1*7a33704cSNan Zhou## Cr51 Image Signature Library 2*7a33704cSNan Zhou 3*7a33704cSNan Zhou### Package `libcr51sign` 4*7a33704cSNan Zhou 5*7a33704cSNan Zhou* Status: **Ready** 6*7a33704cSNan Zhou 7*7a33704cSNan ZhouLibcr51sign is a library to verify images signed in the Cr51 format which can be 8*7a33704cSNan Zhoushared between all systems requiring this functionality. Given an absolute start 9*7a33704cSNan Zhouand end offset the library would scan for and validate the signature on the 10*7a33704cSNan Zhouimage descriptor, if the image validates, hashes the rest of the image to verify 11*7a33704cSNan Zhouits integrity. Because this library will be used across many varied platforms, 12*7a33704cSNan Zhouit does not assume the presence of any standard libraries or operating system 13*7a33704cSNan Zhouinterfaces. In order to handle this, a struct containing function pointers that 14*7a33704cSNan Zhouimplement each piece of platform-specific functionality will be passed to the 15*7a33704cSNan Zhoulibrary’s functions. Interface struct should typically be static data (could put 16*7a33704cSNan Zhouin rodata) while the data in context is mutable. 17*7a33704cSNan Zhou 18*7a33704cSNan Zhou### Debug 19*7a33704cSNan Zhou 20*7a33704cSNan ZhouPrint will be handled via Macros. The user can define USER_PRINT or the library 21*7a33704cSNan Zhouwould use its default. The library will not assert on any error conditions,but 22*7a33704cSNan Zhouwill return error codes and expects the client to handle as deemed fit. 23*7a33704cSNan Zhou 24*7a33704cSNan Zhou``` 25*7a33704cSNan Zhou 26*7a33704cSNan Zhou#ifndef USER_PRINT 27*7a33704cSNan Zhou#define CPRINTS(ctx, format, args...)printf(format, ##args) 28*7a33704cSNan Zhou#endif 29*7a33704cSNan Zhou``` 30*7a33704cSNan Zhou 31*7a33704cSNan Zhou### Prod/Dev transitions 32*7a33704cSNan Zhou 33*7a33704cSNan ZhouProd --> Prod: Allowed \ 34*7a33704cSNan ZhouProd --> Dev: Only if allowlisted/prod_to_dev_downgrade_allowed \ 35*7a33704cSNan ZhouDev --> Prod: Allowed \ 36*7a33704cSNan ZhouDev --> Dev: Allowed 37*7a33704cSNan Zhou 38*7a33704cSNan Zhouverify_signature: The implementation should check if the signature size passed 39*7a33704cSNan Zhouis same as the length of the key 40*7a33704cSNan Zhou 41*7a33704cSNan ZhouNote: libcr51sign will also provide a companion library with default SW 42*7a33704cSNan Zhouimplementations of common functions like hash_init/final, 43*7a33704cSNan Zhouread_and_hash_update(). 44*7a33704cSNan Zhou 45