)]}'
{
  "commit": "e82a34f7b1dead85bd595aab5a9471c776d5ddbe",
  "tree": "6d91f8044704617448afcef038022e0cbe74762d",
  "parents": [
    "3ddbaa47b17f3510ad892365c20d576ddea1444c"
  ],
  "author": {
    "name": "Dan Zhang",
    "email": "zhdaniel@google.com",
    "time": "Mon Jun 02 04:49:57 2025 +0000"
  },
  "committer": {
    "name": "Dan Zhang",
    "email": "zhdaniel@google.com",
    "time": "Fri Jul 11 23:56:09 2025 +0000"
  },
  "message": "flashupdate: Support key rotation\n\nIf the RoT-Config support BIOS Key rotation, the Cr51Validator will\nuse BIOS trust bundle information fetched from RoT config to validate\nthe BIOS CR51 descriptor.\n\nThe BIOS trust bundle will be:\n* the trusted signature verification (public) key\u0027s finger printer.\n* the allowed cr51 descriptor hash\n\nIf the RoT-Config does not support, will fallback to use key information\nbuilt-in gBMC firmware.\n\nRoT-Config support BIOS key rotation means the RoT-Config record contain\nat least one public key finger printer chunk.\n\nFor dev signed bios, the dev signature verification key will only be\nbuilt-in gBMC image. So when dev signed bios is allowed, the built-in\nkey will be tried if image cannot be valided by keys within RoT-Config.\n\nTested:\nwith testing bios RoT configraution\n\nGoogle-Bug-Id: 421797519\nChange-Id: I7ee686b94c49113ee8f406f19628851de21868b6\nSigned-off-by: Dan Zhang \u003czhdaniel@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "f32ad6c754d90acf47af56ea949e7ec813211fa1",
      "old_mode": 33188,
      "old_path": "subprojects/flashupdate/include/flashupdate/validator/cr51.hpp",
      "new_id": "20c5e3d7b089e0dcd12fa48d80a92fe165df08b5",
      "new_mode": 33188,
      "new_path": "subprojects/flashupdate/include/flashupdate/validator/cr51.hpp"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "77d22bfd4cb9b3af1875a43320a62029a00cb27f",
      "new_mode": 33188,
      "new_path": "subprojects/flashupdate/include/flashupdate/validator/key_rotate_helper.hpp"
    },
    {
      "type": "modify",
      "old_id": "6dc72d3899114674b0ba5f0a272e1149befe309c",
      "old_mode": 33188,
      "old_path": "subprojects/flashupdate/src/args.cpp",
      "new_id": "7de4c8ea5a570fb35068b009984e599c1c869310",
      "new_mode": 33188,
      "new_path": "subprojects/flashupdate/src/args.cpp"
    },
    {
      "type": "modify",
      "old_id": "89150afe3e0068661ee7b8a0bdbb03a778631fc6",
      "old_mode": 33188,
      "old_path": "subprojects/flashupdate/src/meson.build",
      "new_id": "9319b8f5dd9afc2953cd3bec43215b284d63e536",
      "new_mode": 33188,
      "new_path": "subprojects/flashupdate/src/meson.build"
    },
    {
      "type": "modify",
      "old_id": "1f127de996cc97b39c43c33cb44a6e8c0327408d",
      "old_mode": 33188,
      "old_path": "subprojects/flashupdate/src/ops/write.cpp",
      "new_id": "7e0969f5cfb45683aed1ed350906d0502aaaf712",
      "new_mode": 33188,
      "new_path": "subprojects/flashupdate/src/ops/write.cpp"
    },
    {
      "type": "modify",
      "old_id": "bdc7d7e1878b1edc73de9286c7a981463ca093eb",
      "old_mode": 33188,
      "old_path": "subprojects/flashupdate/src/validator/cr51.cpp",
      "new_id": "8700aa36f08f091b674ab5322b699b575b037fc0",
      "new_mode": 33188,
      "new_path": "subprojects/flashupdate/src/validator/cr51.cpp"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "96369771803170fe28d39a3f8e3d1f7d9cf8573b",
      "new_mode": 33188,
      "new_path": "subprojects/flashupdate/src/validator/key_rotate_helper.cpp"
    },
    {
      "type": "modify",
      "old_id": "5ebd841ad78520b41063bc701372d581f3bbfab3",
      "old_mode": 33188,
      "old_path": "subprojects/flashupdate/test/meson.build",
      "new_id": "6ae4cb6841fecaca1fd299b751733bfab536dd21",
      "new_mode": 33188,
      "new_path": "subprojects/flashupdate/test/meson.build"
    },
    {
      "type": "modify",
      "old_id": "6e7bae9e3ebcd70b4731a5e38f3dd7525b1877a5",
      "old_mode": 33188,
      "old_path": "subprojects/flashupdate/test/ops/write.cpp",
      "new_id": "b1876f2f47ac5b76f9db99dab2fd583c8cee7afa",
      "new_mode": 33188,
      "new_path": "subprojects/flashupdate/test/ops/write.cpp"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "869e0dac1a0d8f1532503cf49e8b63bd1a3cdae0",
      "new_mode": 33188,
      "new_path": "subprojects/flashupdate/test/validator/cr51.cpp"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "308f0778710e61d02e69ce69e8906b4bb4e98238",
      "new_mode": 33188,
      "new_path": "subprojects/flashupdate/test/validator/key_rotate_helper.cpp"
    }
  ]
}