commit 9ea1e75805cfb7523729c5f5d48df0d05ced1b11
author Joel Kitching <kitching@google.com> Wed Jun 16 05:23:19 2021 +0800
committer Commit Bot <commit-bot@chromium.org> Mon Jul 05 02:46:24 2021 +0000
tree 5ce8f16f296b745a800762c42e76e7889ac34d54
parent b95414c73b1b44485a072abdd55e0d8f965deb9d

vboot: introduce minios_kernel.keyblock

miniOS requires a distinct kernel data key, whose dev key pair
is added in this CL as minios_kernel_data_key.vb{pub,priv}k.

A distinct keyblock is also required.  The keyblock should set
the kernel keyblock flag MINIOS_1.  Other keyblocks are modified
appropriately to set MINIOS_0.  Keyblocks were generated using
the following commands:

$ futility vbutil_keyblock
    --flags 23
    --datapubkey tests/devkeys/ec_data_key.vbpubk
    --signprivate tests/devkeys/ec_root_key.vbprivk
    --pack tests/devkeys/ec.keyblock

Keyblock file:        tests/devkeys/ec.keyblock
Signature             valid
Flags:                23  !DEV DEV !REC !MINIOS
Data key algorithm:   7 RSA4096 SHA256
Data key version:     1
Data key sha1sum:     5833470fe934be76753cb6501dbb8fbf88ab272b

$ futility vbutil_keyblock
    --flags 23
    --datapubkey tests/devkeys/firmware_data_key.vbpubk
    --signprivate tests/devkeys/root_key.vbprivk
    --pack tests/devkeys/firmware.keyblock

Keyblock file:        tests/devkeys/firmware.keyblock
Signature             valid
Flags:                23  !DEV DEV !REC !MINIOS
Data key algorithm:   7 RSA4096 SHA256
Data key version:     1
Data key sha1sum:     e2c1c92d7d7aa7dfed5e8375edd30b7ae52b7450

$ futility vbutil_keyblock
    --flags 27
    --datapubkey tests/devkeys/recovery_kernel_data_key.vbpubk
    --signprivate tests/devkeys/recovery_key.vbprivk
    --pack tests/devkeys/recovery_kernel.keyblock

Keyblock file:        tests/devkeys/recovery_kernel.keyblock
Signature             valid
Flags:                27  !DEV DEV REC !MINIOS
Data key algorithm:   11 RSA8192 SHA512
Data key version:     1
Data key sha1sum:     e78ce746a037837155388a1096212ded04fb86eb

$ futility vbutil_keyblock
    --flags 43
    --datapubkey tests/devkeys/minios_kernel_data_key.vbpubk
    --signprivate tests/devkeys/recovery_key.vbprivk
    --pack tests/devkeys/minios_kernel.keyblock

Keyblock file:        tests/devkeys/minios_kernel.keyblock
Signature             valid
Flags:                43  !DEV DEV REC MINIOS
Data key algorithm:   8 RSA4096 SHA512
Data key version:     1
Data key sha1sum:     65441886bc54cbfe3a7308b650806f4b61d8d142

$ futility vbutil_keyblock
    --flags 23
    --datapubkey tests/devkeys/kernel_data_key.vbpubk
    --signprivate tests/devkeys/kernel_subkey.vbprivk
    --pack tests/devkeys/kernel.keyblock

Keyblock file:        tests/devkeys/kernel.keyblock
Signature             valid
Flags:                23  !DEV DEV !REC !MINIOS
Data key algorithm:   4 RSA2048 SHA256
Data key version:     1
Data key sha1sum:     d6170aa480136f1f29cf339a5ab1b960585fa444

$ futility vbutil_keyblock
    --flags 26
    --datapubkey tests/devkeys/installer_kernel_data_key.vbpubk
    --signprivate tests/devkeys/recovery_key.vbprivk
    --pack tests/devkeys/installer_kernel.keyblock

Keyblock file:        tests/devkeys/installer_kernel.keyblock
Signature             valid
Flags:                26  DEV REC !MINIOS
Data key algorithm:   11 RSA8192 SHA512
Data key version:     1
Data key sha1sum:     e78ce746a037837155388a1096212ded04fb86eb

BUG=b:188121855
TEST=make clean && make runtests
BRANCH=none

Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I5b3e4def83ff29ca156b3c84dfcb8398f4985e67
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2965485
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>