{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":318105082,"defaultBranch":"master","name":"socsec","ownerLogin":"AspeedTech-BMC","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2020-12-03T07:02:34.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/43897101?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1711434677.0","currentOid":""},"activityList":{"items":[{"before":"2efb0fe10233b5bb27a13582070e0cc7e911ff7e","after":"3ffcbe6ee9c324b8fbff3aeeb768b7031242113d","ref":"refs/heads/master","pushedAt":"2024-03-26T06:31:09.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"aspeedkevin","name":null,"path":"/aspeedkevin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/109617401?s=80&v=4"},"commit":{"message":"requirements: package version upgrade\n\nPackage version upgrade to fix CVE.\n1. PyCryptodome and pycryptodomex side-channel leakage for OAEP\n   decryption\n   https://github.com/AspeedTech-BMC/socsec/security/dependabot/1\n2. Minerva timing attack on P-256 in python-ecdsa\n   https://github.com/AspeedTech-BMC/socsec/security/dependabot/2\n\nSigned-off-by: Neal Liu <neal_liu@aspeedtech.com>\nChange-Id: Ic6dc48da8d5e260a10c39297a64e3b8bda93abcb","shortMessageHtmlLink":"requirements: package version upgrade"}},{"before":"2efb0fe10233b5bb27a13582070e0cc7e911ff7e","after":null,"ref":"refs/tags/v02.00.04","pushedAt":"2024-03-26T06:28:56.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"aspeedkevin","name":null,"path":"/aspeedkevin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/109617401?s=80&v=4"}},{"before":"2efb0fe10233b5bb27a13582070e0cc7e911ff7e","after":"3ffcbe6ee9c324b8fbff3aeeb768b7031242113d","ref":"refs/heads/develop","pushedAt":"2024-03-26T06:21:14.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Neal-liu","name":"Neal","path":"/Neal-liu","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5592660?s=80&v=4"},"commit":{"message":"requirements: package version upgrade\n\nPackage version upgrade to fix CVE.\n1. PyCryptodome and pycryptodomex side-channel leakage for OAEP\n   decryption\n   https://github.com/AspeedTech-BMC/socsec/security/dependabot/1\n2. Minerva timing attack on P-256 in python-ecdsa\n   https://github.com/AspeedTech-BMC/socsec/security/dependabot/2\n\nSigned-off-by: Neal Liu <neal_liu@aspeedtech.com>\nChange-Id: Ic6dc48da8d5e260a10c39297a64e3b8bda93abcb","shortMessageHtmlLink":"requirements: package version upgrade"}},{"before":null,"after":"2efb0fe10233b5bb27a13582070e0cc7e911ff7e","ref":"refs/heads/develop","pushedAt":"2024-03-26T03:55:58.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"Neal-liu","name":"Neal","path":"/Neal-liu","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5592660?s=80&v=4"},"commit":{"message":"otptool: set ECDSA384 as OEM DSS public key type as need_id\n\nSet ECDSAx OEM DSS key as need_id key type.\n\nSigned-off-by: Neal Liu <neal_liu@aspeedtech.com>\nChange-Id: Ieee9c27d7e372008d728056083d0393c39f48ada","shortMessageHtmlLink":"otptool: set ECDSA384 as OEM DSS public key type as need_id"}},{"before":"c59d228cc04082f5740132ea8cecafb4877ac6cb","after":null,"ref":"refs/heads/develop","pushedAt":"2024-03-26T03:07:42.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"Neal-liu","name":"Neal","path":"/Neal-liu","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5592660?s=80&v=4"}},{"before":"c59d228cc04082f5740132ea8cecafb4877ac6cb","after":"2efb0fe10233b5bb27a13582070e0cc7e911ff7e","ref":"refs/heads/master","pushedAt":"2024-03-26T02:47:00.