Guidance on sp9832e_1h10_gofu (Connected but receive 7e ver expected error)

[BenEdridge]

Hi there, great project.

I've attempted running spd_dump on Ubuntu 22.04 with configuration for a sp9832e_1h10_gofu device and using signed fdl1 and fdl2 obtained from a firmware dump but having issues.

I did the following:

1. Cloned and built the repo (Made sure to use libusb)
2. Ran spd_dump before boot mode
3. Removed charging cable
4. Held volume down and then inserted battery
5. Plugged charging cable back into device
6. Confirmed boot mode entered as below

usb 1-1: new full-speed USB device number 16 using xhci_hcd
usb 1-1: not running at top speed; connect to a high speed hub
usb 1-1: New USB device found, idVendor=1782, idProduct=4d00, bcdDevice=24.16
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
usb 1-1: Product: Gadget Serial
usb 1-1: Manufacturer: spreadtrum with musb-hdrc

When using spd_dump I get the following error:

./spd_dump \
	--verbose 2 \
	--wait 300 \
	keep_charge 1 \
	fdl fdl1-sign.bin 0x00005000 \
	fdl fdl2-sign.bin 0x9EFFFE00 \
	partition_list partition.xml \
	blk_size 0x2000 \
	read_part logo 0 8M logo.bmp \
	power_off
Waiting for connection (300s)
send (1):
7e                                               |~|
ver expected

This is similar to an issue raised earlier in: #2 but the differences is that 7e appears to be related to the HDLC_HEADER. So my assumptions are that I'd need to modify the communications to the device or perhaps build a custom fdl that suits the device?

Any suggestions or help would be much appreciated. Thanks.
I've also attached the BMA Configuration file obtained during a a flash.

sp9832e_1h10_xml.txt

[ilyakurdyukov]

This is the command sent to the phone:

send (1):
7e                                               |~|

spd_dump expects a version in response. But there's no answer.

[ilyakurdyukov]

Try running spd_dump first and then connecting the phone.

Please note that modprobe ftdi_sio method only works for feature phones. You need to build with libusb.

[CE1CECL]

I am suspecting an issue with FDL1, which well, I don't know, but how did you get the firmware? I cannot find it online anywhere. Either way, my FDL1 address is 0x5500 (notice the 2 fives not one), so if you are pulling a random FDL1, then I can try to build the FDL1 myself and send it to you with the modification. I do have the leaked BSP source code though I cannot re-share it online, to prevent me from getting DMCAs. However, if FDL1 source code is highly demanded I can try to send it out, but then again, DMCA.

[BenEdridge]

Thanks for the quick response. I've updated the description to provide additional details.

@ilyakurdyukov yes I was running spd_dump about 5-10 seconds before entering boot mode (which requires the battery to be removed and reinserted whilst holding the volume down key).

Perhaps I'll try some various combinations and timeouts. Do you have any suggestions?

@CE1CECL Original firmware was a paydroid file obtained from PAX and sent to me from a partner. I don't know much about the file type or format but I believe I was able to decrypt the file by attempting an update using the PAX PayDroid tool on Windows. This resulted in a temporary directory being extracted in AppData containing all files and an update to the device. I copied the temporary directory shown below and reviewed the firmware.

Original:

file PayDroid_8.1.0_Sagittarius_V11.1.56_20231107.paydroid
PayDroid_8.1.0_Sagittarius_V11.1.56_20231107.paydroid: RAR archive data, flags: EncryptedBlockHeader

$ file *
APV:                         ASCII text
boot.img:                    Android bootimg, kernel (0x8000), ramdisk (0x5400000), page size: 2048, cmdline (console=ttyS1,115200n8 buildvariant=user)
commit:                      ASCII text
fastboot_logo.bmp:           PC bitmap, Windows 3.x format, 480 x 320 x 24, image size 460800, resolution 2835 x 2835 px/m, cbSize 460854, bits offset 54
fdl1-sign.bin:               data
fdl2-sign.bin:               data
flash.cfg:                   ASCII text
logo.bmp:                    PC bitmap, Windows 3.x format, 480 x 320 x 24, image size 460800, resolution 2835 x 2835 px/m, cbSize 460854, bits offset 54
partition_SIG.bin:           data
PAX_Android_scatter_ppq.slp: ASCII text, with CRLF, LF line terminators
PAX_Android_scatter.txt:     ASCII text, with CRLF line terminators
PAX_SP_Monitor_SIG.bin:      data
persist.img:                 data
prodnv.img:                  Android sparse image, version: 1.0, Total of 1280 4096-byte output blocks in 10 input chunks.
recovery.img:                Android bootimg, kernel (0x8000), ramdisk (0x5400000), page size: 2048, cmdline (console=ttyS1,115200n8 buildvariant=user)
sml-sign.bin:                data
sp9832e_1h10.xml:            XML 1.0 document, ASCII text
system_SIG.img_sparse0:      Android sparse image, version: 1.0, Total of 384000 4096-byte output blocks in 141 input chunks.
system_SIG.img_sparse1:      Android sparse image, version: 1.0, Total of 384000 4096-byte output blocks in 507 input chunks.
system_SIG.img_sparse2:      Android sparse image, version: 1.0, Total of 384000 4096-byte output blocks in 602 input chunks.
system_SIG.img_sparse3:      Android sparse image, version: 1.0, Total of 384000 4096-byte output blocks in 314 input chunks.
system_SIG.img_sparse4:      Android sparse image, version: 1.0, Total of 384000 4096-byte output blocks in 148 input chunks.
system_SIG.img_sparse5:      Android sparse image, version: 1.0, Total of 384000 4096-byte output blocks in 240 input chunks.
system_SIG.img_sparse6:      Android sparse image, version: 1.0, Total of 384000 4096-byte output blocks in 202 input chunks.
tos-sign.bin:                data
u-boot-sign.bin:             data
u-boot-spl-16k-sign.bin:     data
vbmeta-sign.img:             data
vendor_SIG.img:              Android sparse image, version: 1.0, Total of 51200 4096-byte output blocks in 742 input chunks.

I have attached my original fdl1 and fdl2 from above and some of the interesting configuration files (flash.cfg, PAX_Android_scatter.txt) if you are interested.
I'm not sure I have enough experience to delve into the BSP source.

Regarding the FDL1 address I pulled this from the sp9832e_1h10.xml file attached. I tried both 0x5500 and 0x5000 both of which failed with the same error.

PayDroid_8.1.0_interesting_files.zip

[BenEdridge]

Update:

On further experimentation it appears I now have device connectivity by running adb reboot autodloader which rebooted the device into PAC AUTOLOADER MODE

I then used spd_dump and was able to further interact with the device. However, this may have removed the spl partition according to the comments in: TomKing062/CVE-2022-38694_unlock_bootloader#6 (comment) so perhaps created more work for me?

