Upgrade signing key generation#379
Conversation
ia0
left a comment
ia0
left a comment
There was a problem hiding this comment.
I also took a quick look at the upgrade branch. I guess you split the partition location in 2 because of the MPU? I actually realized I could probably do the same for the storage (and avoid the MPU hack :D). I'll try next time I have time.
|
|
||
| pub const AAGUID: &[u8; AAGUID_LENGTH] = | ||
| include_bytes!(concat!(env!("OUT_DIR"), "/opensk_aaguid.bin")); | ||
| pub const _UPGRADE_PUBLIC_KEY: &[u8; _UPGRADE_PUBLIC_KEY_LENGTH] = |
There was a problem hiding this comment.
Last time, after discussion, I realized that #[warn(dead_code)] (and not #[allow(dead_code)]) might be more convenient (no need to change names). As you want.
There was a problem hiding this comment.
I tried that, and realized that we error on warning. So it's either allow or renaming. And in this case, it wasn't too much work to rename.
There was a problem hiding this comment.
Oh right this is not great. We might want to remove that rule in develop branch.
kaczmarczyck
force-pushed
the
submit-upgrade
branch
from
16f5e0e to
664bad1
Compare
|
@ia0 Yes, the split is to satisfy the MPU. The ugly regex script will make room for new boards eventually though. :) |
4 participants
This PR adds the upgrade signing key, including:
setup.shbuild.rsctap/key_material.rsinstall.mdOn top, it adds one missing function to get the partition offset to the interface, and cleans up some unnecessary code after the compiler version jump.
The key is currently unused in
key_material.rs. For the bigger picture, please check my upgrade branch.