Message ID | 20181106163925.4180994-1-pn@denx.de |
---|---|
State | Superseded |
Delegated to: | Stefano Babic |
Headers | show |
Series | [U-Boot] imx: hab: extend hab_auth_img to calculate ivt_offset | expand |
Ping on this patch! On 11/6/18 5:39 PM, Parthiban Nallathambi wrote: > Current implementation of hab_auth_img command needs ivt_offset to > authenticate the image. But ivt header is placed at the end of image > date after padding. > > This leaves the usage of hab_auth_img command to fixed size or static > offset for ivt header. New function "get_image_ivt_offset" is introduced > to find the ivt offset during runtime. The case conditional check in this > function is same as boot_get_kernel in common/bootm.c > > With this variable length image e.g. FIT image with any random size can > have IVT at the end and ivt_offset option can be left optional > > Can be used as "hab_auth_img $loadaddr $filesize" from u-boot script > > Signed-off-by: Parthiban Nallathambi <pn@denx.de> > --- > arch/arm/mach-imx/hab.c | 29 +++++++++++++++++++++++++++-- > 1 file changed, 27 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c > index b88acd13da..060d0866b3 100644 > --- a/arch/arm/mach-imx/hab.c > +++ b/arch/arm/mach-imx/hab.c > @@ -6,6 +6,8 @@ > #include <common.h> > #include <config.h> > #include <fuse.h> > +#include <mapmem.h> > +#include <image.h> > #include <asm/io.h> > #include <asm/system.h> > #include <asm/arch/clock.h> > @@ -302,18 +304,41 @@ static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, > return 0; > } > > +static ulong get_image_ivt_offset(ulong img_addr, ulong length) > +{ > + const void *buf; > + > + buf = map_sysmem(img_addr, 0); > + switch (genimg_get_format(buf)) { > +#if defined(CONFIG_IMAGE_FORMAT_LEGACY) > + case IMAGE_FORMAT_LEGACY: > + return (image_get_image_size((image_header_t *)img_addr) > + + 0x1000 - 1) & ~(0x1000 - 1); > +#endif > +#if IMAGE_ENABLE_FIT > + case IMAGE_FORMAT_FIT: > + return (fit_get_size(buf) + 0x1000 - 1) & ~(0x1000 - 1); > +#endif > + default: > + return 0; > + } > +} > + > static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, > char * const argv[]) > { > ulong addr, length, ivt_offset; > int rcode = 0; > > - if (argc < 4) > + if (argc < 3) > return CMD_RET_USAGE; > > addr = simple_strtoul(argv[1], NULL, 16); > length = simple_strtoul(argv[2], NULL, 16); > - ivt_offset = simple_strtoul(argv[3], NULL, 16); > + if (argc == 3) > + ivt_offset = get_image_ivt_offset(addr, length); > + else > + ivt_offset = simple_strtoul(argv[3], NULL, 16); > > rcode = imx_hab_authenticate_image(addr, length, ivt_offset); > if (rcode == 0) >
Adding Bryan and Breno in case they can help reviewing it. On Tue, Nov 6, 2018 at 2:42 PM Parthiban Nallathambi <pn@denx.de> wrote: > > Current implementation of hab_auth_img command needs ivt_offset to > authenticate the image. But ivt header is placed at the end of image > date after padding. > > This leaves the usage of hab_auth_img command to fixed size or static > offset for ivt header. New function "get_image_ivt_offset" is introduced > to find the ivt offset during runtime. The case conditional check in this > function is same as boot_get_kernel in common/bootm.c > > With this variable length image e.g. FIT image with any random size can > have IVT at the end and ivt_offset option can be left optional > > Can be used as "hab_auth_img $loadaddr $filesize" from u-boot script > > Signed-off-by: Parthiban Nallathambi <pn@denx.de> > --- > arch/arm/mach-imx/hab.c | 29 +++++++++++++++++++++++++++-- > 1 file changed, 27 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c > index b88acd13da..060d0866b3 100644 > --- a/arch/arm/mach-imx/hab.c > +++ b/arch/arm/mach-imx/hab.c > @@ -6,6 +6,8 @@ > #include <common.h> > #include <config.h> > #include <fuse.h> > +#include <mapmem.h> > +#include <image.h> > #include <asm/io.h> > #include <asm/system.h> > #include <asm/arch/clock.h> > @@ -302,18 +304,41 @@ static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, > return 0; > } > > +static ulong get_image_ivt_offset(ulong img_addr, ulong length) > +{ > + const void *buf; > + > + buf = map_sysmem(img_addr, 0); > + switch (genimg_get_format(buf)) { > +#if defined(CONFIG_IMAGE_FORMAT_LEGACY) > + case IMAGE_FORMAT_LEGACY: > + return (image_get_image_size((image_header_t *)img_addr) > + + 0x1000 - 1) & ~(0x1000 - 1); > +#endif > +#if IMAGE_ENABLE_FIT > + case IMAGE_FORMAT_FIT: > + return (fit_get_size(buf) + 0x1000 - 1) & ~(0x1000 - 1); > +#endif > + default: > + return 0; > + } > +} > + > static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, > char * const argv[]) > { > ulong addr, length, ivt_offset; > int rcode = 0; > > - if (argc < 4) > + if (argc < 3) > return CMD_RET_USAGE; > > addr = simple_strtoul(argv[1], NULL, 16); > length = simple_strtoul(argv[2], NULL, 16); > - ivt_offset = simple_strtoul(argv[3], NULL, 16); > + if (argc == 3) > + ivt_offset = get_image_ivt_offset(addr, length); > + else > + ivt_offset = simple_strtoul(argv[3], NULL, 16); > > rcode = imx_hab_authenticate_image(addr, length, ivt_offset); > if (rcode == 0) > -- > 2.17.2 > > _______________________________________________ > U-Boot mailing list > U-Boot@lists.denx.de > https://lists.denx.de/listinfo/u-boot
Hi Parthiban, Em ter, 6 de nov de 2018 às 14:42, Parthiban Nallathambi <pn@denx.de> escreveu: > > Current implementation of hab_auth_img command needs ivt_offset to > authenticate the image. But ivt header is placed at the end of image > date after padding. > > This leaves the usage of hab_auth_img command to fixed size or static > offset for ivt header. New function "get_image_ivt_offset" is introduced > to find the ivt offset during runtime. The case conditional check in this > function is same as boot_get_kernel in common/bootm.c > > With this variable length image e.g. FIT image with any random size can > have IVT at the end and ivt_offset option can be left optional > > Can be used as "hab_auth_img $loadaddr $filesize" from u-boot script > > Signed-off-by: Parthiban Nallathambi <pn@denx.de> > --- > arch/arm/mach-imx/hab.c | 29 +++++++++++++++++++++++++++-- > 1 file changed, 27 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c > index b88acd13da..060d0866b3 100644 > --- a/arch/arm/mach-imx/hab.c > +++ b/arch/arm/mach-imx/hab.c > @@ -6,6 +6,8 @@ > #include <common.h> > #include <config.h> > #include <fuse.h> > +#include <mapmem.h> > +#include <image.h> > #include <asm/io.h> > #include <asm/system.h> > #include <asm/arch/clock.h> > @@ -302,18 +304,41 @@ static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, > return 0; > } > > +static ulong get_image_ivt_offset(ulong img_addr, ulong length) > +{ I'm seeing that function get_image_ivt_offset() requires a length but we are not using it, there is any reason for that? Thanks, Breno Lima