Running a similar command as before I get a lot more output but still receive an error as mentioned in the documentation already:

verbose 0:

Waiting for connection (300s)
BSL_REP_VER: "SPRD4:AutoD\0"
BSL_REP_VER: "SPRD4:AutoD\0"
FDL2: incompatible partition
unexpected response (0x00fe)

verbose 2:

<snip>

recv (8):
7e 00 80 00 00 ff 7f 7e                          |~......~|
send (8):
7e 00 03 00 00 ff fc 7e                          |~......~|
recv (8):
7e 00 80 00 00 ff 7f 7e                          |~......~|
send (8):
7e 00 04 00 00 ff fb 7e                          |~......~|
recv (16):
7e 00 96 00 08 01 00 00 00 01 00 00 00 fd 61 7e  |~.............a~|
FDL2: incompatible partition
send (8):
7e 00 2d 00 00 ff d2 7e                          |~.-....~|
recv (8):
7e 00 fe 00 00 ff 01 7e                          |~......~|
unexpected response (0x00fe)

[ilyakurdyukov]

0x2d means BSL_CMD_READ_PARTITION (this command lists partitions)
0xfe means BSL_REP_UNSUPPORTED_COMMAND

send (8):
7e 00 2d 00 00 ff d2 7e                          |~.-....~|
recv (8):
7e 00 fe 00 00 ff 01 7e                          |~......~|

Try other commands, your device may be too old and support fewer commands.

[BenEdridge]

Thanks @ilyakurdyukov that appeared to be the problem!

My device had issues with a number of commands (In this case it was partition_list).

I can now read:

./spd_dump --verbose 0 --wait 300 \
        fdl fdl1-sign.bin 0x00005000 \
        fdl fdl2-sign.bin 0x9EFFFE00 \
        read_part logo 0 5M logo.bmp \
        power_off
Waiting for connection (300s)
BSL_REP_VER: "SPRD4:AutoD\0"
BSL_REP_VER: "SPRD4:AutoD\0"
FDL2: incompatible partition
dump_partition: logo+0x0, target: 0x500000, read: 0x500000

Writing back the same logo.bmp from above seems to failed with a No Signature error on the device and a unexpected response (BSL_REP_OPERATION_FAILED) which appears to be related to the size of of the logo and possible padding/signatures 🤔

./spd_dump --verbose 0 --wait 300 \
        fdl fdl1-sign.bin 0x00005000 \
        fdl fdl2-sign.bin 0x9EFFFE00 \
        write_part logo logo.bmp \
        power_off
Waiting for connection (300s)
BSL_REP_VER: "SPRD4:AutoD\0"
BSL_REP_VER: "SPRD4:AutoD\0"
FDL2: incompatible partition
file size : 0x500000
Answer "yes" to confirm the "write partition" command: yes
unexpected response (0x0084)
load_partition: logo, target: 0x500000, written: 0x4ff000

However, taking another smaller signed image logo.bmp from an original firmware dump it writes and works as expected:

Waiting for connection (300s)
BSL_REP_VER: "SPRD4:AutoD\0"
BSL_REP_VER: "SPRD4:AutoD\0"
FDL2: incompatible partition
file size : 0x70952
Answer "yes" to confirm the "write partition" command: yes
load_partition: logo, target: 0x70952, written: 0x70952

My only challenge now is the vbmeta and signing bypass. Write appears to also fail when I write a magisk patched image.

[ilyakurdyukov]

You can try read_part user_partition 0 1M gpt.bin to get the raw partition table. Perhaps some of the sections that you are trying to rewrite don't exist, or they have different names, for example vbmeta_a and vbmeta_b instead of vbmeta. Don't forget to backup the original partitions.

[CE1CECL]

Do note that when you do the vbmeta bypass, you have to flash vbmeta first, before boot, else it will fail at the last sector

[BenEdridge]

Thanks @ilyakurdyukov my appears to not support the raw user_partition or something else is blocking it.

./spd_dump --verbose 0 --wait 300 \
        fdl fdl1-sign.bin 0x00005000 \
        fdl fdl2-sign.bin 0x9EFFFE00 \
        read_part user_partition 0 1M gpt.bin
Waiting for connection (300s)
BSL_REP_VER: "SPRD4:AutoD\0"
BSL_REP_VER: "SPRD4:AutoD\0"
FDL2: incompatible partition
unexpected response (0x0084)
dump_partition: user_partition+0x0, target: 0x100000, read: 0x0

I do however have access to the vbmeta partition but when I attempt what @CE1CECL suggested by flashing vbmeta I appear to get issues with signature verification of the vbmeta image itself. Flashing a single modified and signed vbmeta results in the last sector failing.

I guess it sounds like I need to work on getting this working for my device: TomKing062/CVE-2022-38694_unlock_bootloader#39

[CE1CECL]

Thanks @ilyakurdyukov my appears to not support the raw user_partition or something else is blocking it.

./spd_dump --verbose 0 --wait 300 \
        fdl fdl1-sign.bin 0x00005000 \
        fdl fdl2-sign.bin 0x9EFFFE00 \
        read_part user_partition 0 1M gpt.bin
Waiting for connection (300s)
BSL_REP_VER: "SPRD4:AutoD\0"
BSL_REP_VER: "SPRD4:AutoD\0"
FDL2: incompatible partition
unexpected response (0x0084)
dump_partition: user_partition+0x0, target: 0x100000, read: 0x0

I do however have access to the vbmeta partition but when I attempt what @CE1CECL suggested by flashing vbmeta I appear to get issues with signature verification of the vbmeta image itself. Flashing a single modified and signed vbmeta results in the last sector failing.

I guess it sounds like I need to work on getting this working for my device: TomKing062/CVE-2022-38694_unlock_bootloader#39

can you send your stock vbmeta an your attempted modified version?

[BenEdridge]

Sure, I followed the guide from: https://www.hovatek.com/forum/thread-32664.html with a basic script and some minor padding modifications. I've attempted both with and without flags (--flag 2).

#!/bin/sh

# Generate initial image
python3 ./avbtool-master.py make_vbmeta_image \
--internal_release_string 'avbtool 1.0.0' \
--algorithm SHA256_RSA2048 \
--key rsa2048_vbmeta.pem  \
--chain_partition boot:1:keys/rsa2048_vbmeta.bin \
--chain_partition recovery:2:keys/recovery_key.bin \
--chain_partition system:3:keys/system_key.bin \
--chain_partition vendor:4:keys/vendor_key.bin \
--chain_partition l_modem:5:keys/l_modem_key.bin \
--chain_partition l_ldsp:6:keys/l_ldsp_key.bin \
--chain_partition l_gdsp:7:keys/l_gdsp_key.bin \
--chain_partition pm_sys:8:keys/pm_sys_key.bin \
--chain_partition wcnmodem:9:keys/wcnmodem_key.bin \
--chain_partition gpsgl:10:keys/gpsgl_key.bin \
--chain_partition gpsbd:11:keys/l_gdsp_key.bin \
--output vbmeta-sign-custom.img \
--padding_size 8192

# Add padding to match original img
python3 ./vbmeta_pad.py

There are two stock files (One from using sprd_dump and the other extracted from the PayDroid_8.1.0_Sagittarius_V11.1.56_20231107 firmware archive file, they differ in padding only). Stock vbmeta consists of a DHTB header, padding and a signature I believe.

