smallsolar/u-boot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tkey: Use SHA256 to obtain the disk-encryption key

Browse Source 
Rather than Blake2b, use SHA256 to obtain the disk-encryption key based
on the key material provided by the TKey. This matches the upcoming
disk-encryption test.

Signed-off-by: Simon Glass <simon.glass@canonical.com>
This commit is contained in:
Simon Glass
2025-11-14 11:30:43 -07:00
parent 2f8d7e7815
commit 3b61461616
3 changed files with 29 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
test/dm/tkey.c
View File

@@ -175,19 +175,19 @@ static int dm_test_tkey_derive_disk_key(struct unit_test_state *uts)
0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
};
/* Expected disk key: BLAKE2b(pubkey) */
/* Expected disk key: SHA256(pubkey) - from emulator */
const u8 expected_disk_key[TKEY_DISK_KEY_SIZE] = {
0x22, 0x8b, 0x2f, 0x6a, 0xbf, 0x8b, 0xe0, 0x56,
0x49, 0xb2, 0x41, 0x75, 0x86, 0x15, 0x0b, 0xbf,
0x3e, 0x1b, 0x3f, 0x66, 0x9a, 0xfa, 0x1c, 0x61,
0x51, 0xdd, 0xc7, 0x29, 0x57, 0x93, 0x3c, 0x21,
0xe9, 0xb0, 0x59, 0x92, 0x68, 0xff, 0x8b, 0x08,
0x3e, 0xf8, 0x0d, 0xbd, 0x04, 0xbe, 0x20, 0x7c,
0xe9, 0xa1, 0x9a, 0x60, 0xa8, 0x88, 0xcc, 0xb3,
0xfe, 0x93, 0x71, 0x0a, 0x0a, 0x70, 0xa3, 0x4e,
};
/* Expected key hash: BLAKE2b(disk_key) */
const u8 expected_key_hash[TKEY_HASH_SIZE] = {
0xa7, 0x2a, 0x46, 0xb8, 0xf8, 0xc7, 0xff, 0x08,
0x24, 0x41, 0x6a, 0xda, 0x88, 0x6f, 0x62, 0xb6,
0xc2, 0x80, 0x88, 0x96, 0xd7, 0x12, 0x01, 0xa3,
0x28, 0x14, 0xab, 0x43, 0x2c, 0x7a, 0x81, 0xcf,
0x85, 0x83, 0xa0, 0x8d, 0x6c, 0x53, 0x4e, 0x84,
0xae, 0x81, 0xa8, 0x51, 0x80, 0x71, 0xc1, 0x6a,
0x80, 0x30, 0x89, 0x3d, 0xf0, 0x5f, 0xec, 0xb8,
0x4e, 0x51, 0x44, 0x38, 0x59, 0x1b, 0xa5, 0xed,
};
struct udevice *dev;
u8 dummy_app[128];