Message ID | 20230627073931.11204-1-christian.taedcke-oss@weidmueller.com |
---|---|
Headers | show
Return-Path: <u-boot-bounces@lists.denx.de> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=weidmueller.onmicrosoft.com header.i=@weidmueller.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-weidmueller-onmicrosoft-com header.b=4jwD5KLN; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Qr3Sp1T5qz20bH for <incoming@patchwork.ozlabs.org>; Tue, 27 Jun 2023 22:10:34 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id D701E865CC; Tue, 27 Jun 2023 14:10:27 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=weidmueller.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=weidmueller.onmicrosoft.com header.i=@weidmueller.onmicrosoft.com header.b="4jwD5KLN"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id D8A8A863A4; Tue, 27 Jun 2023 09:39:51 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FORGED_SPF_HELO,SPF_HELO_PASS,T_SCC_BODY_TEXT_LINE, T_SPF_PERMERROR autolearn=no autolearn_force=no version=3.4.2 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on20611.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1b::611]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 529C580977 for <u-boot@lists.denx.de>; Tue, 27 Jun 2023 09:39:49 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=weidmueller.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=Christian.Taedcke-oss@weidmueller.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NcP4x/RU4y2WN5vmH+2tId1KaNxxDOoBJA9kUCIFqjW0XCRx6ZOyTL6yYLLUI2xHtoooP0QOMXTyukfQ2C/TK1ZzuV/Vb0HeirsF913vhOJS6uHi2q3atZJ2OFWiqD28jrJVJtz1JDCYy7PzQBRJ+qMFd5U5eFzKKusWqVclh/54icuifsnpzCO9tlRvZCeHxLam3SACFbjM1WNqpn7/N6e6RWwjYiiCPlk0RbTEdYFzCG+4e5CCqvt0TURvj8JZANPZbSyP+R7cZIadokrIbZeNqRWtKflTPXm17TfDIGLBhlmJhCK27QO5biwMPYRVdk8oQu45DGZGIjVsWLxgKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hxcj/qzTywtaIdr4fsnfKk3QfdpjH1ld3OCQvLlDY5w=; b=kn0V7w8xtZBb0svBTaVpXRGSgANTJYTbSvxKARMoMt2OqRd7qjFeHaNqKHAKVkjGdSGlW6scnoCed3VbVjhe5T+38X5GF3IO51H5x/HEWyJ6j6SzeL4h/aryOHv8hS9d7LP0G/Bj1Y/lVsKoCQxJ/bIeBf5d06Ez3TM6aalimUoP+GZwmUTr2DQVaRByxTmGQaH24+7hjFp9JzVWvkzDP/v8zdhSXFnwePoByc+N0FiaNrrHhczCjPBQzSE3r22VdCk3O1Q9399yywXSAgZ6TiAQL4+3D+ybGVyojzP9fxgJq2Zpa37zzjPX5aWl0iwosg+T0Am77kbeRBNEViu7PA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=weidmueller.com; dmarc=pass action=none header.from=weidmueller.com; dkim=pass header.d=weidmueller.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=weidmueller.onmicrosoft.com; s=selector1-weidmueller-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hxcj/qzTywtaIdr4fsnfKk3QfdpjH1ld3OCQvLlDY5w=; b=4jwD5KLNN8iddaiPQ2okqzneDkzZxnnrQ2MDH55+N93nal6ws89Q08UzjzO5+QVwt6b9V8t3C6dduLpVfIqlC3okQQZ4WV5EsS2BRrlod0tHSpD4baKzpwP3F19Di+x1VK2UGT83uw05qgoAKUGKNMkMvQo6oeQIzbPlS0bDYOk= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=weidmueller.com; Received: from AM0PR08MB4946.eurprd08.prod.outlook.com (2603:10a6:208:165::13) by DB9PR08MB6475.eurprd08.prod.outlook.com (2603:10a6:10:253::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.26; Tue, 27 Jun 2023 07:39:47 +0000 Received: from AM0PR08MB4946.eurprd08.prod.outlook.com ([fe80::6f6b:efd:577c:b068]) by AM0PR08MB4946.eurprd08.prod.outlook.com ([fe80::6f6b:efd:577c:b068%5]) with mapi id 15.20.6521.026; Tue, 27 Jun 2023 07:39:47 +0000 From: christian.taedcke-oss@weidmueller.com To: u-boot@lists.denx.de Cc: Christian Taedcke <christian.taedcke@weidmueller.com>, Alper Nebi Yasak <alpernebiyasak@gmail.com>, Ivan Mikhaylov <fr0st61te@gmail.com>, Jonas Karlman <jonas@kwiboo.se>, Simon Glass <sjg@chromium.org>, Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com> Subject: [PATCH 0/3] binman: Add support for externally encrypted blobs Date: Tue, 27 Jun 2023 09:39:28 +0200 Message-Id: <20230627073931.11204-1-christian.taedcke-oss@weidmueller.com> X-Mailer: git-send-email 2.34.