Hi Breno, On 11/21/18 2:24 PM, Breno Matheus Lima wrote: > Hi Parthiban, > > Em ter, 6 de nov de 2018 às 14:42, Parthiban Nallathambi <pn@denx.de> escreveu: >> >> Current implementation of hab_auth_img command needs ivt_offset to >> authenticate the image. But ivt header is placed at the end of image >> date after padding. >> >> This leaves the usage of hab_auth_img command to fixed size or static >> offset for ivt header. New function "get_image_ivt_offset" is introduced >> to find the ivt offset during runtime. The case conditional check in this >> function is same as boot_get_kernel in common/bootm.c >> >> With this variable length image e.g. FIT image with any random size can >> have IVT at the end and ivt_offset option can be left optional >> >> Can be used as "hab_auth_img $loadaddr $filesize" from u-boot script >> >> Signed-off-by: Parthiban Nallathambi <pn@denx.de> >> --- >> arch/arm/mach-imx/hab.c | 29 +++++++++++++++++++++++++++-- >> 1 file changed, 27 insertions(+), 2 deletions(-) >> >> diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c >> index b88acd13da..060d0866b3 100644 >> --- a/arch/arm/mach-imx/hab.c >> +++ b/arch/arm/mach-imx/hab.c >> @@ -6,6 +6,8 @@ >> #include <common.h> >> #include <config.h> >> #include <fuse.h> >> +#include <mapmem.h> >> +#include <image.h> >> #include <asm/io.h> >> #include <asm/system.h> >> #include <asm/arch/clock.h> >> @@ -302,18 +304,41 @@ static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, >> return 0; >> } >> >> +static ulong get_image_ivt_offset(ulong img_addr, ulong length) >> +{ > > I'm seeing that function get_image_ivt_offset() requires a length but > we are not using it, there is any reason for that? length is not required to find the ivt offset in the image. I will remove this. > > Thanks, > Breno Lima >
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index b88acd13da..060d0866b3 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -6,6 +6,8 @@ #include <common.h> #include <config.h> #include <fuse.h> +#include <mapmem.h> +#include <image.h> #include <asm/io.h> #include <asm/system.h> #include <asm/arch/clock.h> @@ -302,18 +304,41 @@ static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, return 0; } +static ulong get_image_ivt_offset(ulong img_addr, ulong length) +{ + const void *buf; + + buf = map_sysmem(img_addr, 0); + switch (genimg_get_format(buf)) { +#if defined(CONFIG_IMAGE_FORMAT_LEGACY) + case IMAGE_FORMAT_LEGACY: + return (image_get_image_size((image_header_t *)img_addr) + + 0x1000 - 1) & ~(0x1000 - 1); +#endif +#if IMAGE_ENABLE_FIT + case IMAGE_FORMAT_FIT: + return (fit_get_size(buf) + 0x1000 - 1) & ~(0x1000 - 1); +#endif + default: + return 0; + } +} + static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { ulong addr, length, ivt_offset; int rcode = 0; - if (argc < 4) + if (argc < 3) return CMD_RET_USAGE; addr = simple_strtoul(argv[1], NULL, 16); length = simple_strtoul(argv[2], NULL, 16); - ivt_offset = simple_strtoul(argv[3], NULL, 16); + if (argc == 3) + ivt_offset = get_image_ivt_offset(addr, length); + else + ivt_offset = simple_strtoul(argv[3], NULL, 16); rcode = imx_hab_authenticate_image(addr, length, ivt_offset); if (rcode == 0)
Current implementation of hab_auth_img command needs ivt_offset to authenticate the image. But ivt header is placed at the end of image date after padding. This leaves the usage of hab_auth_img command to fixed size or static offset for ivt header. New function "get_image_ivt_offset" is introduced to find the ivt offset during runtime. The case conditional check in this function is same as boot_get_kernel in common/bootm.c With this variable length image e.g. FIT image with any random size can have IVT at the end and ivt_offset option can be left optional Can be used as "hab_auth_img $loadaddr $filesize" from u-boot script Signed-off-by: Parthiban Nallathambi <pn@denx.de> --- arch/arm/mach-imx/hab.c | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-)