Skip to content

Backport 26987 ([ownership] Test the key algorithm with pubkey for key equivalence) #29206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pamaury merged 3 commits into from
Jan 30, 2026
Merged

Backport 26987 ([ownership] Test the key algorithm with pubkey for key equivalence) #29206

pamaury merged 3 commits into from
Jan 30, 2026
+111 −17

Conversation

@pamaury
Copy link
Contributor

@pamaury pamaury commented Jan 29, 2026
edited
Loading

Backport #26987. Depends on #29204, only review last 3 commits.

@pamaury pamaury requested review from a team and cfrantz as code owners January 29, 2026 10:21
@pamaury pamaury requested review from alees24 and jwnrt and removed request for a team January 29, 2026 10:21
sasdf and others added 3 commits January 30, 2026 18:39
@sasdf @pamaury
[rom_ext] Test the key algorithm with pubkey for key equivalence
5258373 
This change prevents the algorithm confusion attack, which can downgrade a
hybrid key to ECDSA-only.

Change-Id: Ice80075e930c0eb0e092ad1fe7a2840cc4a99db2
Signed-off-by: Yi-Hsuan Deng <[email protected]>
(cherry picked from commit 5d30608)
@sasdf @anthonychen1251 @pamaury
[ownership, rom_ext_e2e] Add newversion update test for SPX+ owners
df5bbc6 
This updates the newversion_test harness to accept the SPX keys and adds
an e2e test for the newversion mode update using SPX keys.

Change-Id: I5b948339b20e85c2df3084d0ee7d13bb4cdd1bfd
Co-authored-by: Anthony Chen <[email protected]>
Signed-off-by: Yi-Hsuan Deng <[email protected]>
(cherry picked from commit fa6c29e)
@sasdf @pamaury
[ownership, rom_ext_e2e] Test rom_ext checks the owner key algorithm
13a380e 
This change adds a e2e test to ensure rom_ext prevents the attack.

Change-Id: I124f43b315930a799df3c1156f810cb646e6c219
Signed-off-by: Yi-Hsuan Deng <[email protected]>
(cherry picked from commit c47d5b5)
@pamaury
Copy link
Contributor Author

pamaury commented Jan 30, 2026

CI failures are unrelated

@pamaury pamaury added this pull request to the merge queue Jan 30, 2026
Merged via the queue into lowRISC:master with commit 371d63b Jan 30, 2026
45 of 47 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cfrantz cfrantz cfrantz approved these changes

@alees24 alees24 Awaiting requested review from alees24 alees24 is a code owner automatically assigned from lowRISC/ot-c-cpp-reviewers

@jwnrt jwnrt Awaiting requested review from jwnrt

Assignees

No one assigned

Labels

MergeBack:1.0.0 to master

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pamaury @cfrantz @sasdf