Message ID | 20220225145754.30217-16-philippe.reynes@softathome.com |
---|---|
State | Changes Requested |
Delegated to: | Simon Glass |
Headers | show |
Series | image: add a stage pre-load | expand |
Hi Philippe, On Fri, 25 Feb 2022 at 07:58, Philippe Reynes <philippe.reynes@softathome.com> wrote: > > Add the command verify that check the signature of > an image with the pre-load header. If the check > succeed, the u-boot env variable 'loadaddr_verified' > is set to the address of the image (without the header). > > It allows to run such commands: > tftp script.img && verify $loadaddr && source $loadaddr_verified > > Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> > --- > cmd/Kconfig | 7 +++++++ > cmd/Makefile | 1 + > cmd/verify.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++ > 3 files changed, 61 insertions(+) > create mode 100644 cmd/verify.c > Using the 'verify' command seems a bit vague. Could it be a sub-command of bootm perhaps? > diff --git a/cmd/Kconfig b/cmd/Kconfig > index 87aa3fb11a..0460d5c3a0 100644 > --- a/cmd/Kconfig > +++ b/cmd/Kconfig > @@ -428,6 +428,13 @@ config CMD_THOR_DOWNLOAD > There is no documentation about this within the U-Boot source code > but you should be able to find something on the interwebs. > > +config CMD_VERIFY > + bool "verify the global signature" > + depends on CMD_BOOTM_PRE_LOAD > + help > + Verify the signature provided in a pre-load header of > + a full image. Please point to docs here > + > config CMD_ZBOOT > bool "zboot - x86 boot command" > help > diff --git a/cmd/Makefile b/cmd/Makefile > index 166c652d98..80e054e806 100644 > --- a/cmd/Makefile > +++ b/cmd/Makefile > @@ -177,6 +177,7 @@ obj-$(CONFIG_CMD_THOR_DOWNLOAD) += thordown.o > obj-$(CONFIG_CMD_XIMG) += ximg.o > obj-$(CONFIG_CMD_YAFFS2) += yaffs2.o > obj-$(CONFIG_CMD_SPL) += spl.o > +obj-$(CONFIG_CMD_VERIFY) += verify.o > obj-$(CONFIG_CMD_W1) += w1.o > obj-$(CONFIG_CMD_ZIP) += zip.o > obj-$(CONFIG_CMD_ZFS) += zfs.o > diff --git a/cmd/verify.c b/cmd/verify.c > new file mode 100644 > index 0000000000..4d055e0790 > --- /dev/null > +++ b/cmd/verify.c > @@ -0,0 +1,53 @@ > +// SPDX-License-Identifier: GPL-2.0+ > +/* > + * Copyright (C) 2022 Philippe Reynes <philippe.reynes@softathome.com> > + */ > + > +#include <common.h> > +#include <env.h> > +#include <image.h> > +#include <mapmem.h> > + > +static ulong verify_get_addr(int argc, char *const argv[]) > +{ > + ulong addr; > + > + if (argc > 0) > + addr = simple_strtoul(argv[0], NULL, 16); hextoul > + else > + addr = image_load_addr; > + > + return addr; > +} > + > +static int do_verify(struct cmd_tbl *cmdtp, int flag, int argc, > + char *const argv[]) > +{ > + ulong addr = verify_get_addr(argc, argv); > + int ret = 0; > + > + argc--; argv++; > + > + addr = verify_get_addr(argc, argv); > + > + if (CONFIG_IS_ENABLED(CMD_BOOTM_PRE_LOAD)) { > + ret = image_pre_load(addr); > + > + if (ret) { > + ret = CMD_RET_FAILURE; > + goto out; > + } > + > + env_set_hex("loadaddr_verified", addr + image_load_offset); > + } > + > + out: > + return ret; > +} > + > +U_BOOT_CMD(verify, 2, 1, do_verify, > + "verify the global signature provided in the pre-load header,\n" > + "\tif the check succeed, the u-boot env variable loadaddr_verified\n" > + "\tis set to the address of the image (without the header)", > + "<image addr>" > +); > -- > 2.17.1 > Regards, Simon
Hi Simon, Le 03/03/2022 à 04:37, Simon Glass a écrit : > Hi Philippe, > > On Fri, 25 Feb 2022 at 07:58, Philippe Reynes > <philippe.reynes@softathome.com> wrote: >> Add the command verify that check the signature of >> an image with the pre-load header. If the check >> succeed, the u-boot env variable 'loadaddr_verified' >> is set to the address of the image (without the header). >> >> It allows to run such commands: >> tftp script.img && verify $loadaddr && source $loadaddr_verified >> >> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> >> --- >> cmd/Kconfig | 7 +++++++ >> cmd/Makefile | 1 + >> cmd/verify.