Hi jan, all
I experienced an issue with some public keys (probability ~0,5%) u-boot fails
to load secure kernel image:
There is a small flaw in the script, imagine you calculated a “rsa, r-squared”
value with leading zero, then this script outputs just 255 values for it,
without the leading 00.
I tested this with a script generating hundreds of keys and observed this error
with approximately 0.5% chance (matching to the probability of having 00 in
first place).
I fixed this locally in our u-boot by adding ", 256" to make sure leading zeros
will also be generated:
out.write('\t\t\trsa,r-squared = [{}];\n'.format(int_to_bytestr(r_squared,
256)))
An example for a problematic public key (generated with openssl) to reproduce
the issue would be:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5FeZKqBPrnGw3PgvfJ7a
ajFUMt94MIBsW5movhjKfdCqHJt0oS/bQWAeOEzW7eaAU9RnQev8ud+WgyVuKyrz
AaUZ6gpQC4V/Ll3Z1k06JXGInCxTVaOQh/A3fCgntqQmyotK6UeE/Xe9uvQ7Olw7
n+d1nyGWWTrWt5wqQ2HRCyiDtD9kSMYoM9rKlU301oJOCBKZlvHJz+zP3jNz52ZB
SFe3daaYmbIGz4mDTigJjGEh2BA8M+rT+/JkAUqUBC07wC+DsuNpr/A8QSTWs1Lk
YwpUuzTaDij/UN1gJ/Xw2NMEkQMAbz6F4U4TbBez6/zDa52i/LmRn4A1nxy7agY8
kwIDAQAB
-----END PUBLIC KEY-----
BR
Hans