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"aspeedkevin","name":null,"path":"/aspeedkevin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/109617401?s=80&v=4"},"commit":{"message":"otptool: set ECDSA384 as OEM DSS public key type as need_id\n\nSet ECDSAx OEM DSS key as need_id key type.\n\nSigned-off-by: Neal Liu <neal_liu@aspeedtech.com>\nChange-Id: Ieee9c27d7e372008d728056083d0393c39f48ada","shortMessageHtmlLink":"otptool: set ECDSA384 as OEM DSS public key type as need_id"}},{"before":"6b12629ad364c9fc3a933935e539d467e7ea47cd","after":null,"ref":"refs/tags/v02.00.03","pushedAt":"2023-10-23T07:11:16.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"Neal-liu","name":"Neal","path":"/Neal-liu","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5592660?s=80&v=4"}},{"before":"6b12629ad364c9fc3a933935e539d467e7ea47cd","after":"c59d228cc04082f5740132ea8cecafb4877ac6cb","ref":"refs/heads/master","pushedAt":"2023-10-23T06:25:49.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"Neal-liu","name":"Neal","path":"/Neal-liu","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5592660?s=80&v=4"},"commit":{"message":"socsec: fix verification of secure and OTP images compatibility\n\nFix cfg3 and cfg4 computation when verifying secure and OTP images\ncompatibility.\n\nTested with:\n\n- Generating secure bl1 image with header offset set to 0x10:\n```\nsocsec make_secure_bl1_image \\\n     --soc 2600 \\\n     --algorithm RSA4096_SHA512 \\\n     --rsa_sign_key tests/keys/rsa4096.pem \\\n     --bl1_image tests/data/bl1.bin \\\n     --output tmp/bl1.signed.bin \\\n     --header_offset=0x10\n```\n\n- Generating OTP image based on\n2600-a3_mode2-rsa4096-sha512-little.json with header offset set to 0x10:\n```\ncat tests/otp/2600-a3_mode2-rsa4096-sha512-little.json\n...\n    \"config_region\": {\n        \"Secure Boot Mode\": \"Mode_2\",\n        \"Secure crypto RSA length\": \"RSA4096\",\n        \"Hash mode\": \"SHA512\",\n        \"Enable image encryption\": false,\n        \"Secure boot header offset\": \"0x10\"\n    },\n...\n\notptool make_otp_image --key_folder tests/keys/ tests/otp/2600-a3_mode2-rsa4096-sha512-little.json --output_folder tmp\n```\n\n- Verifying secure and OTP images compatibility:\n```\nsocsec verify --sec_image tmp/bl1.signed.bin --otp_image tmp/otp-all.image\nAlgorithm: RSA_SHA\nRSA length: 4096\nHASH length: 512\ncheck RoT header PASS\nVerify key ...\nKey Type: OEM DSS RSA public keys\nID: 0\nM:\n00000000: 41 C0 57 A3 B4 FC 52 14  73 A0 DA 00 31 E7 E6 70  A.W...R.s...1..p\n00000010: 78 AD 2E 3C 8C 0C 97 76  D2 37 C8 DE 89 95 40 C5  x..<...v.7....@.\n00000020: 74 7B 61 52 E6 04 AF CE  82 CF 0A 27 50 32 B8 56  t{aR.......'P2.V\n00000030: 50 88 C4 63 BC DA 4D 83  E6 75 5C 31 87 0B 27 76  P..c..M..u\\1..'v\n00000040: 14 DA 54 EA E7 45 29 C2  E7 04 82 FD 82 F3 FC 35  ..T..E)........5\n00000050: 4E A1 A5 26 69 A3 B6 C5  7A 0F B2 D0 0B 71 F2 FC  N..&i...z....q..\n00000060: C7 34 1E A6 B3 75 A6 92  C7 E5 AB 58 6E 8E 6F 0C  .4...u.....Xn.o.\n00000070: 6D 94 2D 66 86 3D F3 46  32 74 E6 72 45 17 48 18  m.-f.=.F2t.rE.H.\n00000080: 2D 98 5B AA B3 C8 78 05  A6 C2 97 97 A6 AE E3 E6  -.[...x.........\n00000090: 38 4C 44 CA A0 83 12 BA  8B 19 EA 7B 46 59 43 EE  8LD........