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++ >> 3 files changed, 61 insertions(+) >> create mode 100644 cmd/verify.c >> > Using the 'verify' command seems a bit vague. Could it be a > sub-command of bootm perhaps? The command verify may be used with any binary (script, video firmware, .....). So a lot of binaries that are not launched by bootm. I think that it is not "logic" to used a bootm subcommand. But we could use another name if you want. For example : pre_load_verify ? >> diff --git a/cmd/Kconfig b/cmd/Kconfig >> index 87aa3fb11a..0460d5c3a0 100644 >> --- a/cmd/Kconfig >> +++ b/cmd/Kconfig >> @@ -428,6 +428,13 @@ config CMD_THOR_DOWNLOAD >> There is no documentation about this within the U-Boot source code >> but you should be able to find something on the interwebs. >> >> +config CMD_VERIFY >> + bool "verify the global signature" >> + depends on CMD_BOOTM_PRE_LOAD >> + help >> + Verify the signature provided in a pre-load header of >> + a full image. > Please point to docs here > >> + >> config CMD_ZBOOT >> bool "zboot - x86 boot command" >> help >> diff --git a/cmd/Makefile b/cmd/Makefile >> index 166c652d98..80e054e806 100644 >> --- a/cmd/Makefile >> +++ b/cmd/Makefile >> @@ -177,6 +177,7 @@ obj-$(CONFIG_CMD_THOR_DOWNLOAD) += thordown.o >> obj-$(CONFIG_CMD_XIMG) += ximg.o >> obj-$(CONFIG_CMD_YAFFS2) += yaffs2.o >> obj-$(CONFIG_CMD_SPL) += spl.o >> +obj-$(CONFIG_CMD_VERIFY) += verify.o >> obj-$(CONFIG_CMD_W1) += w1.o >> obj-$(CONFIG_CMD_ZIP) += zip.o >> obj-$(CONFIG_CMD_ZFS) += zfs.o >> diff --git a/cmd/verify.c b/cmd/verify.c >> new file mode 100644 >> index 0000000000..4d055e0790 >> --- /dev/null >> +++ b/cmd/verify.c >> @@ -0,0 +1,53 @@ >> +// SPDX-License-Identifier: GPL-2.0+ >> +/* >> + * Copyright (C) 2022 Philippe Reynes <philippe.reynes@softathome.com> >> + */ >> + >> +#include <common.h> >> +#include <env.h> >> +#include <image.h> >> +#include <mapmem.h> >> + >> +static ulong verify_get_addr(int argc, char *const argv[]) >> +{ >> + ulong addr; >> + >> + if (argc > 0) >> + addr = simple_strtoul(argv[0], NULL, 16); > hextoul > >> + else >> + addr = image_load_addr; >> + >> + return addr; >> +} >> + >> +static int do_verify(struct cmd_tbl *cmdtp, int flag, int argc, >> + char *const argv[]) >> +{ >> + ulong addr = verify_get_addr(argc, argv); >> + int ret = 0; >> + >> + argc--; argv++; >> + >> + addr = verify_get_addr(argc, argv); >> + >> + if (CONFIG_IS_ENABLED(CMD_BOOTM_PRE_LOAD)) { >> + ret = image_pre_load(addr); >> + >> + if (ret) { >> + ret = CMD_RET_FAILURE; >> + goto out; >> + } >> + >> + env_set_hex("loadaddr_verified", addr + image_load_offset); >> + } >> + >> + out: >> + return ret; >> +} >> + >> +U_BOOT_CMD(verify, 2, 1, do_verify, >> + "verify the global signature provided in the pre-load header,\n" >> + "\tif the check succeed, the u-boot env variable loadaddr_verified\n" >> + "\tis set to the address of the image (without the header)", >> + "<image addr>" >> +); >> -- >> 2.17.1 >> > Regards, > Simon Regards, Philippe
Hi Philippe, On Thu, 10 Mar 2022 at 09:53, Philippe REYNES <philippe.reynes@softathome.com> wrote: > > Hi Simon, > > > Le 03/03/2022 à 04:37, Simon Glass a écrit : > > Hi Philippe, > > > > On Fri, 25 Feb 2022 at 07:58, Philippe Reynes > > <philippe.reynes@softathome.com> wrote: > >> Add the command verify that check the signature of > >> an image with the pre-load header. If the check > >> succeed, the u-boot env variable 'loadaddr_verified' > >> is set to the address of the image (without the header). > >> > >> It allows to run such commands: > >> tftp script.img && verify $loadaddr && source $loadaddr_verified > >> > >> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> > >> --- > >> cmd/Kconfig | 7 +++++++ > >> cmd/Makefile | 1 + > >> cmd/verify.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++ > >> 3 files changed, 61 insertions(+) > >> create mode 100644 cmd/verify.c > >> > > Using the 'verify' command seems a bit vague. Could it be a > > sub-command of bootm perhaps? > > > The command verify may be used with any binary (script, video firmware, > .....). > So a lot of binaries that are not launched by bootm. > I think that it is not "logic" to used a bootm subcommand. > But we could use another name if you want. > For example : pre_load_verify ? I see. Well, I suppose this is a boot loader, so 'verify' would be expected to mean verifying an image or something to boot, so this seems reasonable to me. But I do like the idea of putting pre_load in there somewhere if you can, since we do most other verification as part of the 'bootm' command. Up to you. Reviewed-by: Simon Glass <sjg@chromium.org> Regards, Simon
