diff options
| author | Marek BehĂșn <kabel@kernel.org> | 2025-02-04 14:14:15 +0100 |
|---|---|---|
| committer | Arnd Bergmann <arnd@arndb.de> | 2025-03-20 17:56:57 +0100 |
| commit | ba8755ab541fc629948233125db870d4dbf00a75 (patch) | |
| tree | 1d937f047d4ee1768e4f9db6c42d1de618be5940 /scripts/lib/kdoc/kdoc_output.py | |
| parent | 4110ad034fb7438eb16e73e2f949bedfabfc9d66 (diff) | |
firmware: turris-mox-rwtm: Add support for ECDSA signatures with HW private key
Add support for digital message signing with the private key stored in
the rWTM secure coprocessor. Turris Mox devices have an ECDSA private
key generated and burned into rWTM eFuses when manufactured. This
private key is not readable from the rWTM, but rWTM firmware allows for
signing messages with it and retrieving the public key.
This is exposed to userspace via the keyctl API.
User can find the key by either looking at /proc/keys or listing the
keyring:
$ cat /proc/keys
0240b221 ... keyring .turris-signing-keys: 1
34ff9ac9 ... turris-si Turris MOX SN 0000000D30000005 rWTM ECDSA ke...
$ keyctl rlist %:.turris-signing-keys
889166537
To get the public key:
$ keyctl read 889166537
67 bytes of data in key:
0201a05c 1a79242b 13f2fc02 b48ffdbb 6ee8d5ba 812d6784 5f04f302 c0894d3e
b93474f9 46235777 5c926fb4 cce89b50 88cf5d10 c07fd9c5 fdcea257 3d8f1c33
1bf826
To sign a message:
$ dd if=/dev/urandom of=msg_to_sign bs=64 count=1
$ keyctl pkey_sign 889166537 0 msg_to_sign >signature
Signed-off-by: Marek BehĂșn <kabel@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Diffstat (limited to 'scripts/lib/kdoc/kdoc_output.py')
0 files changed, 0 insertions, 0 deletions