{FYC.\n000000A0: 2C EE AC 2F EF 4F 95 B2  09 49 DA 61 60 D5 DB 1F  ,../.O...I.a`...\n000000B0: E3 D3 5C 67 B6 33 9C 12  7A B6 84 5A 28 3A F0 F2  ..\\g.3..z..Z(:..\n000000C0: 29 AC A7 52 2F EF F8 5B  AD A9 7C FA FE 5F FA 7C  )..R/..[..|.._.|\n000000D0: E0 90 2A 28 F9 74 6C F8  99 C5 9C A7 3B 41 54 B0  ..*(.tl.....;AT.\n000000E0: 2C A0 55 D7 D0 29 21 0B  FD E4 B1 E4 CD 88 15 CB  ,.U..)!.........\n000000F0: 5F A1 0F 3D 40 3B D0 E2  96 B1 EF B4 3D 90 B1 77  _..=@;......=..w\n00000100: 8A ED 44 C9 8A 62 8A 08  B5 68 26 29 E9 F0 B5 31  ..D..b...h&)...1\n00000110: B4 16 CC E8 C2 CF 8F 8B  48 9F 6B 12 6B 6B 97 26  ........H.k.kk.&\n00000120: 13 DB DF 81 23 C6 04 5E  8C 4F 71 13 98 B7 65 11  ....#..^.Oq...e.\n00000130: E0 69 56 84 02 3F 09 F7  06 C5 9C D1 A3 56 3A 75  .iV..?.......V:u\n00000140: 82 1F 40 E8 47 72 83 5C  4A A9 2E 74 AD A2 5B 1E  ..@.Gr.\\J..t..[.\n00000150: 20 E2 FF 97 C5 D5 AF 97  27 4B DB A2 B2 A3 F5 20   .......'K.....\n00000160: 05 69 76 25 74 B3 F4 E1  7D A6 A4 AC 4B EA C5 7A  .iv%t...}...K..z\n00000170: 4A 3F 11 85 87 32 4E 1D  BE 56 65 E3 BE 78 10 68  J?...2N..Ve..x.h\n00000180: E9 33 BC CF 37 EB 10 EB  1F 9F 6B A0 5B AC 73 9B  .3..7.....k.[.s.\n00000190: 71 F0 94 59 14 5C 7B 8C  C2 FC B0 AB 11 B0 CE B5  q..Y.\\{.........\n000001A0: 3C CA E2 0E 5A 3D 1A 48  69 6B 69 B5 EF A6 65 75  <...Z=.Hiki...eu\n000001B0: 11 B5 32 B3 F8 25 06 D8  C5 56 57 2A 42 96 68 43  ..2..%...VW*B.hC\n000001C0: 0B 84 51 57 44 75 C4 33  61 E4 E6 E8 1B B3 74 C7  ..QWDu.3a.....t.\n000001D0: 67 5D E4 C0 50 1F 8F 8D  74 F4 51 96 35 A4 CE C7  g]..P...t.Q.5...\n000001E0: F0 02 D4 53 7E B6 FA FC  BB A8 BB BC A1 F7 56 29  ...S~.........V)\n000001F0: E4 5F DC C1 04 D3 FA A7  3A 05 A5 57 B7 1E EA AB  ._......:..W....\nE:\n00000000: 01 00 01                                          ...\ncheck RoT integrity PASS\n```\n\nFixes #17\n\nSigned-off-by: Neal Liu <neal_liu@aspeedtech.com>\nChange-Id: I03310e149dad5cf8ecbbb29c933785f3e158384e","shortMessageHtmlLink":"socsec: fix verification of secure and OTP images compatibility"}},{"before":"6b12629ad364c9fc3a933935e539d467e7ea47cd","after":"c59d228cc04082f5740132ea8cecafb4877ac6cb","ref":"refs/heads/develop","pushedAt":"2023-10-23T06:25:22.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"Neal-liu","name":"Neal","path":"/Neal-liu","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5592660?s=80&v=4"},"commit":{"message":"socsec: fix verification of secure and OTP images compatibility\n\nFix cfg3 and cfg4 computation when verifying secure and OTP images\ncompatibility.\n\nTested with:\n\n- Generating secure bl1 image with header offset set to 0x10:\n```\nsocsec make_secure_bl1_image \\\n     --soc 2600 \\\n     --algorithm RSA4096_SHA512 \\\n     --rsa_sign_key tests/keys/rsa4096.pem \\\n     --bl1_image tests/data/bl1.bin \\\n     --output tmp/bl1.signed.bin \\\n     --header_offset=0x10\n```\n\n- Generating OTP image based on\n2600-a3_mode2-rsa4096-sha512-little.json with header offset set to 0x10:\n```\ncat tests/otp/2600-a3_mode2-rsa4096-sha512-little.json\n...\n    \"config_region\": {\n        \"Secure Boot Mode\": \"Mode_2\",\n        \"Secure crypto RSA length\": \"RSA4096\",\n        \"Hash mode\": \"SHA512\",\n        \"Enable image encryption\": false,\n        \"Secure boot header offset\": \"0x10\"\n    },\n...