[Bug 2078395] Re: [SRU] Add RSA3072 support to jammy

ethan.hsieh 2078395 at bugs.launchpad.net
Fri Aug 30 06:16:45 UTC 2024 

Install the test package[1] and can sign fitimage with rsa3072.

Here is the log:
$ mkimage -F -k /home/ethan/keys/ -f fdt.its genio-510-evk.dtb
FIT description: Flattened Device Tree blob
Created:         Fri Aug 30 14:10:05 2024
 Image 0 (fdt-mediatek_genio-510-evk.dtb)
  Description:  Flattened Device Tree blob
  Created:      Fri Aug 30 14:10:05 2024
  Type:         Flat Device Tree
  Compression:  uncompressed
  Data Size:    100226 Bytes = 97.88 KiB = 0.10 MiB
  Architecture: AArch64
  Hash algo:    sha256
  Hash value:   3fe7b38b73bbe80adf2f14108e60742ac3457abec14e5d8dd6dc8b2478a5f5f5
  Sign algo:    sha256,rsa3072:u-boot-img
  Sign value:   7b04254c808c6fe07527841f951feb651f9b89d4294aeb5ec8ee5e75943b3c9eb5eef9c84c83813aa629eff64ff6c0291dc1e2ab25ac50f2ba679b36b059b3808d6c64c34c3e874ac908c5bc4765e4c3d9f7875ebc3361e6c7ca593dc8e0e2ecdafbfaccb3117846b46fde7106c5bd6d35dd38979bb1da2e9816fbff6308783074d00ebfc02d8e1a757901ea6071b48c3cf1f30bc405f4a7173813767dda53410ba8462562dd67c1c32a344815d627999842d52e136a9f50579ed5fd2a9253d0f6353f271a058e78b81fb6f09e46907d3960c128ccb8ffda7c4b25e041e2e404c8b663fb983cd455987748480de19843e3618ac39df4d76177f4c3f08ad7cfe742571e0939516903ff3702f1379d1c4b16551b6b659f0f819fb63c0a57dfca0cd9fd4c68d32a8e8e2321e63c1cad5672bf74bd65381c9d34e8982f6d559211061e4fae6412683bb52ab53639be7f6c281b34b90a48b4ee1c39c03f6de409ae15315431bbbd54b1d185a73264b481115a3d5c2fa58506e878ad8141b9b534e428
  Timestamp:    Fri Aug 30 14:10:05 2024
 Default Configuration: 'conf-mediatek_genio-510-evk.dtb'
 Configuration 0 (conf-mediatek_genio-510-evk.dtb)
  Description:  FDT blob
  Kernel:       unavailable
  FDT:          fdt-mediatek_genio-510-evk.dtb
  Hash algo:    sha256
  Hash value:   unavailable
  Sign algo:    sha256,rsa3072:u-boot
  Sign padding: pkcs-1.5
  Sign value:   6070e162ed51a7dcf57167459805e6ca21cbc4b80880e311d6ff221d30238425772ecd940903f020e6136f156c9cebe1f57b3db7177082b16e11593974b631f9aca59f1dabfce8ca8ab0ace93be0530fe298ff20c4ce719353c06429bf9255db483c813990e631fffc0c9e003bc09b0354b979fcefafc92424c785257f9eb921a697491b3a0980016c4df5738bb4aeade943826b4f87ed67d4d484685179263ac420e8157568422830895315add655f7d0a99d672025667bd316e6e4a25b84a4d7602d23ea6f0953613841dc29bfb6c162829420d6ba476ce3c0482cbf4402d8919feffe1c7807689806b4534e9b70fd6b93a09e2aa0151db6ed3d883de13607e4b6bb5cb9bc5cbc750f68a5de40ef6ddc0f4bac9c2a9eb73164d67db51c6e6e780ee2ae64b59ee96228c0c093eb19e9097140c23cf7ff9866a04a4e275324ec2e1621ba5928d6acb65facdece88b1defa2f45af7ab47646497c5b18413d36215c1545d0388eed82df1a2fceafdc9664e54e5f556aa7302435d587b83ce272c7
  Timestamp:    Fri Aug 30 14:10:05 2024

---
[1] u-boot-tools_2022.01+dfsg-2ubuntu2.6_amd64.deb, https://launchpad.net/~ethan.hsieh/+archive/ubuntu/sru?field.series_filter=jammy

** Patch added: "jammy.debdiff"
   https://bugs.launchpad.net/ubuntu/+source/u-boot/+bug/2078395/+attachment/5810684/+files/jammy.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to u-boot in Ubuntu.
https://bugs.launchpad.net/bugs/2078395

Title:
  [SRU] Add RSA3072 support to jammy

Status in u-boot package in Ubuntu:
  New

Bug description:
  [Impact]

  The mkimage command is used to create images for use with the U-Boot boot loader.
  mkimage on jammy doesn't support RSA3072.

  The patch for adding RSA3072 support
  https://github.com/u-boot/u-boot/commit/2a4b0d5890deb0c973f8db7bb03adad96aff1050

  [Test case]

  Test Case 1:
  1. Install packages required for the sandbox test
  $ sudo apt install efitools libguestfs-tools libsdl2-dev python3-pycryptodome
  2. Run sandbox test to check if two new test cases for sha384 pass.
  $ ./test/py/test.py --bd sandbox --build
  test/py/tests/test_vboot.py
  @@ -45,6 +45,8 @@ TESTDATA = [
       ['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x10000', False, False],
       ['sha256-pss-required', 'sha256', '-pss', None, True, False],
       ['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x10000', True, True],
  +    ['sha384-basic', 'sha384', '', None, False, False],
  +    ['sha384-pad', 'sha384', '', '-E -p 0x10000', False, False],
   ]

  https://u-boot.readthedocs.io/en/latest/develop/testing.html#pytest-
  suite

  Test Case 2:
  Create a test fitimage and sign with rsa3072 algorithm.
  $ sudo mkimage -F -k keydir -f fdt.its test.dtb

  [Where problems could occur]

  The regression risk should be low because this patch just adds RSA3072
  support.

  [Other Info]

  The patch is already in Noble, so we only need to backport to Jammy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/u-boot/+bug/2078395/+subscriptions

More information about the foundations-bugs mailing list