Using python3 ./avbtool.py info_image I can see the image is signed with SHA256_RSA2048.

I have attached stock, modified and the scripts I used in a vbmeta.zip file.

[CE1CECL]

Ill try to do it when i can but im having myself trying to reproduce it on my device, trying to flash back a full emmc backup with nothing but problems:

BSL_REP_VER: "SPRD3\0"
BSL_REP_VER: "Spreadtrum Boot Block version 1.1\0"
FDL2: incompatible partition
[0] prodnv, 10
[1] miscdata, 1
[2] recovery, 35
[3] misc, 1
[4] trustos, 6
[5] trustos_bak, 6
[6] sml, 1
[7] sml_bak, 1
[8] uboot, 1
[9] uboot_bak, 1
[10] uboot_log, 4
[11] logo, 4
[12] fbootlogo, 4
[13] l_fixnv1, 1
[14] l_fixnv2, 1
[15] l_runtimenv1, 1
[16] l_runtimenv2, 1
[17] gpsgl, 1
[18] gpsbd, 1
[19] wcnmodem, 10
[20] persist, 2
[21] l_modem, 25
[22] l_deltanv, 1
[23] l_gdsp, 10
[24] l_ldsp, 20
[25] pm_sys, 1
[26] boot, 35
[27] dtbo, 8
[28] super, 2700
[29] cache, 150
[30] socko, 75
[31] odmko, 25
[32] vbmeta, 1
[33] vbmeta_bak, 1
[34] sysdumpdb, 10
[35] metadata, 16
[36] vbmeta_system, 1
[37] vbmeta_vendor, 1
[38] UDC_config, 8
[39] userdata, -1
Answer "yes" to confirm the "repartition" command: file size : 0x3ff000
Answer "yes" to confirm the "write partition" command: load_partition: splloader, target: 0x3ff000, written: 0x3ff000
file size : 0x3ff000
Answer "yes" to confirm the "write partition" command: load_partition: splloader_bak, target: 0x3ff000, written: 0x3ff000
file size : 0x3a5c00000
Answer "yes" to confirm the "write partition" command: unexpected response (0x00a2)
load_partition: user_partition, target: 0x3a5c00000, written: 0x10000000
unexpected response (0x00a2)
root@HP-PAVILION-590:~/spreadtrum_flash# cat d.sh 
( ( clear ) && ( ( yes yes ) | "./spd_dump" keep_charge 1 fdl "fdl1.bin" 0x00005000 fdl "fdl2.bin" 0x9EFFFE00 repartition partitions.xml write_part splloader splloader.bin write_part splloader_bak splloader_bak.bin write_part user_partition user_partition.bin power_off ) )
root@HP-PAVILION-590:~/spreadtrum_flash# 

Cannot figure out what 0xa2 exactly is, anyone know?

[CE1CECL]

@BenEdridge I think I found your issue was with the python vb pad file that you had: https://github.com/CE1CECL/VBHelp/

[BenEdridge]

Sorry late reply. Thanks for looking @CE1CECL
I attempted to make use of your provided files to generate images and it still didn't work as expected.

I feel like perhaps I'm doing things the wrong way adb reboot autodloader which then presents itself as BSL_REP_VER: "SPRD4:AutoD\0"

From above I can see you have BSL_REP_VER: "SPRD3\0" so it looks like we are already doing a slightly different process.

It seems the key combination to enter "SPRD3" is incorrect or somehow this functionality is disabled.

What keys do you use?

[CE1CECL]

Sorry late reply. Thanks for looking @CE1CECL I attempted to make use of your provided files to generate images and it still didn't work as expected.

I feel like perhaps I'm doing things the wrong way adb reboot autodloader which then presents itself as BSL_REP_VER: "SPRD4:AutoD\0"

From above I can see you have BSL_REP_VER: "SPRD3\0" so it looks like we are already doing a slightly different process.

It seems the key combination to enter "SPRD3" is incorrect or somehow this functionality is disabled.

What keys do you use?

I held down the volume down key, but it if i delete splloader & splloader_bak, it auto enters the same mode (it works better with battery removed but it didnt matter.)

[CE1CECL]

@BenEdridge I tested you VBMeta images in that zip (all this time later, I know) with this repo to see if it would have the private key changed, and sure enough, that hovatek guide won't work, the key was changed (unlike my C00070WW), meaning you probably won't be making strong integrity like I did (see: herzhenr/spic-android#12), unlock, or even boot Magisk or other images.
EDIT: I tested that with the private keys found here which are the same keys hovatek shares on their site (but the downloads on hovatek rename the file to their branding, but its the same content/key)
Results:

root@LenovoLegionT5:~/test_avb_key# python3 test_avb_key.py /home/ce1cecl/VBHelp/BenEdridge/1/vbmeta.img /home/ce1cecl/avb/test/data/
Opening vbmeta file: /home/ce1cecl/VBHelp/BenEdridge/1/vbmeta.img

Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_pik.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_prk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_psk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_puk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa2048.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa4096.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa8192.pem. Public key not found in vbmeta.img file. That's good.
No issues were found with /home/ce1cecl/VBHelp/BenEdridge/1/vbmeta.img
root@LenovoLegionT5:~/test_avb_key# python3 test_avb_key.py /home/ce1cecl/VBHelp/BenEdridge/0/vbmeta.img /home/ce1cecl/avb/test/data/
Opening vbmeta file: /home/ce1cecl/VBHelp/BenEdridge/0/vbmeta.img

Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_pik.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_prk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_psk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_puk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa2048.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa4096.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa8192.pem. Public key not found in vbmeta.img file. That's good.
No issues were found with /home/ce1cecl/VBHelp/BenEdridge/0/vbmeta.img
root@LenovoLegionT5:~/test_avb_key# 

On my C0070WW (Stock) (It seems like the _key.bin files are changing on every OTA, and therefore, some of the keys are different on each OTA):
Update: The keys for vbmeta_system and vbmeta_vendor on the C00070WW seem to change on every OTA, as well as a couple of other things (the extracted *_key.bin files change too), only the private key of vbmeta & vbmeta_bak (which is the same content backup partiton of vbmeta) that stays the same.

root@LenovoLegionT5:~/test_avb_key# python3 test_avb_key.py /m/f/C0070/vbmeta.bin /home/ce1cecl/avb/test/data/
Opening vbmeta file: /m/f/C0070/vbmeta.bin

Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_pik.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_prk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_psk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_puk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa2048.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa4096.pem. Public key found at index: 13336
If the script was executed on a vbmeta.img file from an Android user build, there is a problem.
root@LenovoLegionT5:~/test_avb_key# python3 test_avb_key.py /m/f/C0070/vbmeta_bak.bin /home/ce1cecl/avb/test/data/
Opening vbmeta file: /m/f/C0070/vbmeta_bak.bin

Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_pik.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_prk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_psk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_puk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa2048.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa4096.pem. Public key found at index: 13336
If the script was executed on a vbmeta.img file from an Android user build, there is a problem.
root@LenovoLegionT5:~/test_avb_key# python3 test_avb_key.py /m/f/C0070/vbmeta_system.bin /home/ce1cecl/avb/test/data/
Opening vbmeta file: /m/f/C0070/vbmeta_system.bin

Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_pik.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_prk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_psk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_puk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa2048.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa4096.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa8192.pem. Public key not found in vbmeta.img file. That's good.
No issues were found with /m/f/C0070/vbmeta_system.bin
root@LenovoLegionT5:~/test_avb_key# python3 test_avb_key.py /m/f/C0070/vbmeta_vendor.bin /home/ce1cecl/avb/test/data/
Opening vbmeta file: /m/f/C0070/vbmeta_vendor.bin

Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_pik.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_prk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_psk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_puk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa2048.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa4096.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa8192.pem. Public key not found in vbmeta.img file. That's good.
No issues were found with /m/f/C0070/vbmeta_vendor.bin
root@LenovoLegionT5:~/test_avb_key# 

On my C0070WW (Rooted + super partition modded):

root@LenovoLegionT5:~/test_avb_key# python3 test_avb_key.py /VBMetaKeysExtractor/vbmeta.nib /home/ce1cecl/avb/test/data/
Opening vbmeta file: /VBMetaKeysExtractor/vbmeta.nib

Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_pik.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_prk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_psk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_puk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa2048.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa4096.pem. Public key found at index: 936
If the script was executed on a vbmeta.img file from an Android user build, there is a problem.
root@LenovoLegionT5:~/test_avb_key# python3 test_avb_key.py /VBMetaKeysExtractor/vbmeta_bak.nib /home/ce1cecl/avb/test/data/
Opening vbmeta file: /VBMetaKeysExtractor/vbmeta_bak.nib

Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_pik.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_prk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_psk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_puk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa2048.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa4096.pem. Public key found at index: 936
If the script was executed on a vbmeta.img file from an Android user build, there is a problem.
root@LenovoLegionT5:~/test_avb_key# python3 test_avb_key.py /VBMetaKeysExtractor/vbmeta_system.nib /home/ce1cecl/avb/test/data/
Opening vbmeta file: /VBMetaKeysExtractor/vbmeta_system.nib

Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_pik.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_prk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_psk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_puk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa2048.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa4096.pem. Public key found at index: 1944
If the script was executed on a vbmeta.img file from an Android user build, there is a problem.
root@LenovoLegionT5:~/test_avb_key# python3 test_avb_key.py /VBMetaKeysExtractor/vbmeta_vendor.nib /home/ce1cecl/avb/test/data/
Opening vbmeta file: /VBMetaKeysExtractor/vbmeta_vendor.nib

Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_pik.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_prk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_psk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_cert_puk.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa2048.pem. Public key not found in vbmeta.img file. That's good.
Using known private key for verification: /home/ce1cecl/avb/test/data/testkey_rsa4096.pem. Public key found at index: 1232
If the script was executed on a vbmeta.img file from an Android user build, there is a problem.
root@LenovoLegionT5:~/test_avb_key# 

(I use this command to repack my rom when I need to change it):
clear && rm -rf testkey_rsa4096_key.nib vbmeta.nib vbmeta_bak.nib vbmeta_system.nib vbmeta_vendor.nib && ./linux-x86/bin/avbtool extract_public_key --key testkey_rsa4096.pem --output testkey_rsa4096_key.bin && ./linux-x86/bin/avbtool add_hashtree_footer --key testkey_rsa4096.pem --algorithm NONE --rollback_index 0 --flags 0 --prop com.android.build.product.os_version:10 --prop com.android.build.product.security_patch:2020-11-05 --hash_algorithm sha1 --partition_name product --image product.nib && ./linux-x86/bin/avbtool add_hashtree_footer --key testkey_rsa4096.pem --algorithm NONE --rollback_index 0 --flags 0 --prop com.android.build.vendor.os_version:10 --prop com.android.build.vendor.security_patch:2020-11-05 --hash_algorithm sha1 --partition_name vendor --image vendor.nib && ./linux-x86/bin/avbtool add_hashtree_footer --key testkey_rsa4096.pem --algorithm SHA256_RSA4096 --rollback_index 0 --flags 0 --hash_algorithm sha1 --partition_name system --image system.nib --generate_dm_verity_cmdline_from_hashtree system.bin && ./linux-x86/bin/avbtool make_vbmeta_image --key testkey_rsa4096.pem --algorithm SHA256_RSA4096 --flags 0 --padding_size 16384 --output vbmeta.nib --chain_partition boot:1:testkey_rsa4096_key.bin --chain_partition dtbo:9:dtbo_key.bin --chain_partition recovery:2:testkey_rsa4096_key.bin --chain_partition socko:10:socko_key.bin --chain_partition odmko:11:odmko_key.bin --chain_partition vbmeta_system:3:testkey_rsa4096_key.bin --chain_partition vbmeta_vendor:4:testkey_rsa4096_key.bin --chain_partition l_modem:5:l_modem_key.bin --chain_partition l_ldsp:6:l_ldsp_key.bin --chain_partition l_gdsp:7:l_gdsp_key.bin --chain_partition pm_sys:8:pm_sys_key.bin && ./linux-x86/bin/avbtool add_hash_footer --partition_size 36700160 --key testkey_rsa4096.pem --algorithm SHA256_RSA4096 --image boot.nib --partition_name boot && ./linux-x86/bin/avbtool add_hash_footer --partition_size 36700160 --key testkey_rsa4096.pem --algorithm SHA256_RSA4096 --image recovery.nib --partition_name recovery && ./linux-x86/bin/lpmake --metadata-size 65536 --super-name super --metadata-slots 2 --device super:$(stat --printf="%s" "./super.bin") --group main:$((stat --printf="%s" "./system.nib" && echo -n "+" && stat --printf="%s" "./vendor.nib" && echo -n "+" && stat --printf="%s" "./product.nib" && echo "")|bc) --partition system:none:$(stat --printf="%s" "./system.nib"):main --image system="./system.nib" --partition vendor:none:$(stat --printf="%s" "./vendor.nib"):main --image vendor="./vendor.nib" --partition product:none:$(stat --printf="%s" "./product.nib"):main --image product="./product.nib" --output "./super.nib" && ./linux-x86/bin/avbtool make_vbmeta_image --padding_size 16384 --key testkey_rsa4096.pem --algorithm SHA256_RSA4096 --flags 0 --output vbmeta_vendor.nib --include_descriptors_from_image vendor.nib && ./linux-x86/bin/avbtool make_vbmeta_image --padding_size 16384 --key testkey_rsa4096.pem --algorithm SHA256_RSA4096 --flags 0 --output vbmeta_system.nib --include_descriptors_from_image product.nib --include_descriptors_from_image system.nib && python3 vbmeta_pad_16384.py && python3 vbmeta_system_pad_16384.py && python3 vbmeta_vendor_pad_16384.py && cp -rf vbmeta.nib vbmeta_bak.nib
Uncompressed version of that command:

 clear 
 rm -rf testkey_rsa4096_key.nib vbmeta.nib vbmeta_bak.nib vbmeta_system.nib vbmeta_vendor.nib 
 ./linux-x86/bin/avbtool extract_public_key --key testkey_rsa4096.pem --output testkey_rsa4096_key.bin 
 ./linux-x86/bin/avbtool add_hashtree_footer --key testkey_rsa4096.pem --algorithm NONE --rollback_index 0 --flags 0 --prop com.android.build.product.os_version:10 --prop com.android.build.product.security_patch:2020-11-05 --hash_algorithm sha1 --partition_name product --image product.nib 
 ./linux-x86/bin/avbtool add_hashtree_footer --key testkey_rsa4096.pem --algorithm NONE --rollback_index 0 --flags 0 --prop com.android.build.vendor.os_version:10 --prop com.android.build.vendor.security_patch:2020-11-05 --hash_algorithm sha1 --partition_name vendor --image vendor.nib 
 ./linux-x86/bin/avbtool add_hashtree_footer --key testkey_rsa4096.pem --algorithm SHA256_RSA4096 --rollback_index 0 --flags 0 --hash_algorithm sha1 --partition_name system --image system.nib --generate_dm_verity_cmdline_from_hashtree system.bin 
 ./linux-x86/bin/avbtool make_vbmeta_image --key testkey_rsa4096.pem --algorithm SHA256_RSA4096 --flags 0 --padding_size 16384 --output vbmeta.nib --chain_partition boot:1:testkey_rsa4096_key.bin --chain_partition dtbo:9:dtbo_key.bin --chain_partition recovery:2:testkey_rsa4096_key.bin --chain_partition socko:10:socko_key.bin --chain_partition odmko:11:odmko_key.bin --chain_partition vbmeta_system:3:testkey_rsa4096_key.bin --chain_partition vbmeta_vendor:4:testkey_rsa4096_key.bin --chain_partition l_modem:5:l_modem_key.bin --chain_partition l_ldsp:6:l_ldsp_key.bin --chain_partition l_gdsp:7:l_gdsp_key.bin --chain_partition pm_sys:8:pm_sys_key.bin 
 ./linux-x86/bin/avbtool add_hash_footer --partition_size 36700160 --key testkey_rsa4096.pem --algorithm SHA256_RSA4096 --image boot.nib --partition_name boot 
 ./linux-x86/bin/avbtool add_hash_footer --partition_size 36700160 --key testkey_rsa4096.pem --algorithm SHA256_RSA4096 --image recovery.nib --partition_name recovery 
 ./linux-x86/bin/lpmake --metadata-size 65536 --super-name super --metadata-slots 2 --device super:$(stat --printf="%s" "./super.bin") --group main:$((stat --printf="%s" "./system.nib" 
 echo -n "+" 
 stat --printf="%s" "./vendor.nib" 
 echo -n "+" 
 stat --printf="%s" "./product.nib" 
 echo "")|bc) --partition system:none:$(stat --printf="%s" "./system.nib"):main --image system="./system.nib" --partition vendor:none:$(stat --printf="%s" "./vendor.nib"):main --image vendor="./vendor.nib" --partition product:none:$(stat --printf="%s" "./product.nib"):main --image product="./product.nib" --output "./super.nib" 
 ./linux-x86/bin/avbtool make_vbmeta_image --padding_size 16384 --key testkey_rsa4096.pem --algorithm SHA256_RSA4096 --flags 0 --output vbmeta_vendor.nib --include_descriptors_from_image vendor.nib 
 ./linux-x86/bin/avbtool make_vbmeta_image --padding_size 16384 --key testkey_rsa4096.pem --algorithm SHA256_RSA4096 --flags 0 --output vbmeta_system.nib --include_descriptors_from_image product.nib --include_descriptors_from_image system.nib 
 python3 vbmeta_pad_16384.py 
 python3 vbmeta_system_pad_16384.py 
 python3 vbmeta_vendor_pad_16384.py 
 cp -rf vbmeta.nib vbmeta_bak.nib 

Public Keys from vbmeta images (with this tool):