\n\notptool make_otp_image --key_folder tests/keys/ tests/otp/2600-a3_mode2-rsa4096-sha512-little.json --output_folder tmp\n```\n\n- Verifying secure and OTP images compatibility:\n```\nsocsec verify --sec_image tmp/bl1.signed.bin --otp_image tmp/otp-all.image\nAlgorithm: RSA_SHA\nRSA length: 4096\nHASH length: 512\ncheck RoT header PASS\nVerify key ...\nKey Type: OEM DSS RSA public keys\nID: 0\nM:\n00000000: 41 C0 57 A3 B4 FC 52 14  73 A0 DA 00 31 E7 E6 70  A.W...R.s...1..p\n00000010: 78 AD 2E 3C 8C 0C 97 76  D2 37 C8 DE 89 95 40 C5  x..<...v.7....@.\n00000020: 74 7B 61 52 E6 04 AF CE  82 CF 0A 27 50 32 B8 56  t{aR.......'P2.V\n00000030: 50 88 C4 63 BC DA 4D 83  E6 75 5C 31 87 0B 27 76  P..c..M..u\\1..'v\n00000040: 14 DA 54 EA E7 45 29 C2  E7 04 82 FD 82 F3 FC 35  ..T..E)........5\n00000050: 4E A1 A5 26 69 A3 B6 C5  7A 0F B2 D0 0B 71 F2 FC  N..&i...z....q..\n00000060: C7 34 1E A6 B3 75 A6 92  C7 E5 AB 58 6E 8E 6F 0C  .4...u.....Xn.o.\n00000070: 6D 94 2D 66 86 3D F3 46  32 74 E6 72 45 17 48 18  m.-f.=.F2t.rE.H.\n00000080: 2D 98 5B AA B3 C8 78 05  A6 C2 97 97 A6 AE E3 E6  -.[...x.........\n00000090: 38 4C 44 CA A0 83 12 BA  8B 19 EA 7B 46 59 43 EE  8LD........{FYC.\n000000A0: 2C EE AC 2F EF 4F 95 B2  09 49 DA 61 60 D5 DB 1F  ,../.O...I.a`...\n000000B0: E3 D3 5C 67 B6 33 9C 12  7A B6 84 5A 28 3A F0 F2  ..\\g.3..z..Z(:..\n000000C0: 29 AC A7 52 2F EF F8 5B  AD A9 7C FA FE 5F FA 7C  )..R/..[..|.._.|\n000000D0: E0 90 2A 28 F9 74 6C F8  99 C5 9C A7 3B 41 54 B0  ..*(.tl.....;AT.\n000000E0: 2C A0 55 D7 D0 29 21 0B  FD E4 B1 E4 CD 88 15 CB  ,.U..)!.........\n000000F0: 5F A1 0F 3D 40 3B D0 E2  96 B1 EF B4 3D 90 B1 77  _..=@;......=..w\n00000100: 8A ED 44 C9 8A 62 8A 08  B5 68 26 29 E9 F0 B5 31  ..D..b...h&)...1\n00000110: B4 16 CC E8 C2 CF 8F 8B  48 9F 6B 12 6B 6B 97 26  ........H.k.kk.&\n00000120: 13 DB DF 81 23 C6 04 5E  8C 4F 71 13 98 B7 65 11  ....#..^.Oq...e.\n00000130: E0 69 56 84 02 3F 09 F7  06 C5 9C D1 A3 56 3A 75  .iV..?.......V:u\n00000140: 82 1F 40 E8 47 72 83 5C  4A A9 2E 74 AD A2 5B 1E  ..@.Gr.\\J..t..[.\n00000150: 20 E2 FF 97 C5 D5 AF 97  27 4B DB A2 B2 A3 F5 20   .......'K.....\n00000160: 05 69 76 25 74 B3 F4 E1  7D A6 A4 AC 4B EA C5 7A  .iv%t...}...K..z\n00000170: 4A 3F 11 85 87 32 4E 1D  BE 56 65 E3 BE 78 10 68  J?...2N..Ve..x.h\n00000180: E9 33 BC CF 37 EB 10 EB  1F 9F 6B A0 5B AC 73 9B  .3..7.....k.[.s.\n00000190: 71 F0 94 59 14 5C 7B 8C  C2 FC B0 AB 11 B0 CE B5  q..Y.\\{.........\n000001A0: 3C CA E2 0E 5A 3D 1A 48  69 6B 69 B5 EF A6 65 75  <...Z=.Hiki...eu\n000001B0: 11 B5 32 B3 F8 25 06 D8  C5 56 57 2A 42 96 68 43  ..2..%...VW*B.hC\n000001C0: 0B 84 51 57 44 75 C4 33  61 E4 E6 E8 1B B3 74 C7  ..QWDu.3a.....t.\n000001D0: 67 5D E4 C0 50 1F 8F 8D  74 F4 51 96 35 A4 CE C7  g]..P...t.Q.5...\n000001E0: F0 02 D4 53 7E B6 FA FC  BB A8 BB BC A1 F7 56 29  ...S~.........V)\n000001F0: E4 5F DC C1 04 D3 FA A7  3A 05 A5 57 B7 1E EA AB  ._......:..W....\nE:\n00000000: 01 00 01                                          ...\ncheck RoT integrity PASS\n```\n\nFixes #17\n\nSigned-off-by: Neal Liu <neal_liu@aspeedtech.com>\nChange-Id: I03310e149dad5cf8ecbbb29c933785f3e158384e","shortMessageHtmlLink":"socsec: fix verification of secure and OTP images compatibility"}},{"before":"6b12629ad364c9fc3a933935e539d467e7ea47cd","after":null,"ref":"refs/tags/v02.00.03","pushedAt":"2023-10-20T04:04:06.