image: Update overlapping TLVs
This patch updates the NONCE and SECRET_ID TLVs to use values in a reserved
vendor range. The original values are now considered legacy and must remain in
place to deal with images already created using the new TLVs.
Signed-off-by: Andy Gross <andy.gross@juul.com>
diff --git a/image/image.go b/image/image.go
index f3dede9..7defa38 100644
--- a/image/image.go
+++ b/image/image.go
@@ -55,35 +55,39 @@
* Image trailer TLV types.
*/
const (
- IMAGE_TLV_KEYHASH = 0x01
- IMAGE_TLV_SHA256 = 0x10
- IMAGE_TLV_RSA2048 = 0x20
- IMAGE_TLV_ECDSA224 = 0x21
- IMAGE_TLV_ECDSA256 = 0x22
- IMAGE_TLV_RSA3072 = 0x23
- IMAGE_TLV_ED25519 = 0x24
- IMAGE_TLV_ENC_RSA = 0x30
- IMAGE_TLV_ENC_KEK = 0x31
- IMAGE_TLV_ENC_EC256 = 0x32
- IMAGE_TLV_AES_NONCE = 0x50
- IMAGE_TLV_SECRET_ID = 0x60
- IMAGE_TLV_SECTION = 0xa3
+ IMAGE_TLV_KEYHASH = 0x01
+ IMAGE_TLV_SHA256 = 0x10
+ IMAGE_TLV_RSA2048 = 0x20
+ IMAGE_TLV_ECDSA224 = 0x21
+ IMAGE_TLV_ECDSA256 = 0x22
+ IMAGE_TLV_RSA3072 = 0x23
+ IMAGE_TLV_ED25519 = 0x24
+ IMAGE_TLV_ENC_RSA = 0x30
+ IMAGE_TLV_ENC_KEK = 0x31
+ IMAGE_TLV_ENC_EC256 = 0x32
+ IMAGE_TLV_AES_NONCE_LEGACY = 0x50
+ IMAGE_TLV_SECRET_ID_LEGACY = 0x60
+ IMAGE_TLV_AES_NONCE = 0xa1
+ IMAGE_TLV_SECRET_ID = 0xa2
+ IMAGE_TLV_SECTION = 0xa3
)
var imageTlvTypeNameMap = map[uint8]string{
- IMAGE_TLV_KEYHASH: "KEYHASH",
- IMAGE_TLV_SHA256: "SHA256",
- IMAGE_TLV_RSA2048: "RSA2048",
- IMAGE_TLV_ECDSA224: "ECDSA224",
- IMAGE_TLV_ECDSA256: "ECDSA256",
- IMAGE_TLV_RSA3072: "RSA3072",
- IMAGE_TLV_ED25519: "ED25519",
- IMAGE_TLV_ENC_RSA: "ENC_RSA",
- IMAGE_TLV_ENC_KEK: "ENC_KEK",
- IMAGE_TLV_ENC_EC256: "ENC_EC256",
- IMAGE_TLV_AES_NONCE: "AES_NONCE",
- IMAGE_TLV_SECRET_ID: "SEC_KEY_ID",
- IMAGE_TLV_SECTION: "SECTION",
+ IMAGE_TLV_KEYHASH: "KEYHASH",
+ IMAGE_TLV_SHA256: "SHA256",
+ IMAGE_TLV_RSA2048: "RSA2048",
+ IMAGE_TLV_ECDSA224: "ECDSA224",
+ IMAGE_TLV_ECDSA256: "ECDSA256",
+ IMAGE_TLV_RSA3072: "RSA3072",
+ IMAGE_TLV_ED25519: "ED25519",
+ IMAGE_TLV_ENC_RSA: "ENC_RSA",
+ IMAGE_TLV_ENC_KEK: "ENC_KEK",
+ IMAGE_TLV_ENC_EC256: "ENC_EC256",
+ IMAGE_TLV_AES_NONCE: "AES_NONCE",
+ IMAGE_TLV_SECRET_ID: "SEC_KEY_ID",
+ IMAGE_TLV_AES_NONCE_LEGACY: "AES_NONCE",
+ IMAGE_TLV_SECRET_ID_LEGACY: "SEC_KEY_ID",
+ IMAGE_TLV_SECTION: "SECTION",
}
var imageTlvTypeSigTypeMap = map[uint8]sec.SigType{