root@LenovoLegionT5:~/vbmeta-extract-pubkey# cat C0070WW_vbmeta_bak.pem 
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2ASv49OEbH4NiT3CjNMS
VeliyfEPXswWcqtEfCxlSpS1FisAuwbvEwdTTPlkuSh6G4SYiNhnpCP5p0vcSg/3
OhiuVKgV/rCtrDXaO60nvK/o0y83NNZRK2xaJ9eWBq9ruIDK+jC0sYWzTaqqwxY0
Grjnx/r5CXerl5PrRK7PILzwgBHbIwxHcblt1ntgR4cWVpO3wiqasEwBDDDYk4fw
7W6LvjBb9qav3YB8RV6PkZNeRP64ggfuecq/MXNiWOPNxLzCER2hSr/+J32h9jWj
XsrcVy8+8Mldhmr4r2an7c247aFfupuFGtUJrpROO8/LXMl5gPfMpkqoatjTMRH5
9gJjKhot0RpmGxZBvb33TcBK5SdJX39Y4yct5clmDlI4Fjj7FutTP+b96aJeJVnY
eUX/A0wmogBajsJRoRX5e/RcgZsYRzXYLQXprQ81dBWjjovMJ9p8XeT6BNMFC7o6
sklFL0fHDUE/l4BNP8G1u3BfpzevSCISRS71D4eS4oQB+RIPFBUkzomZ7rnEF3Bw
Feq+xmwfYrP0LRaH+1YeRauuMuReke1TZl697a3mEjkNg8noa2wtpe7EWmaujJfX
DWxJx/XEkjGLCe4z2qk3tkkY+A5gRcgzke8gVxC+eC2DJtbKYfkv4L8FMFJaEhwA
p13MfC7FlYujO/BDLl7dANsCAwEAAQ==
-----END PUBLIC KEY-----
root@LenovoLegionT5:~/vbmeta-extract-pubkey# cat C0070WW_vbmeta.pem
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2ASv49OEbH4NiT3CjNMS
VeliyfEPXswWcqtEfCxlSpS1FisAuwbvEwdTTPlkuSh6G4SYiNhnpCP5p0vcSg/3
OhiuVKgV/rCtrDXaO60nvK/o0y83NNZRK2xaJ9eWBq9ruIDK+jC0sYWzTaqqwxY0
Grjnx/r5CXerl5PrRK7PILzwgBHbIwxHcblt1ntgR4cWVpO3wiqasEwBDDDYk4fw
7W6LvjBb9qav3YB8RV6PkZNeRP64ggfuecq/MXNiWOPNxLzCER2hSr/+J32h9jWj
XsrcVy8+8Mldhmr4r2an7c247aFfupuFGtUJrpROO8/LXMl5gPfMpkqoatjTMRH5
9gJjKhot0RpmGxZBvb33TcBK5SdJX39Y4yct5clmDlI4Fjj7FutTP+b96aJeJVnY
eUX/A0wmogBajsJRoRX5e/RcgZsYRzXYLQXprQ81dBWjjovMJ9p8XeT6BNMFC7o6
sklFL0fHDUE/l4BNP8G1u3BfpzevSCISRS71D4eS4oQB+RIPFBUkzomZ7rnEF3Bw
Feq+xmwfYrP0LRaH+1YeRauuMuReke1TZl697a3mEjkNg8noa2wtpe7EWmaujJfX
DWxJx/XEkjGLCe4z2qk3tkkY+A5gRcgzke8gVxC+eC2DJtbKYfkv4L8FMFJaEhwA
p13MfC7FlYujO/BDLl7dANsCAwEAAQ==
-----END PUBLIC KEY-----
root@LenovoLegionT5:~/vbmeta-extract-pubkey# cat C0070WW_vbmeta_system.pem
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyf3xyHr6aTw61EYNpFSr
sXXcjZKHnvcuw7F/ZQcHHLfgjGQfbhGkoLsFKahDG69jI3VoKlMFCE7nAECPhsu2
EXfCLFWVaAsHPIGnzVpY0fDv+7Hs47bjtNrHhweIq247ugn/qVixJ6QIVlk1Wzj9
uSlrjqG5yWb34l7gdMTraME+OebZIQpRNW+PKvXBSjNfjkg0NrLbf17r640YRTYu
os5l4faWgdCRtMZTKeWbTt2Po/cT69KpA+PtGK3j1nPWFroV8IXfqBdrlJyyi0aD
wNIcDe2xnk4NzwG4rVXw2e5s12m6IFHIMIDca99FJ0k4z3ITJxqMIRcRZoGXdafG
fHtvAYOzGt4ANkv34Jx5x1K+cQphTLA8uYFsp5a0w2zmuNIPNLVwB8jTCDAehhnF
FPF9sD6VZJl1gm3/A+cw4wU+GvOC6IFutsandJxZkn6gbHJOghA04SUOZstUB5V9
0hgS2IIyeyHtkj6k8O0hBRO0FpQ/xEa3VW3Be3T82+mVQbJrzCrv/RHdVAes/1Oa
vmoh6gwlD2xw3raqYuyPn7PsTK/XlmFoCZs4wIe/BrLr0QezISD5YqEfchsX00cs
8ahLpV6t97mgnbBMOJTv1Ryt75XRVm+PBnZp5RkseyYix0DCcfA+V/rAucBe4clt
NjlcD6JFrFYi4TsLNL2kd7MCAwEAAQ==
-----END PUBLIC KEY-----
root@LenovoLegionT5:~/vbmeta-extract-pubkey# cat C0070WW_vbmeta_vendor.pem
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvCI/7W5k0WU6aM/fXKjg
IEiVHmb7FRCUze3gPrBzq9RZn8HfzpVEw3xNg/PaIzZ/3kCYsFdQ3J9yRXoh9tEN
E7bxaoRqzNgxntce+22vwNYB7MgaVVdc3ZWU7zt4qLmiM+BunAKpIWbnOPu48e63
fPJLOvNmgrWnr88kee+lagfQHuSagrGuAbb7HQ/z2NY4s/zqsRGRVK4IGKdSJzGB
I9nvWSms/JvNxNbcWxsy5O+LaFIu7el+PCCyO6ccdw40Xnr+O1T33PKgLxjM5iNd
Ji6YwHNpObtVpj5+Y6FedK/6eJBwmfvHYgr+n5jfOjOGHUR+IwDVIqccrWw1LWap
7z5FwB4LRBjAoQo9PETTYwjKD8NOTIeqkRNUVUnM5UDwwnUpU6L0V3T3OqWJKGLc
sYWWSQj4y05lu+2CPTUfBUk83dYSSkhnRJXtJuSLxhYH6YOx+mCwtoso1b4FsLz7
J2SasYQQCBkGDJLKRqZDyfvacFpRoNFC8H23zQeuqr6RWrO2M3QdON9JVi/N/JRG
0PsKtu8gk70s0zl+FcwkQ3PJxaMykshqgmYHE8KRpad1Ez3KS7GCtTb3L5YJ+ZBh
I951n/1rr9nFvm1+9+QOSvTcqVakgbiCJXTtsybMeSNEx4g9fxv4r9t6WIwaftCu
9iKwKoZpbyjp1MHUEMPnp10CAwEAAQ==
-----END PUBLIC KEY-----
root@LenovoLegionT5:~/vbmeta-extract-pubkey# cat VBHelp_BenEdridge_0_vbmeta.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA58XquNqlqDsUOsIHphUR
8ln2BYg9TaGDBTRh+7C7+epOev7vxakWaBPgtJmtI8WjvCYAmu0a/RJqgPW3lb+f
n0cBXxQvJvtVfpimLF8y7g0jLMddDK7qggWUU0+2Pe5GNW/jH4ehCVMLmDi9/13x
KDnPrlhZTzKwzZI/sOZD4aOWPlL45KUS6NfPwBieh53sE1fohziYwqBhROVn2gDU
nmq1i+nOZNftZ2oAH394cTHzL5/15ZGIo62N7XlcNaDIRz5WQe8RFVOnEzWHq6ML
Qt6Dyc+sZ8VoBVQqD++sgGvP89eA/nI3DBHjzkbAO4o19UqkcHOiLh1KlqhqEjJz
VwIDAQAB
-----END PUBLIC KEY-----
root@LenovoLegionT5:~/vbmeta-extract-pubkey# cat VBHelp_BenEdridge_1_vbmeta.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA58XquNqlqDsUOsIHphUR
8ln2BYg9TaGDBTRh+7C7+epOev7vxakWaBPgtJmtI8WjvCYAmu0a/RJqgPW3lb+f
n0cBXxQvJvtVfpimLF8y7g0jLMddDK7qggWUU0+2Pe5GNW/jH4ehCVMLmDi9/13x
KDnPrlhZTzKwzZI/sOZD4aOWPlL45KUS6NfPwBieh53sE1fohziYwqBhROVn2gDU
nmq1i+nOZNftZ2oAH394cTHzL5/15ZGIo62N7XlcNaDIRz5WQe8RFVOnEzWHq6ML
Qt6Dyc+sZ8VoBVQqD++sgGvP89eA/nI3DBHjzkbAO4o19UqkcHOiLh1KlqhqEjJz
VwIDAQAB
-----END PUBLIC KEY-----
root@LenovoLegionT5:~/vbmeta-extract-pubkey# 