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"aspeedkevin","name":null,"path":"/aspeedkevin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/109617401?s=80&v=4"}},{"before":"078b26c7b452dc32ba2a5fcdc4f94b493b58925a","after":"6b12629ad364c9fc3a933935e539d467e7ea47cd","ref":"refs/heads/master","pushedAt":"2023-10-20T03:44:16.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"aspeedkevin","name":null,"path":"/aspeedkevin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/109617401?s=80&v=4"},"commit":{"message":"socsec: fix verification of secure and OTP images compatibility\n\nFix cfg3 and cfg4 computation when verifying secure and OTP images\ncompatibility.\n\nTested with:\n\n- Generating secure bl1 image with header offset set to 0x10:\n```\nsocsec make_secure_bl1_image \\\n     --soc 2600 \\\n     --algorithm RSA4096_SHA512 \\\n     --rsa_sign_key tests/keys/rsa4096.pem \\\n     --bl1_image tests/data/bl1.bin \\\n     --output tmp/bl1.signed.bin \\\n     --header_offset=0x10\n```\n\n- Generating OTP image based on\n2600-a3_mode2-rsa4096-sha512-little.json with header offset set to 0x10:\n```\ncat tests/otp/2600-a3_mode2-rsa4096-sha512-little.json\n...\n    \"config_region\": {\n        \"Secure Boot Mode\": \"Mode_2\",\n        \"Secure crypto RSA length\": \"RSA4096\",\n        \"Hash mode\": \"SHA512\",\n        \"Enable image encryption\": false,\n        \"Secure boot header offset\": \"0x10\"\n    },\n...\n\notptool make_otp_image --key_folder tests/keys/ tests/otp/2600-a3_mode2-rsa4096-sha512-little.json --output_folder tmp\n```\n\n- Verifying secure and OTP images compatibility:\n```\nsocsec verify --sec_image tmp/bl1.signed.bin --otp_image tmp/otp-all.image\nAlgorithm: RSA_SHA\nRSA length: 4096\nHASH length: 512\ncheck RoT header PASS\nVerify key ...\nKey Type: OEM DSS RSA public keys\nID: 0\nM:\n00000000: 41 C0 57 A3 B4 FC 52 14  73 A0 DA 00 31 E7 E6 70  A.W...R.s...1..p\n00000010: 78 AD 2E 3C 8C 0C 97 76  D2 37 C8 DE 89 95 40 C5  x..<...v.7....@.\n00000020: 74 7B 61 52 E6 04 AF CE  82 CF 0A 27 50 32 B8 56  t{aR.......'P2.V\n00000030: 50 88 C4 63 BC DA 4D 83  E6 75 5C 31 87 0B 27 76  P..c..M..u\\1..'v\n00000040: 14 DA 54 EA E7 45 29 C2  E7 04 82 FD 82 F3 FC 35  ..T..E)........5\n00000050: 4E A1 A5 26 69 A3 B6 C5  7A 0F B2 D0 0B 71 F2 FC  N..&i...z....q..\n00000060: C7 34 1E A6 B3 75 A6 92  C7 E5 AB 58 6E 8E 6F 0C  .4...u.....Xn.o.\n00000070: 6D 94 2D 66 86 3D F3 46  32 74 E6 72 45 17 48 18  m.-f.=.F2t.rE.H.\n00000080: 2D 98 5B AA B3 C8 78 05  A6 C2 97 97 A6 AE E3 E6  -.[...x.........\n00000090: 38 4C 44 CA A0 83 12 BA  8B 19 EA 7B 46 59 43 EE  8LD........{FYC.\n000000A0: 2C EE AC 2F EF 4F 95 B2  09 49 DA 61 60 D5 DB 1F  ,../.O...I.a`...\n000000B0: E3 D3 5C 67 B6 33 9C 12  7A B6 84 5A 28 3A F0 F2  ..\\g.3..z..Z(:..\n000000C0: 29 AC A7 52 2F EF F8 5B  AD A9 7C FA FE 5F FA 7C  )..R/..[..|.._.|\n000000D0: E0 90 2A 28 F9 74 6C F8  99 C5 9C A7 3B 41 54 B0  ..*(.tl.....;AT.\n000000E0: 2C A0 55 D7 D0 29 21 0B  FD E4 B1 E4 CD 88 15 CB  ,.U..)!.........\n000000F0: 5F A1 0F 3D 40 3B D0 E2  96 B1 EF B4 3D 90 B1 77  _..=@;......=..w\n00000100: 8A ED 44 C9 8A 62 8A 08  B5 68 26 29 E9 F0 B5 31  ..D..b...h&)...1\n00000110: B4 16 CC E8 C2 CF 8F 8B  48 9F 6B 12 6B 6B 97 26  ........H.k.kk.&\n00000120: 13 DB DF 81 23 C6 04 5E  8C 4F 71 13 98 B7 65 11  ....#..^.Oq...e.\n00000130: E0 69 56 84 02 3F 09 F7  06 C5 9C D1 A3 56 3A 75  .iV..?.......V:u\n00000140: 82 1F 40 E8 47 72 83 5C  4A A9 2E 74 AD A2 5B 1E  ..