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: FR0P281CA0068.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:49::13) To AM0PR08MB4946.eurprd08.prod.outlook.com (2603:10a6:208:165::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM0PR08MB4946:EE_|DB9PR08MB6475:EE_ X-MS-Office365-Filtering-Correlation-Id: 90af0a23-480d-4230-5fb6-08db76e1aeb5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Uoy+wdyAR333KU1t2Xsh/4vAGWy4vrI3NMjd7yLps3Bty5xKK2eau/L//C+ymGjHuKpRIQImkcpjjP2a6Bkb+/TIl+i+niJtpaxZV16/wao0aAbVdJRJmIXV7QyWAsRGFnsXhzhlTXpRb00iuZJMUQcKijk+tHiGLnvMTidciYcoqg6OQYNQl7S3/h+vQX0KGPCafhYGVOGudMps+drW0lCC5ASuXdMkFlJW2mCTAGdjLNpXizZ/Lhpw8dvat8xfDFw9U4wO8z5hCXoFCiboWsfEHGjIFZTeJkGZlym8oM9rUPofGnUlnmUoos/3bfeSmRO4w09YtjVEcExJ8MhwTGB16/7Pyu8IEy/L05BaVIoqsXQ9VbwP5nM/O3bSZJG+0V39wAJth4Cfg66gzcks7gEKVMI3iCAby61Ac90h6JhgOm6WrdUx2EahucBCklOyAOosGNHFhc3SgfzLoCQg/Q16ESEpeqHMXknQNbVE0Yp7Lmdol2wqXvpbX771ckGL0VOKVWEpsF7JitdQ/k6pOagYqaCRsg6vzsjbzAHGsmzUQ5NWs0aSRCNy+4clu8QitquDSV8/avV05ep3+iY7Er43bwasEQDA2KSpwnCz4X08Y3ct927TK2AKKvVXPTj3 X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB4946.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(346002)(136003)(39860400002)(396003)(366004)(376002)(451199021)(5660300002)(107886003)(6506007)(6666004)(54906003)(478600001)(2616005)(52116002)(83380400001)(26005)(186003)(9686003)(2906002)(1076003)(6486002)(41300700001)(86362001)(36756003)(66946007)(8676002)(38100700002)(316002)(66476007)(66556008)(6916009)(8936002)(4326008)(38350700002)(6512007); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: ylvB/f++JDGmPim2zVPTRC1O1UDo23ap/S0E2t3v5ec0MqXQD0aHJLgWW2Rf2wcDhMZfjcMkxR08ceyBJHhXk7l1cZz/bjFL9isrS2zzyB8uPiKkqEFhA+AUXdjmnptrdO+Iuq6ZLOYo+NeCS/MxCjRANYRH8Cc9l6XqJgSz0w+Z9rBuh0//MCMjIYLNBnxtI5QE0nXxabEvb8dmW0wluUDygW5nDaKE6NJFyjLAh1wsv6DA4qm+HWFCvv3H2qjx+HU2IaxSnVGlLZKBARV2PhSSHn8K5bn/mhQQSXLzcvwiLszNF4Lub194/5Q8tXPo6PlYfdpbl+SnF8tuucbfuLdb9OYexi+ZoWTBlZHbOCXwyAPdmrxoeFwIIRQ8WDuzWeuMje/GnCu0bS/XG7fjSLr2vryUNNQ47FfyRbGgimStyLNVJ52cLdXHU17Trujh5f+tqw6da68x5ymXQcaQvRiSp5z9DRZxeIbrOEhfIzyf0SJ11GfRWN9W4tFonJuA2Ktjq9fkVvHfDW8wPF3xo3P+1k65CcVphePy8lMFtfFjXgZiaLyZXyekxqGByKSw8QCyJdKhtS/IAjfSgDL8Syk/yi88JAKaeXdCuis/e6FJfBrUOz0J6hG2SYM/MOlYd2wCmdaabd3P+2oaEhIQioEaoaIH/WnCfDnc3NT34oJchy1jBJ15b+dI9R6nAuC/hfLetaMH3OaOiznWyJGPeFHkbID2LJgkxmRlBbnNmEh081IIwmkjHAt45yto0xQ2T/2y2Hk7XXtRJV4RbGO83gfgMKcYOjZ1cgA3Pyxq3OOX8fFKFgTNa2E5H6PJukkCGOnUEjVGTiWN0xx5RHlzWc5BByrAYib3mRttOh9Fg8CDJEkA8L+I+E+Xy8O6AgiUx/PDF3nztF276UJveW/XpLcjv9WJOnL5JsX9nbBPl9y8fj4UQMwfQm7K5AJs413xnkRzglpZGEuvF37W1BCiVMrV5zF5UssdzmuNLiEAJxgRXwpnJKCyLBDvt+STblquyWAnyhEW78PyuS1UQEabCKJUUiyW55J3jaE1tNO/UIINdJoP7zOE2fj5RMD8shHGwmYlKHtmRRgeSilZx8bnuLfIimIGFcW2vgLAxlPF/BTJss+8j+bV6vC26pOnsfMtqyHupZVUMViKo1exgxoOybrg3BX0UK2C8nEV9McGrRhoSqdRJruVWMmlTEz2yLuLVvSLP3Z+1cfz1yzQqPd8q7oyzGtNCC2Cowq6ex+6NK+4DfxrMCLuB9vgDJGsa1IhmxSbmsYt7N9S3MwG/njm2Tu4bphJws6hHtfrOQfCbMMkbMy0YFmu0MMKZ6q60c5neukCvCg2HoVkAX9FdEe5nFIrB36VLxCjgL2C1/YIjdb8PiLvS3AYf0onz0UYLPkZBGE28jG2/IdvKFLt/LyYoHybfLCebhhAZMN8H7kiYnW/0d0ejUV49Rld+4hZi2nMmJckh6AnUmBGpyxjMVu5QaRJ1wWXvMCgEte7IacdXp/FFE/aL/lhSl/pYA3Bcxpu0J7vW5SEAheM2Vm62Ad+9DRNvq1xtpP2OYj0JAOBhrbFtE9kLSbNUUCNDAJbkrm3yZHF16xaMc27IJVNXap7jm4T1AA7LY+vOlR9wEOiRzA6EevK9DkEOnj2uOhFJRQP X-OriginatorOrg: weidmueller.com X-MS-Exchange-CrossTenant-Network-Message-Id: 90af0a23-480d-4230-5fb6-08db76e1aeb5 X-MS-Exchange-CrossTenant-AuthSource: AM0PR08MB4946.