qemu64/qemu64dbg.sh
+++ b/tools/scripts/qemu64/qemu64dbg.sh
@ -1,5 +1,5 @@
 #!/bin/bash
-qemu-system-x86_64 -m 8G -machine q35 -serial mon:stdio -nographic  \
-    -pflash loader.bin -drive id=mydisk,format=raw,file=app.bin,if=none \
+qemu-system-x86_64 -m 1G -machine q35 -serial mon:stdio -nographic  \
+    -pflash wolfboot_stage1.bin -drive id=mydisk,format=raw,file=app.bin,if=none \
    -device ide-hd,drive=mydisk -S -s

--- a/tools/scripts/qemu64/sign_linux.sh
+++ b/tools/scripts/qemu64/sign_linux.sh
@ -1,7 +1,7 @@

 cp /tmp/br-linux-wolfboot/output/images/bzImage .
-tools/keytools/sign --ecc256 --sha256 bzImage wolfboot_signing_private_key.der 8
-tools/keytools/sign --ecc256 --sha256 bzImage wolfboot_signing_private_key.der 2
+tools/keytools/sign --ecc384 --sha384 bzImage wolfboot_signing_private_key.der 8
+tools/keytools/sign --ecc384 --sha384 bzImage wolfboot_signing_private_key.der 2

 cp base-part-image app.bin
 dd if=bzImage_v8_signed.bin of=app.bin bs=1k seek=1024 conv=notrunc