@.Gr.\\J..t..[.\n00000150: 20 E2 FF 97 C5 D5 AF 97  27 4B DB A2 B2 A3 F5 20   .......'K.....\n00000160: 05 69 76 25 74 B3 F4 E1  7D A6 A4 AC 4B EA C5 7A  .iv%t...}...K..z\n00000170: 4A 3F 11 85 87 32 4E 1D  BE 56 65 E3 BE 78 10 68  J?...2N..Ve..x.h\n00000180: E9 33 BC CF 37 EB 10 EB  1F 9F 6B A0 5B AC 73 9B  .3..7.....k.[.s.\n00000190: 71 F0 94 59 14 5C 7B 8C  C2 FC B0 AB 11 B0 CE B5  q..Y.\\{.........\n000001A0: 3C CA E2 0E 5A 3D 1A 48  69 6B 69 B5 EF A6 65 75  <...Z=.Hiki...eu\n000001B0: 11 B5 32 B3 F8 25 06 D8  C5 56 57 2A 42 96 68 43  ..2..%...VW*B.hC\n000001C0: 0B 84 51 57 44 75 C4 33  61 E4 E6 E8 1B B3 74 C7  ..QWDu.3a.....t.\n000001D0: 67 5D E4 C0 50 1F 8F 8D  74 F4 51 96 35 A4 CE C7  g]..P...t.Q.5...\n000001E0: F0 02 D4 53 7E B6 FA FC  BB A8 BB BC A1 F7 56 29  ...S~.........V)\n000001F0: E4 5F DC C1 04 D3 FA A7  3A 05 A5 57 B7 1E EA AB  ._......:..W....\nE:\n00000000: 01 00 01                                          ...\ncheck RoT integrity PASS\n```\n\nFixes #17","shortMessageHtmlLink":"socsec: fix verification of secure and OTP images compatibility"}},{"before":"d011dc7cd66934280271165029f9c4273fe5c481","after":"6b12629ad364c9fc3a933935e539d467e7ea47cd","ref":"refs/heads/develop","pushedAt":"2023-08-16T10:11:24.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"Neal-liu","name":"Neal","path":"/Neal-liu","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5592660?s=80&v=4"},"commit":{"message":"socsec: fix verification of secure and OTP images compatibility\n\nFix cfg3 and cfg4 computation when verifying secure and OTP images\ncompatibility.\n\nTested with:\n\n- Generating secure bl1 image with header offset set to 0x10:\n```\nsocsec make_secure_bl1_image \\\n     --soc 2600 \\\n     --algorithm RSA4096_SHA512 \\\n     --rsa_sign_key tests/keys/rsa4096.pem \\\n     --bl1_image tests/data/bl1.bin \\\n     --output tmp/bl1.signed.bin \\\n     --header_offset=0x10\n```\n\n- Generating OTP image based on\n2600-a3_mode2-rsa4096-sha512-little.json with header offset set to 0x10:\n```\ncat tests/otp/2600-a3_mode2-rsa4096-sha512-little.json\n...\n    \"config_region\": {\n        \"Secure Boot Mode\": \"Mode_2\",\n        \"Secure crypto RSA length\": \"RSA4096\",\n        \"Hash mode\": \"SHA512\",\n        \"Enable image encryption\": false,\n        \"Secure boot header offset\": \"0x10\"\n    },\n...\n\notptool make_otp_image --key_folder tests/keys/ tests/otp/2600-a3_mode2-rsa4096-sha512-little.json --output_folder tmp\n```\n\n- Verifying secure and OTP images compatibility:\n```\nsocsec verify --sec_image tmp/bl1.signed.bin --otp_image tmp/otp-all.image\nAlgorithm: RSA_SHA\nRSA length: 4096\nHASH length: 512\ncheck RoT header PASS\nVerify key ...\nKey Type: OEM DSS RSA public keys\nID: 0\nM:\n00000000: 41 C0 57 A3 B4 FC 52 14  73 A0 DA 00 31 E7 E6 70  A.W...R.s...1..p\n00000010: 78 AD 2E 3C 8C 0C 97 76  D2 37 C8 DE 89 95 40 C5  x..<...v.7....@.\n00000020: 74 7B 61 52 E6 04 AF CE  82 CF 0A 27 50 32 B8 56  t{aR.......'P2.V\n00000030: 50 88 C4 63 BC DA 4D 83  E6 75 5C 31 87 0B 27 76  P..c..M..u\\1..'v\n00000040: 14 DA 54 EA E7 45 29 C2  E7 04 82 FD 82 F3 FC 35  ..T..E)........5\n00000050: 4E A1 A5 26 69 A3 B6 C5  7A 0F B2 D0 0B 71 F2 FC  N..&i...z....q..\n00000060: C7 34 1E A6 B3 75 A6 92  C7 E5 AB 58 6E 8E 6F 0C  .4...u.....Xn.o.\n00000070: 6D 94 2D 66 86 3D F3 46  32 74 E6 72 45 17 48 18  m.