My Private & Public keys:

root@LenovoLegionT5:~/avb/test/data# cat testkey_rsa4096.pem 
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEA2ASv49OEbH4NiT3CjNMSVeliyfEPXswWcqtEfCxlSpS1FisA
uwbvEwdTTPlkuSh6G4SYiNhnpCP5p0vcSg/3OhiuVKgV/rCtrDXaO60nvK/o0y83
NNZRK2xaJ9eWBq9ruIDK+jC0sYWzTaqqwxY0Grjnx/r5CXerl5PrRK7PILzwgBHb
IwxHcblt1ntgR4cWVpO3wiqasEwBDDDYk4fw7W6LvjBb9qav3YB8RV6PkZNeRP64
ggfuecq/MXNiWOPNxLzCER2hSr/+J32h9jWjXsrcVy8+8Mldhmr4r2an7c247aFf
upuFGtUJrpROO8/LXMl5gPfMpkqoatjTMRH59gJjKhot0RpmGxZBvb33TcBK5SdJ
X39Y4yct5clmDlI4Fjj7FutTP+b96aJeJVnYeUX/A0wmogBajsJRoRX5e/RcgZsY
RzXYLQXprQ81dBWjjovMJ9p8XeT6BNMFC7o6sklFL0fHDUE/l4BNP8G1u3Bfpzev
SCISRS71D4eS4oQB+RIPFBUkzomZ7rnEF3BwFeq+xmwfYrP0LRaH+1YeRauuMuRe
ke1TZl697a3mEjkNg8noa2wtpe7EWmaujJfXDWxJx/XEkjGLCe4z2qk3tkkY+A5g
Rcgzke8gVxC+eC2DJtbKYfkv4L8FMFJaEhwAp13MfC7FlYujO/BDLl7dANsCAwEA
AQKCAgAWoL8P/WsktjuSwb5sY/vKtgzcHH1Ar942GsysuTXPDy686LpF3R8T/jNy
n7k2UBAia8xSoWCR6BbRuHeV5oA+PLGeOpE7QaSfonB+yc+cy0x3Or3ssfqEsu/q
toGHp75/8DXS6WE0K04x94u1rdC9b9sPrrGBlWCLGzqM0kbuJfyHXdd3n2SofAUO
b5QRSgxD+2tHUpEroHqHnWJCaf4J0QegX45yktlfOYNK/PHLDQXV8ly/ejc32M4Y
Tv7hUtOOJTuq8VCg9OWZm2Zo1QuM9XEJTPCp5l3+o5vzO6yhk2gotDvD32CdA+3k
tLJRP54M1Sn+IXb1gGKN9rKAtGJbenWIPlNObhQgkbwG89Qd+5rfMXsiPv1Hl1tK
+tqwjD82/H3/ElaaMnwHCpeoGSp95OblAoBjzjMP2KsbvKSdL8O/rf1c3uOw9+DF
cth0SA8y3ZzI11gJtb2QMGUrCny5n4sPGGbc3x38NdLhwbkPKZy60OiT4g2kNpdY
dIitmAML2otttiF4AJM6AraPk8YVzkPLTksoL3azPBya5lIoDI2H3QvTtSvpXkXP
yKchsDSWYbdqfplqC/X0Djp2/Zd8jpN5I6+1aSmpTmbwx/JTllY1N89FRZLIdxoh
2k81LPiXhE6uRbjioJUlbnEWIpY2y2N2Clmxpjh0/IcXd1XImQKCAQEA7Zai+yjj
8xit24aO9Tf3mZBXBjSaDodjC2KS1yCcAIXp6S7aH0wZipyZpQjys3zaBQyMRYFG
bQqIfVAa6inWyDoofbAJHMu5BVcHFBPZvSS5YhDjc8XZ5dqSCxzIz9opIqAbm+b4
aEV/3A3Jki5Dy8y/5j21GAK4Y4mqQOYzne7bDGi3Hyu041MGM4qfIcIkS5N1eHW4
sDZJh6+K5tuxN5TX3nDZSpm9luNH8mLGgKAZ15b1LqXAtM5ycoBY9Hv082suPPom
O+r0ybdRX6nDSH8+11y2KiP2kdVIUHCGkwlqgrux5YZyjCZPwOvEPhzSoOS+vBiF
UVXA8idnxNLk1QKCAQEA6MIihDSXx+350fWqhQ/3Qc6gA/t2C15JwJ9+uFWA+gjd
c/hn5HcmnmBJN4R04nLG/aU9SQur87a4mnC/Mp9JIARjHlZ/WNT4U0sJyPEVRg5U
Z9VajAucWwi0JyJYCO1EMMy68Jp8qlTriK/L7nbD86JJ5ASxjojiN/0psK/Pk60F
Rr+shKPi3jRQ1BDjDtAxOfo4ctf/nFbUM4bY0FNPQMP7WesoSKU0NBCRR6d0d2tq
YflMjIQHx+N74P5jEdSCHTVGQm+dj47pUt3lLPLWc0bX1G/GekwXP4NUsR/70Hsi
bwxkNnK2TSGzkt2rcOnutP125rJu6WpV7SNrq9rm7wKCAQAfMROcnbWviKHqnDPQ
hdR/2K9UJTvEhInASOS2UZWpi+s1rez9BuSjigOx4wbaAZ4t44PW7C3uyt84dHfU
HkIQb3I5bg8ENMrJpK9NN33ykwuzkDwMSwFcZ+Gci97hSubzoMl/IkeiiN1MapL4
GhLUgsD+3UMVL+Y9SymK8637IgyoCGdiND6/SXsa8SwLJo3VTjqx4eKpX7cvlSBL
RrRxc50TmwUsAhsd4CDl9YnSATLjVvJBeYlfM2tbFPaYwl1aR8v+PWkfnK0efm60
fHki33HEnGteBPKuGq4vwVYpn6bYGwQz+f6335/A2DMfZHFSpjVURHPcRcHbCMla
0cUxAoIBAQC25eYNkO478mo+bBbEXJlkoqLmvjAyGrNFo48F9lpVH6Y0vNuWkXJN
PUgLUhAu6RYotjGENqG17rz8zt/PPY9Ok2P3sOx8t00y1mIn/hlDZXs55FM0fOMu
PZaiscAPs7HDzvyOmDah+fzi+ZD8H2M3DS2W+YE0iaeJa2vZJS2t02W0BGXiDI33
IZDqMyLYvwwPjOnShJydEzXID4xLl0tNjzLxo3GSNA7jYqlmbtV8CXIc7rMSL6WV
ktIDKKJcnmpn3TcKeX6MEjaSIT82pNOS3fY3PmXuL+CMzfw8+u77Eecq78fHaTiL
P5JGM93F6mzi19EY0tmInUBMCWtQLcENAoIBAQCg0KaOkb8T36qzPrtgbfou0E2D
ufdpL1ugmD4edOFKQB5fDFQhLnSEVSJq3KUg4kWsXapQdsBd6kLdxS+K6MQrLBzr
4tf0c7UCF1AzWk6wXMExZ8mRb2RkGZYQB2DdyhFB3TPmnq9CW8JCq+6kxg/wkU4s
vM4JXzgcqVoSf42QJl+B9waeWhg0BTWx01lal4ds88HvEKmE0ik5GwiDbr7EvDDw
E6UbZtQcIoSTIIZDgYqVFfR2DAho3wXJRsOXh433lEJ8X7cCDzrngFbQnlKrpwML
Xgm0SIUc+Nf5poMM3rfLFK77t/ob4w+5PwRKcoSniyAxrHd6bwykYA8Vuydv
-----END RSA PRIVATE KEY-----
root@LenovoLegionT5:~/avb/test/data# openssl rsa -in testkey_rsa4096.pem -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2ASv49OEbH4NiT3CjNMS
VeliyfEPXswWcqtEfCxlSpS1FisAuwbvEwdTTPlkuSh6G4SYiNhnpCP5p0vcSg/3
OhiuVKgV/rCtrDXaO60nvK/o0y83NNZRK2xaJ9eWBq9ruIDK+jC0sYWzTaqqwxY0
Grjnx/r5CXerl5PrRK7PILzwgBHbIwxHcblt1ntgR4cWVpO3wiqasEwBDDDYk4fw
7W6LvjBb9qav3YB8RV6PkZNeRP64ggfuecq/MXNiWOPNxLzCER2hSr/+J32h9jWj
XsrcVy8+8Mldhmr4r2an7c247aFfupuFGtUJrpROO8/LXMl5gPfMpkqoatjTMRH5
9gJjKhot0RpmGxZBvb33TcBK5SdJX39Y4yct5clmDlI4Fjj7FutTP+b96aJeJVnY
eUX/A0wmogBajsJRoRX5e/RcgZsYRzXYLQXprQ81dBWjjovMJ9p8XeT6BNMFC7o6
sklFL0fHDUE/l4BNP8G1u3BfpzevSCISRS71D4eS4oQB+RIPFBUkzomZ7rnEF3Bw
Feq+xmwfYrP0LRaH+1YeRauuMuReke1TZl697a3mEjkNg8noa2wtpe7EWmaujJfX
DWxJx/XEkjGLCe4z2qk3tkkY+A5gRcgzke8gVxC+eC2DJtbKYfkv4L8FMFJaEhwA
p13MfC7FlYujO/BDLl7dANsCAwEAAQ==
-----END PUBLIC KEY-----
root@LenovoLegionT5:~/avb/test/data# 