Hi Simon, Le 28/03/2022 à 08:35, Simon Glass a écrit : > Hi Philippe, > > On Thu, 10 Mar 2022 at 09:53, Philippe REYNES > <philippe.reynes@softathome.com> wrote: >> Hi Simon, >> >> >> Le 03/03/2022 à 04:37, Simon Glass a écrit : >>> Hi Philippe, >>> >>> On Fri, 25 Feb 2022 at 07:58, Philippe Reynes >>> <philippe.reynes@softathome.com> wrote: >>>> Add the command verify that check the signature of >>>> an image with the pre-load header. If the check >>>> succeed, the u-boot env variable 'loadaddr_verified' >>>> is set to the address of the image (without the header). >>>> >>>> It allows to run such commands: >>>> tftp script.img && verify $loadaddr && source $loadaddr_verified >>>> >>>> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> >>>> --- >>>> cmd/Kconfig | 7 +++++++ >>>> cmd/Makefile | 1 + >>>> cmd/verify.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++ >>>> 3 files changed, 61 insertions(+) >>>> create mode 100644 cmd/verify.c >>>> >>> Using the 'verify' command seems a bit vague. Could it be a >>> sub-command of bootm perhaps? >> >> The command verify may be used with any binary (script, video firmware, >> .....). >> So a lot of binaries that are not launched by bootm. >> I think that it is not "logic" to used a bootm subcommand. >> But we could use another name if you want. >> For example : pre_load_verify ? > I see. Well, I suppose this is a boot loader, so 'verify' would be > expected to mean verifying an image or something to boot, so this > seems reasonable to me. But I do like the idea of putting pre_load in > there somewhere if you can, since we do most other verification as > part of the 'bootm' command. Up to you. I have sent a v8 where I remove the command pre_load_verify, and add the subcommand preload to bootm. > Reviewed-by: Simon Glass <sjg@chromium.org> > > Regards, > Simon Regards, Philippe
diff --git a/cmd/Kconfig b/cmd/Kconfig index 87aa3fb11a..0460d5c3a0 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -428,6 +428,13 @@ config CMD_THOR_DOWNLOAD There is no documentation about this within the U-Boot source code but you should be able to find something on the interwebs. +config CMD_VERIFY + bool "verify the global signature" + depends on CMD_BOOTM_PRE_LOAD + help + Verify the signature provided in a pre-load header of + a full image. + config CMD_ZBOOT bool "zboot - x86 boot command" help diff --git a/cmd/Makefile b/cmd/Makefile index 166c652d98..80e054e806 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -177,6 +177,7 @@ obj-$(CONFIG_CMD_THOR_DOWNLOAD) += thordown.o obj-$(CONFIG_CMD_XIMG) += ximg.o obj-$(CONFIG_CMD_YAFFS2) += yaffs2.o obj-$(CONFIG_CMD_SPL) += spl.o +obj-$(CONFIG_CMD_VERIFY) += verify.o obj-$(CONFIG_CMD_W1) += w1.o obj-$(CONFIG_CMD_ZIP) += zip.o obj-$(CONFIG_CMD_ZFS) += zfs.o diff --git a/cmd/verify.c b/cmd/verify.c new file mode 100644 index 0000000000..4d055e0790 --- /dev/null +++ b/cmd/verify.c @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (C) 2022 Philippe Reynes <philippe.reynes@softathome.com> + */ + +#include <common.h> +#include <env.h> +#include <image.h> +#include <mapmem.h> + +static ulong verify_get_addr(int argc, char *const argv[]) +{ + ulong addr; + + if (argc > 0) + addr = simple_strtoul(argv[0], NULL, 16); + else + addr = image_load_addr; + + return addr; +} + +static int do_verify(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + ulong addr = verify_get_addr(argc, argv); + int ret = 0; + + argc--; argv++; + + addr = verify_get_addr(argc, argv); + + if (CONFIG_IS_ENABLED(CMD_BOOTM_PRE_LOAD)) { + ret = image_pre_load(addr); + + if (ret) { + ret = CMD_RET_FAILURE; + goto out; + } + + env_set_hex("loadaddr_verified", addr + image_load_offset); + } + + out: + return ret; +} + +U_BOOT_CMD(verify, 2, 1, do_verify, + "verify the global signature provided in the pre-load header,\n" + "\tif the check succeed, the u-boot env variable loadaddr_verified\n" + "\tis set to the address of the image (without the header)", + "<image addr>" +);
Add the command verify that check the signature of an image with the pre-load header. If the check succeed, the u-boot env variable 'loadaddr_verified' is set to the address of the image (without the header). It allows to run such commands: tftp script.img && verify $loadaddr && source $loadaddr_verified Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> --- cmd/Kconfig | 7 +++++++ cmd/Makefile | 1 + cmd/verify.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+) create mode 100644 cmd/verify.c