-f.=.F2t.rE.H.\n00000080: 2D 98 5B AA B3 C8 78 05  A6 C2 97 97 A6 AE E3 E6  -.[...x.........\n00000090: 38 4C 44 CA A0 83 12 BA  8B 19 EA 7B 46 59 43 EE  8LD........{FYC.\n000000A0: 2C EE AC 2F EF 4F 95 B2  09 49 DA 61 60 D5 DB 1F  ,../.O...I.a`...\n000000B0: E3 D3 5C 67 B6 33 9C 12  7A B6 84 5A 28 3A F0 F2  ..\\g.3..z..Z(:..\n000000C0: 29 AC A7 52 2F EF F8 5B  AD A9 7C FA FE 5F FA 7C  )..R/..[..|.._.|\n000000D0: E0 90 2A 28 F9 74 6C F8  99 C5 9C A7 3B 41 54 B0  ..*(.tl.....;AT.\n000000E0: 2C A0 55 D7 D0 29 21 0B  FD E4 B1 E4 CD 88 15 CB  ,.U..)!.........\n000000F0: 5F A1 0F 3D 40 3B D0 E2  96 B1 EF B4 3D 90 B1 77  _..=@;......=..w\n00000100: 8A ED 44 C9 8A 62 8A 08  B5 68 26 29 E9 F0 B5 31  ..D..b...h&)...1\n00000110: B4 16 CC E8 C2 CF 8F 8B  48 9F 6B 12 6B 6B 97 26  ........H.k.kk.&\n00000120: 13 DB DF 81 23 C6 04 5E  8C 4F 71 13 98 B7 65 11  ....#..^.Oq...e.\n00000130: E0 69 56 84 02 3F 09 F7  06 C5 9C D1 A3 56 3A 75  .iV..?.......V:u\n00000140: 82 1F 40 E8 47 72 83 5C  4A A9 2E 74 AD A2 5B 1E  ..@.Gr.\\J..t..[.\n00000150: 20 E2 FF 97 C5 D5 AF 97  27 4B DB A2 B2 A3 F5 20   .......'K.....\n00000160: 05 69 76 25 74 B3 F4 E1  7D A6 A4 AC 4B EA C5 7A  .iv%t...}...K..z\n00000170: 4A 3F 11 85 87 32 4E 1D  BE 56 65 E3 BE 78 10 68  J?...2N..Ve..x.h\n00000180: E9 33 BC CF 37 EB 10 EB  1F 9F 6B A0 5B AC 73 9B  .3..7.....k.[.s.\n00000190: 71 F0 94 59 14 5C 7B 8C  C2 FC B0 AB 11 B0 CE B5  q..Y.\\{.........\n000001A0: 3C CA E2 0E 5A 3D 1A 48  69 6B 69 B5 EF A6 65 75  <...Z=.Hiki...eu\n000001B0: 11 B5 32 B3 F8 25 06 D8  C5 56 57 2A 42 96 68 43  ..2..%...VW*B.hC\n000001C0: 0B 84 51 57 44 75 C4 33  61 E4 E6 E8 1B B3 74 C7  ..QWDu.3a.....t.\n000001D0: 67 5D E4 C0 50 1F 8F 8D  74 F4 51 96 35 A4 CE C7  g]..P...t.Q.5...\n000001E0: F0 02 D4 53 7E B6 FA FC  BB A8 BB BC A1 F7 56 29  ...S~.........V)\n000001F0: E4 5F DC C1 04 D3 FA A7  3A 05 A5 57 B7 1E EA AB  ._......:..W....\nE:\n00000000: 01 00 01                                          ...\ncheck RoT integrity PASS\n```\n\nFixes #17","shortMessageHtmlLink":"socsec: fix verification of secure and OTP images compatibility"}},{"before":"b8993b2dc3e4967d9efc818fa94c77e850f55342","after":"d011dc7cd66934280271165029f9c4273fe5c481","ref":"refs/heads/develop","pushedAt":"2023-08-16T10:09:45.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"Neal-liu","name":"Neal","path":"/Neal-liu","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5592660?s=80&v=4"},"commit":{"message":"otptool: Define value_start in `rev_id` path\n\nFixes:\n\n```\nTraceback (most recent call last):\n  File \"/usr/bin/otptool\", line 29, in <module>\n    tool.run(sys.argv)\n  File \"/usr/lib/python3.11/site-packages/socsec/otptool.py\", line 2127, in run\n    args.func(args)\n  File \"/usr/lib/python3.11/site-packages/socsec/otptool.py\", line 2130, in make_otp_image\n    self.otp.make_otp_image(args.config,\n  File \"/usr/lib/python3.11/site-packages/socsec/otptool.py\", line 1335, in make_otp_image\n    config_region, config_region_ignore = self.make_config_region(\n                                          ^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/lib/python3.11/site-packages/socsec/otptool.py\", line 1042, in make_config_region\n    offset_value = int(value, 16) - value_start\n                                    ^^^^^^^^^^^\nUnboundLocalError: cannot access local variable 'value_start' where it is not associated with a value\n```\n\nSigned-off-by: Andrew Jeffery <andrew@aj.id.au>\nReviewed-by: Neal Liu neal_liu@aspeedtech.com","shortMessageHtmlLink":"otptool: Define value_start in <code>rev_id</code> path"}},{"before":"078b26c7b452dc32ba2a5fcdc4f94b493b58925a","after":"b8993b2dc3e4967d9efc818fa94c77e850f55342","ref":"refs/heads/develop","pushedAt":"2023-08-14T11:14:31.