What should be YOUR private & public key (but is not, only here for reference):

root@LenovoLegionT5:~/avb/test/data# cat testkey_rsa2048.pem 
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAxlVR3TIkouAOvH79vaJTgFhpfvVKQIeVkFRZPVXK/zY0Gvrh
4JAqGjJoW/PfrQv5sdD36qtHH3a+G5hLZ6Ni+t/mtfjucxZfuLGC3kmJ1T3XqEKZ
gXXI2IR7vVSoImREvDQGEDyJwtHzLANlkbGg0cghVhWZSCAndO8BenalC2v94/rt
DfkPekH6dgU3Sf40T0sBSeSY94mOzTaqOR2pfV1rWlLRdWmo33zeHBv52Rlbt0dM
uXAureXWiHztkm5GCBC1dgM+CaxNtizNEgC91KcD0xuRCCM2WxH+r1lpszyIJDct
YbrFmVEYl/kjQpafhy7Nsk1fqSTyRdriZSYmTQIDAQABAoIBAQC+kJgaCuX8wYAn
SXWQ0fmdZlXnMNRpcF0a0pD0SAzGb1RdYBXMaXiqtyhiwc53PPxsCDdNecjayIMd
jJVXPTwLhTruOgMS/bp3gcgWwV34UHV4LJXGOGAE+jbS0hbDBMiudOYmj6RmVshp
z9G1zZCSQNMXHaWsEYkX59XpzzoB384nRul2QgEtwzUNR9XlpzgtJBLk3SACkvsN
mQ/DW8IWHXLg8vLn1LzVJ2e3B16H4MoE2TCHxqfMgr03IDRRJogkenQuQsFhevYT
o/mJyHSWavVgzMHG9I5m+eepF4Wyhj1Y4WyKAuMI+9dHAX/h7Lt8XFCQCh5DbkVG
zGr34sWBAoGBAOs7n7YZqNaaguovfIdRRsxxZr1yJAyDsr6w3yGImDZYju4c4WY9
5esO2kP3FA4p0c7FhQF5oOb1rBuHEPp36cpL4aGeK87caqTfq63WZAujoTZpr9Lp
BRbkL7w/xG7jpQ/clpA8sHzHGQs/nelxoOtC7E118FiRgvD/jdhlMyL9AoGBANfX
vyoN1pplfT2xR8QOjSZ+Q35S/+SAtMuBnHx3l0qH2bbBjcvM1MNDWjnRDyaYhiRu
i+KA7tqfib09+XpB3g5D6Ov7ls/Ldx0S/VcmVWtia2HK8y8iLGtokoBZKQ5AaFX2
iQU8+tC4h69GnJYQKqNwgCUzh8+gHX5Y46oDiTmRAoGAYpOx8lX+czB8/Da6MNrW
mIZNT8atZLEsDs2ANEVRxDSIcTCZJId7+m1W+nRoaycLTWNowZ1+2ErLvR10+AGY
b7Ys79Wg9idYaY9yGn9lnZsMzAiuLeyIvXcSqgjvAKlVWrhOQFOughvNWvFl85Yy
oWSCMlPiTLtt7CCsCKsgKuECgYBgdIp6GZsIfkgclKe0hqgvRoeU4TR3gcjJlM9A
lBTo+pKhaBectplx9RxR8AnsPobbqwcaHnIfAuKDzjk5mEvKZjClnFXF4HAHbyAF
nRzZEy9XkWFhc80T5rRpZO7C7qdxmu2aiKixM3V3L3/0U58qULEDbubHMw9bEhAT
PudI8QKBgHEEiMm/hr9T41hbQi/LYanWnlFw1ue+osKuF8bXQuxnnHNuFT/c+9/A
vWhgqG6bOEHu+p/IPrYm4tBMYlwsyh4nXCyGgDJLbLIfzKwKAWCtH9LwnyDVhOow
GH9shdR+sW3Ew97xef02KAH4VlNANEmBV4sQNqWWvsYrcFm2rOdL
-----END RSA PRIVATE KEY-----
root@LenovoLegionT5:~/avb/test/data# openssl rsa -in testkey_rsa2048.pem -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlVR3TIkouAOvH79vaJT
gFhpfvVKQIeVkFRZPVXK/zY0Gvrh4JAqGjJoW/PfrQv5sdD36qtHH3a+G5hLZ6Ni
+t/mtfjucxZfuLGC3kmJ1T3XqEKZgXXI2IR7vVSoImREvDQGEDyJwtHzLANlkbGg
0cghVhWZSCAndO8BenalC2v94/rtDfkPekH6dgU3Sf40T0sBSeSY94mOzTaqOR2p
fV1rWlLRdWmo33zeHBv52Rlbt0dMuXAureXWiHztkm5GCBC1dgM+CaxNtizNEgC9
1KcD0xuRCCM2WxH+r1lpszyIJDctYbrFmVEYl/kjQpafhy7Nsk1fqSTyRdriZSYm
TQIDAQAB
-----END PUBLIC KEY-----
root@LenovoLegionT5:~/avb/test/data#