diff --git a/release/README.txt b/release/README.txt index 7dfd7e36..4baffae3 100644 --- a/release/README.txt +++ b/release/README.txt @@ -42,8 +42,8 @@ eg. './scripts/prepver.sh 0.1.33' * scripts/devfw.sh eg. './scripts/devfw.sh 0.1.33' - For each dev build dir (ie. jadedev and jade1.1dev, ble and noradio variants), - signs the dev firmware 'jade.bin' with the dev/test key present in the - scripts dir. Validates with the pubkey. Creates 'jade_signed.bin'. + signs the dev firmware 'jade.bin' with the dev/test keys present in the + scripts dir. Validates with the pubkeys. Creates 'jade_signed.bin'. - Runs 'jade/tools/fwprep.py' on the signed binary 'jade_signed.bin'. This compresses the firmware file and generates the descriptive name using the standard/agreed format (__)_fw.bin). Also writes diff --git a/release/scripts/dev_fw_pub_key.pub b/release/scripts/dev_fw_pub_key_A.pub similarity index 100% rename from release/scripts/dev_fw_pub_key.pub rename to release/scripts/dev_fw_pub_key_A.pub diff --git a/release/scripts/dev_fw_pub_key_B.pub b/release/scripts/dev_fw_pub_key_B.pub new file mode 100644 index 00000000..12ad75f9 --- /dev/null +++ b/release/scripts/dev_fw_pub_key_B.pub @@ -0,0 +1,11 @@ +-----BEGIN PUBLIC KEY----- +MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA47Co44HAsu3umivF5nbB +MhXS5p6FN03BvokRPH73xC8iWeWrmgci+gfj0w5i9OSPQJNiFQcNOtF96KozH+We +hNf5Y+LAEapgUUKd//qHGMXbFkFzJcGNWaoQVN6271kUc/Hv8G3LNqYL0RirfC6j +L6+knMaV6gTLx1hcQ/iSz21Eo4fkL6Q6+c1Lg+oCpDdd7LC07NZBO2+4BX2T8zo+ +uoylR9TbrspjIqlAQEVtRGO9iDFo4VuILRs4/SRREgLsZSFJCyv/qfiWCa/SSbPr +gGyu7ZeoBUPn/+1p3vtzH+4Ac7d1QgflbTkI0zjz6lQP/75CN1wJFA3RK4ebm9i3 +MpbqAQ6lpAHv8E/4xWXuKNrYDExirD2a6yuV3QPP4h2I4HVLwT6aEAte+3q4zvv6 +pqdXFiUcub8DAggwakzkQwgBSkv8jZnwQ239GYnkvDuoCPwmTwP20OPIPojekwD5 +f+eJ0swQo4HnduVFi0CDfsM03XR3medZp5gbWpcxbKyNAgMBAAE= +-----END PUBLIC KEY----- diff --git a/release/scripts/dev_fw_pub_key_C.pub b/release/scripts/dev_fw_pub_key_C.pub new file mode 100644 index 00000000..a86dff32 --- /dev/null +++ b/release/scripts/dev_fw_pub_key_C.pub @@ -0,0 +1,11 @@ +-----BEGIN PUBLIC KEY----- +MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAlc4rzywcSXA+gFeCFryP +6ZYSCYrlv7hRHRhF3WQE57l/RMlJKO1mu3J3Uv5A+7XY2VXvmvb055iBZ0xMRALk +VRksPYIY84Et0c/n4UBaWo540fIi6MBkdHFVuzPUakUZyrLiMLkH0tIlFKeZuyg8 +RYfDSOSWq8IXy13f0ip9c3XMbo2nfIT91C7+nZyveNDjfzH97Fz62Gk8KUClZ/1Q +pnXSIWcPt4V2xwFCCruqEoT1MZjX3+UBTn9RA7/5sY8yrakfNs4QFc+GCPaZVn2N +qLGQLbV1QrWDh63XKT171T7NdYRkea/M1JAmak+g0zbj2Gv/5Wek7MoxsPOuSN+J +5MG+cS7tQhcisBY0HG86i+nlms129ym6rWpgAHeeIdq5FJihN8xIsYQPJLaO28PT +CJypIVaYXlMPZOWTQoV/jjH/INghGp/vOGZEwK291np072XkMAwB1j2ZONSeD8Oe +5LlZaaTPqxlPaTGJrMP396073ToDB+jOro6u7NQYnphDAgMBAAE= +-----END PUBLIC KEY----- diff --git a/release/scripts/dev_fw_signing_key.pem b/release/scripts/dev_fw_signing_key_A.pem similarity index 100% rename from release/scripts/dev_fw_signing_key.pem rename to release/scripts/dev_fw_signing_key_A.pem diff --git a/release/scripts/dev_fw_signing_key_B.pem b/release/scripts/dev_fw_signing_key_B.pem new file mode 100644 index 00000000..cb8ae416 --- /dev/null +++ b/release/scripts/dev_fw_signing_key_B.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEA47Co44HAsu3umivF5nbBMhXS5p6FN03BvokRPH73xC8iWeWr +mgci+gfj0w5i9OSPQJNiFQcNOtF96KozH+WehNf5Y+LAEapgUUKd//qHGMXbFkFz +JcGNWaoQVN6271kUc/Hv8G3LNqYL0RirfC6jL6+knMaV6gTLx1hcQ/iSz21Eo4fk +L6Q6+c1Lg+oCpDdd7LC07NZBO2+4BX2T8zo+uoylR9TbrspjIqlAQEVtRGO9iDFo +4VuILRs4/SRREgLsZSFJCyv/qfiWCa/SSbPrgGyu7ZeoBUPn/+1p3vtzH+4Ac7d1 +QgflbTkI0zjz6lQP/75CN1wJFA3RK4ebm9i3MpbqAQ6lpAHv8E/4xWXuKNrYDExi +rD2a6yuV3QPP4h2I4HVLwT6aEAte+3q4zvv6pqdXFiUcub8DAggwakzkQwgBSkv8 +jZnwQ239GYnkvDuoCPwmTwP20OPIPojekwD5f+eJ0swQo4HnduVFi0CDfsM03XR3 +medZp5gbWpcxbKyNAgMBAAECggGAbjA8S32rp+wFoI62g0XNUVPGcN0eUxlKPc9P +jBtWBJda5G6FkVEK2D2hP66irSk/Ol0ZBlwXRvPDHyne+/y/rkJm6rP9h48QdcLr +e8neP1rhH/AkrYzxvwbSSIBPv504jLP1DkHUKmpJJbPuqXZYeudhno1sV4hipeJZ +JHvTcJbMtOc6wuOTtvhnJzvEc3xn8/fAVy2I/B6gy+duBjOVz+nows58UiaXu1p1 +QaVXr9UlEBf5TbZiPJIEDl3Y7gKDQqb5S/DHhvJl2MgDCV8r0lN2sj2HtVauehAL +toDugOUVbjUuCCofTlupPct9ZW2ASFVs73O3ZnoMQqGQ4EIAEfJXHK/DQcwDdCVg +r6axaQSSHOPrv4WuQGCzDgIeSKrF+Tv/5s6Ym9688ddL2jHt2CJdiTFbsbm9l/mv +PvXN2F0rk6dV9YzOG6c4D7aFW3VPjR0pRVi/qKeFvDFi2IwP9Ts3LmOVavv6feli +8FttJyeyDau/s5xY4Jp7l5vQkWhxAoHBAP2lfP13xnLwqL8IkCAAZnyYZ4nndPzv +K5VzLhYLtZ2BHt4J5vIjdxUGy9Kl72Vyvque7/ROtqw/GhS+hxSbdAXx/pX7DOFq +xz7KpOx4kBSETmlNgOU0Dl8RtsFwxbGd4uhVf8cx295CMecY0XcGuHm0A5u8JBMj +1VDHtVFKXaMihn6xmRWxUpeevBJGAKfhHLRY5do1PxtMp75/OmWUjtcxDhT6X5lb +ecWlxi1BLFGvxOtu2oBzPTpvfSs520KB9wKBwQDlzYPF0UDefFiFl/TCyUVl/G9g +8S0qX79IjmX2fNMHpJbIUIEQUaDee/vmnClJOThbNiuC0A0iFtI8i8WjNWHAC4zL +VPH0iyupmpj/MRiZ5DfPkSKEOZO7BZmjM19Wv+jVqJXwT7W/bqNXLmzeYoQORs48 +M+rW7XM5R+m9DKAEQDzUrzNKKylGQfhssEzuIx3DRya8ZxobfkeBLL6awSosIC+p +U75J556G0xKMJeknrV6pO8eHdBMnCZbGRtTY5JsCgcA2Kh+91NUI+IFgggic/Njl +5Hm/xjCCTuSkvnrp9EgtQUSBL+YkcRRd5hyieBLePBmhdohRSHnT4InGQkWATg4B +swKlrn26qV2w9/8uDDTgXLyN2iIbT/l9rb+0IUvmOQwahx+JPwlvtf0IF5GrdEDy +pFFc8VlWyQElhfAfUt0aGCZWacCCFGLJw/jvgglj0Dub+5vh9BrsznrHwE2NIaM7 +KtuR+UFu80zWuybNxSwcqYdIq1x3r6Q0lVhKYcmDs1MCgcB4uxsyz3f0K4HaVfYq +a9HA/fmKBctDyt/U/7MD55p7FnZ9MQZNi4Unvh2ej4aFSMGZ8gC0DhgIQ9MaKhig +YUhEvAyxOqSPZJqA1Y7x61pQZ30G2Oo4a4N4qz2HZ1L8YYCy14pGoaoLs9Wu1N4v +i7RzR7HMIT6Mwl1Zx7U+NCbRdOpAlvcsTTa3Cau5dnpEVkCpunTYYJZvwU1RyS8u +YLOGUTaZED0V2NEJZlUFOlmfFc94u8ZdHJd/V+NVshrbBGcCgcA/roDnSIpi8ctG +Eb7c75omz+H6fRzM+Qc5qGgwBTwzoz7BPYx+5+Q4BFk+aUmBcEMMDpzd2nJh1XPk +NOiavZAL7rWIQjHrhD2+F1TEzG2UF3toEhHlkJaKZtkFkPf7yNvWYC05JTMucPil +H4FOUgD2JC8j8kk8hDhutjAKc+Ab+YDDux06Aib89PzYu5z0VH4C3xLZuO5qu/3+ +08VjUyw7UC3ZiYafDdo4RCExK9kUz36jaKpG0jv+y0NeXNl3ZGk= +-----END RSA PRIVATE KEY----- diff --git a/release/scripts/dev_fw_signing_key_C.pem b/release/scripts/dev_fw_signing_key_C.pem new file mode 100644 index 00000000..a091a43a --- /dev/null +++ b/release/scripts/dev_fw_signing_key_C.