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Neal-liu","name":"Neal","path":"/Neal-liu","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5592660?s=80&v=4"},"commit":{"message":"tests: update testcases for v2.0.2\n\nUpdate testcases for this patch:\ncommit 078b26c7b452 (\"otptool: fix cannot keep updating keys issue\").\n\nSigned-off-by: Neal Liu <neal_liu@aspeedtech.com>\nChange-Id: Ieb9b2912363bd2a536b31c763205749a8924a976","shortMessageHtmlLink":"tests: update testcases for v2.0.2"}},{"before":null,"after":"078b26c7b452dc32ba2a5fcdc4f94b493b58925a","ref":"refs/heads/develop","pushedAt":"2023-08-14T07:03:32.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"Neal-liu","name":"Neal","path":"/Neal-liu","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5592660?s=80&v=4"},"commit":{"message":"otptool: fix cannot keep updating keys issue\n\nIf the ECC is enabled, it should be aware that the data needs to be 2DW\nalignment for ECC calculation. When key_config is not 2DW aligned,\notptool will append default value to do ECC calculation.\n\nProblem:\nThe odd dw offset default value is 0xffffffff. After ECC code has been\nprogrammed, this odd dw offset value cannot be changed. In this case,\nthe last bit[13] is set to 0x1. So afterward keys is useless.\n\nSolution:\nSet no last bit for append value instead. When user wants to keep\nupdating keys, it needs to add \"reserved\" key type before new keys for\nthis ECC restriction.\n\nSigned-off-by: Neal Liu <neal_liu@aspeedtech.com>\nChange-Id: Icb9cfde11c5b2cbe7fcbe14591a3aa709658cdf3","shortMessageHtmlLink":"otptool: fix cannot keep updating keys issue"}},{"before":"dbc2072635293784835dd6833fad6379a4bfae02","after":"078b26c7b452dc32ba2a5fcdc4f94b493b58925a","ref":"refs/heads/master","pushedAt":"2023-04-06T01:57:19.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Neal-liu","name":"Neal","path":"/Neal-liu","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5592660?s=80&v=4"},"commit":{"message":"otptool: fix cannot keep updating keys issue\n\nIf the ECC is enabled, it should be aware that the data needs to be 2DW\nalignment for ECC calculation. When key_config is not 2DW aligned,\notptool will append default value to do ECC calculation.\n\nProblem:\nThe odd dw offset default value is 0xffffffff. After ECC code has been\nprogrammed, this odd dw offset value cannot be changed. In this case,\nthe last bit[13] is set to 0x1. So afterward keys is useless.\n\nSolution:\nSet no last bit for append value instead. When user wants to keep\nupdating keys, it needs to add \"reserved\" key type before new keys for\nthis ECC restriction.\n\nSigned-off-by: Neal Liu <neal_liu@aspeedtech.com>\nChange-Id: Icb9cfde11c5b2cbe7fcbe14591a3aa709658cdf3","shortMessageHtmlLink":"otptool: fix cannot keep updating keys issue"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEH0vQ9gA","startCursor":null,"endCursor":null}},"title":"Activity · AspeedTech-BMC/socsec"}