aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Shvetsov <maksims.svecovs@arm.com>2020-02-11 12:41:08 +0000
committerMax Shvetsov <maksims.svecovs@arm.com>2020-02-11 14:04:05 +0000
commit698e231d928752e7877bfd5482c0fca6509108cc (patch)
treeb7c8af35b317c70c9d69a68053831a899e52de64
parent63aa4094fb08d262546afa51d33611a8be0bc4d2 (diff)
downloadtrusted-firmware-a-698e231d928752e7877bfd5482c0fca6509108cc.tar.gz
Fixes ROTPK hash generation for ECDSA encryption
Forced hash generation used to always generate hash via RSA encryption. This patch changes encryption based on ARM_ROTPK_LOCATION. Also removes setting KEY_ALG based on ARM_ROTPL_LOCATION - there is no relation between these two. Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com> Change-Id: Id727d2ed06176a243719fd0adfa0cae26c325005
-rw-r--r--plat/arm/board/common/board_common.mk6
1 files changed, 3 insertions, 3 deletions
diff --git a/plat/arm/board/common/board_common.mk b/plat/arm/board/common/board_common.mk
index da6343045..459156b2a 100644
--- a/plat/arm/board/common/board_common.mk
+++ b/plat/arm/board/common/board_common.mk
@@ -17,7 +17,7 @@ ifneq (${ARM_CRYPTOCELL_INTEG}, 1)
ifeq (${ARM_ROTPK_LOCATION}, regs)
ARM_ROTPK_LOCATION_ID = ARM_ROTPK_REGS_ID
else ifeq (${ARM_ROTPK_LOCATION}, devel_rsa)
- KEY_ALG := rsa
+ CRYPTO_ALG=rsa
ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_RSA_ID
ARM_ROTPK_HASH = plat/arm/board/common/rotpk/arm_rotpk_rsa_sha256.bin
$(eval $(call add_define_val,ARM_ROTPK_HASH,'"$(ARM_ROTPK_HASH)"'))
@@ -25,7 +25,7 @@ $(BUILD_PLAT)/bl2/arm_dev_rotpk.o : $(ARM_ROTPK_HASH)
$(warning Development keys support for FVP is deprecated. Use `regs` \
option instead)
else ifeq (${ARM_ROTPK_LOCATION}, devel_ecdsa)
- KEY_ALG := ecdsa
+ CRYPTO_ALG=ec
ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_ECDSA_ID
ARM_ROTPK_HASH = plat/arm/board/common/rotpk/arm_rotpk_ecdsa_sha256.bin
$(eval $(call add_define_val,ARM_ROTPK_HASH,'"$(ARM_ROTPK_HASH)"'))
@@ -50,7 +50,7 @@ $(ARM_ROTPK_HASH) : $(HASH_PREREQUISITES)
ifndef ROT_KEY
$(error Cannot generate hash: no ROT_KEY defined)
endif
- openssl rsa -in $< -pubout -outform DER | openssl dgst \
+ openssl ${CRYPTO_ALG} -in $< -pubout -outform DER | openssl dgst \
-sha256 -binary > $@
# Certificate NV-Counters. Use values corresponding to tied off values in