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jun 2023 07:39:47.4990 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: e4289438-1c5f-4c95-a51a-ee553b8b18ec X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: OsAV8tIAV1IVrQXGkAbGlsNOAfODmJY6ygGm+DyRUjxFqkpOkcPSk+ROuqqfVFRTgAEPfLcmBMsa94Eeu5m4PndM3Ir3Y5W/JB1+irnPbWhKQ4raUrjPuWCY8L0pvARm X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6475 X-Mailman-Approved-At: Tue, 27 Jun 2023 14:10:22 +0200 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion <u-boot.lists.denx.de> List-Unsubscribe: <https://lists.denx.de/options/u-boot>, <mailto:u-boot-request@lists.denx.de?subject=unsubscribe> List-Archive: <https://lists.denx.de/pipermail/u-boot/> List-Post: <mailto:u-boot@lists.denx.de> List-Help: <mailto:u-boot-request@lists.denx.de?subject=help> List-Subscribe: <https://lists.denx.de/listinfo/u-boot>, <mailto:u-boot-request@lists.denx.de?subject=subscribe> Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de> X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean |
Series |
binman: Add support for externally encrypted blobs
|
expand
|
From: Christian Taedcke <christian.taedcke@weidmueller.com> This series adds the functionality to handle externally encrypted blobs to binman. It includes the functionality itself and the corresponding unit tests. The generated device tree structure is similar to the structure used in the already implemented cipher node in boot/image-cipher.c. The following block shows an example on how to use this functionality. In the device tree that is parsed by binman a new node encrypted is used: / { binman { filename = "u-boot.itb"; fit { ... images { some-bitstream { ... image_bitstream: blob-ext { filename = "bitstream.bin"; }; encrypted { content = <&image_bitstream>; algo = "aes256-gcm"; key-name-hint = "keyname"; iv-filename = "bitstream.bin.iv"; key-filename = "bitstream.bin.key"; }; ... This results in an generated fit image containing the following information: \ { cipher { key-aes256-gcm-keyname { key = <0x...>; iv = <0x...>; }; }; images { ... some-bitstream { ... data = [...] cipher { algo = "aes256-gcm"; key-name-hint = "keyname"; }; }; ... Christian Taedcke (3): binman: Add support for externally encrypted blobs binman: Allow cipher node as special section binman: Add tests for etype encrypted tools/binman/etype/encrypted.py | 98 +++++++++++++++++++ tools/binman/etype/section.py | 2 +- tools/binman/ftest.py | 69 +++++++++++++ .../binman/test/282_encrypted_no_content.dts | 15 +++ tools/binman/test/283_encrypted_no_algo.dts | 19 ++++ .../test/284_encrypted_invalid_iv_file.dts | 22 +++++ tools/binman/test/285_encrypted.dts | 29 ++++++ tools/binman/test/286_encrypted_key_file.dts | 30 ++++++ .../test/287_encrypted_iv_name_hint.dts | 30 ++++++ 9 files changed, 313 insertions(+), 1 deletion(-) create mode 100644 tools/binman/etype/encrypted.py create mode 100644 tools/binman/test/282_encrypted_no_content.dts create mode 100644 tools/binman/test/283_encrypted_no_algo.dts create mode 100644 tools/binman/test/284_encrypted_invalid_iv_file.dts create mode 100644 tools/binman/test/285_encrypted.dts create mode 100644 tools/binman/test/286_encrypted_key_file.dts create mode 100644 tools/binman/test/287_encrypted_iv_name_hint.dts