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAlc4rzywcSXA+gFeCFryP6ZYSCYrlv7hRHRhF3WQE57l/RMlJ +KO1mu3J3Uv5A+7XY2VXvmvb055iBZ0xMRALkVRksPYIY84Et0c/n4UBaWo540fIi +6MBkdHFVuzPUakUZyrLiMLkH0tIlFKeZuyg8RYfDSOSWq8IXy13f0ip9c3XMbo2n +fIT91C7+nZyveNDjfzH97Fz62Gk8KUClZ/1QpnXSIWcPt4V2xwFCCruqEoT1MZjX +3+UBTn9RA7/5sY8yrakfNs4QFc+GCPaZVn2NqLGQLbV1QrWDh63XKT171T7NdYRk +ea/M1JAmak+g0zbj2Gv/5Wek7MoxsPOuSN+J5MG+cS7tQhcisBY0HG86i+nlms12 +9ym6rWpgAHeeIdq5FJihN8xIsYQPJLaO28PTCJypIVaYXlMPZOWTQoV/jjH/INgh +Gp/vOGZEwK291np072XkMAwB1j2ZONSeD8Oe5LlZaaTPqxlPaTGJrMP396073ToD +B+jOro6u7NQYnphDAgMBAAECggGAJYMyLzexgaZM0GCZX84qD2kX7THN5FtoXGvG +mvC/1bL6rqPk4Q3Jqui3/p1ScnWP7qR5UonCu/fRd6eAdYtv1+tsy543V0qiyaZR +P3OY7JI+qPwER9pdjVcQC8enylCxa7OttluvHNiolmp9sYMazKJ5gVhUboA06yT/ +tiYTsgTug0SPizvWP/rgoWEqA4vzW9eN6VFDM0vu17mrccXaG0TnsJuZMPCH1L94 +5S0nImoO6DOI4zT6RcjV5aV+BjuAKCuyXBBEe7DiKpoHwkZX90gQcFtxJ9H3myE0 +p82ssb0PcBBdlr3Va65zvRGTpvHFvnErqnZxp25uGAC06mt5l7QZz7WcHakZEKb5 +ejbIQ1MGAqlr3s88rmu0WYcCax6uOS/BtZOhCu3tm9Z1U/dc5rDYm4+06HuXVHkM +O3ZC5Hqkauo6Yk6SXHy+wtS+/tryekBwgSLoaXWVi5Lrv/C7qmoQ6slwLOy9T2H8 +eivuAnqPmTGrXM6VojMjLjITzUwBAoHBAMbZ5+WOPagf2fASv14pm4lheuUSWiaB +HWO4bMrs6Yfa63gRsz6waF/ebEgKhlEhbTTz3uVNlvOpn9I2qbZyluYkJbvsEIOq +8xU0siiv5QEN5ZPFMptMOMIiP4N3owXtRWxTl5JI222lgnLBH53g++3bQI4qVuk4 +B0OW2G7WOLUrf2+Jpk1TsWB8p0/do2wBgfvmdyA9J6foXVsSmGc/I8jbBW7Mu6lN +0I9erfaCK+7DGlq1ISnG0XnLcGOdU3diQwKBwQDA28/h2E/o6jf38Pb+3Mdu0mtq +nT+HyoUagifaVu2hNYDZ7nZnYvnLoY9GRKfQYrtJpl0QOs+v5yABC1fayNwrh9/Q +BeMqoa4igCKDQcCdQxcyhDHytXDb2Rg/jHgOsqMYyaYeKywFKR8VI1M4Ao5BRitf +XNsTijH7ZTaFdk13RZl8Mk1+RcHn9msLxLPrTtNkBEn8TW6WQWg2asEt9kCv7PB9 +Z5OegbkIydwRea+7OKAWGYzsEFLleZwUawMfkgECgcAJawiwtqv06o1H8ZteulnD +h/pqHxRl/neF4ZZFhjMJXDUK2svCjFhlMgOu5dC2xv6FI4fLFIGxyLbpHe2r1oGP +JOckn2mo0s/wkS5e/vW5tw7IkO50rIeDqluXvnLaNQK0vsDPDORXrR8gkEUPFTjZ +aykDkr3LDfxKFzrpBPxqmETQ45Qc1XnxN/Y0siqrUub1J1U9EahvK3JAfgD54uOu +/7CiLtA0lJrsL2/N3Rx3koYNBccsU15YhmosTadGYEECgcEAmsGITdUTQnZ4FOhy +es7U5dPJyFKIgUF8j2nz6tuocZ0KWVZmAs5EXie1XZCIDMq9OPtbYEOhFqjjYJMm +m3RkYDX23elrgXEd16d0ilj/4/HLMokrv3PjLTdGou/oAvtLrv9Y4oqIF1gJDiA7 +jg1W84AIG8zaKxLQysdL+cqVnOjnoeaHkpUNZUKyYU4lhePJ808Rw3irDb1Mj6YY +f/ZDsCf0Tt0HcsDrpua8RfWckyJ8K1+zWlY6/tMX8LZyWioBAoHAfaYJModHIvZ1 ++HCHiKLsHiVkBmKOGINbg18fgla/TYa2Ic26xOAaG897JmQb/ffTkZUjadGa0DLX +NcFUMU9818DDX3O9xryOcGnOcZ+hQ93Z+xcbvjNfayR2/yssB5DxAMoHtAuhUacu +H4qK9bYv153NWZ/Z/RfVD37y0KhNio/0jaCrEyge1/D8nqBSTX3uOFkp1H+WZ7ZF +Vp7bSPY+V419Pt+waxof5ijz6ZscrvclgeJnUP2jkyul1XUEmwaA +-----END RSA PRIVATE KEY----- diff --git a/release/scripts/devfw.sh b/release/scripts/devfw.sh index 0f5d617a..4707b360 100755 --- a/release/scripts/devfw.sh +++ b/release/scripts/devfw.sh @@ -22,8 +22,12 @@ WORKING_DIR="${STAGING}/${1}" # Relative paths from where it will be referenced in # jade/release/staging/// DEV_KEY_DIR="../../../../scripts" -DEV_KEY_PRIV="${DEV_KEY_DIR}/dev_fw_signing_key.pem" -DEV_KEY_PUB="${DEV_KEY_DIR}/dev_fw_pub_key.pub" +DEV_KEY_PRIV_A="${DEV_KEY_DIR}/dev_fw_signing_key_A.pem" +DEV_KEY_PRIV_B="${DEV_KEY_DIR}/dev_fw_signing_key_B.pem" +DEV_KEY_PRIV_C="${DEV_KEY_DIR}/dev_fw_signing_key_C.pem" +DEV_KEY_PUB_A="${DEV_KEY_DIR}/dev_fw_pub_key_A.pub" +DEV_KEY_PUB_B="${DEV_KEY_DIR}/dev_fw_pub_key_B.pub" +DEV_KEY_PUB_C="${DEV_KEY_DIR}/dev_fw_pub_key_C.pub" FWPREP="../../../../../tools/fwprep.py" pushd "${WORKING_DIR}" @@ -33,8 +37,18 @@ do for dir in ${BUILDDIRS} do pushd "${dir}" - espsecure.py sign_data --keyfile "${DEV_KEY_PRIV}" --version 2 --output "${SIGNED_BINARY}" "${UNSIGNED_BINARY}" - espsecure.py verify_signature --version 2 --keyfile "${DEV_KEY_PUB}" "${SIGNED_BINARY}" + + # Sign the binary + espsecure.py sign_data --keyfile "${DEV_KEY_PRIV_A}" --version 2 --output "${SIGNED_BINARY}" "${UNSIGNED_BINARY}" + + if [ "${devdir}" == "jade2.0dev" ] + then + # Append a second signature and verify + espsecure.py sign_data --keyfile "${DEV_KEY_PRIV_B}" --version 2 --append_signatures "${SIGNED_BINARY}" + espsecure.py verify_signature --version 2 --keyfile "${DEV_KEY_PUB_B}" "${SIGNED_BINARY}" + fi + + espsecure.py verify_signature --version 2 --keyfile "${DEV_KEY_PUB_A}" "${SIGNED_BINARY}" "${FWPREP}" "${SIGNED_BINARY}" .. popd done