From patchwork Wed Feb 9 18:01:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1590650 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=lIhnOTFa; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jv74Y0GD0z9sFN for ; Thu, 10 Feb 2022 05:02:03 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 35DF783ED8; Wed, 9 Feb 2022 19:01:52 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="lIhnOTFa"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id B7B9283ED4; Wed, 9 Feb 2022 19:01:49 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-PR2-obe.outbound.protection.outlook.com (mail-pr2fra01on062c.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e18::62c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 364B483A37 for ; Wed, 9 Feb 2022 19:01:46 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A3zAhrlYW0DAi4WpSoeeeG31dQRuqNQiXhKMaCkBPIcG24s+iBFA1ke/bgfKfyAcWhOamYIdriWL2IzmMDfHN1q788JgjPA2CcCmhDfGxYYAFTBqnDCqbdRCMlFegf68UgVNrWtAAb4LSE8kaK8RsXyqkVEsXSjNi9wqE2eHQBMsA+Yf9iGL7B+M1McZ8J5R9hbTiGnZACLKpFUFB/Ab8n5SuG9DVnsdKe9STKP2ei9mhGigc6pA3xehlj9EFm2upuPbW4RykyWRDFedCFEDzLwMVfK/ZolonKtQiQ/e54/9+KeMJMeFjvSy+E3F7iM3I9lCLXXh+rTODYGXDuC2lA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZrRKLb58iRjV59jFSjTUMPYv5M4yM/ICE+JT6s1HF6U=; b=JHXFa195TPaztgOgJAdqcx39D+nqWS4T4RNoOq4i01hZMLf+CwniyzCsWGxr9PDDg1zmXPR2X55mv1G5nZZfwmjjZrDrklwBIOmQMTv7ONHlXugRjesxmqvp4VBhtSavNcYKTXVSzTc+5zBL1RCNRLEkfWVDg0OsYVso4YmD2hUbo6Q4Rk1lgFyhlf9YiIjbrCqF8uSqLPfrK0TixnXJVQ2DxNwwIlP2Ez+q7RuHXfXpUOVERV+0PCONvfXEE8YOodT/2QjaSzJRnVOihNDHDbiPq19JRYcGbEUSzlS0igAFKcpG0d/9bPmGI0N4q0Gb/3zHekIBny9AKHunkRvnSQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZrRKLb58iRjV59jFSjTUMPYv5M4yM/ICE+JT6s1HF6U=; b=lIhnOTFahJz+EgOSAo0zCa4rIpKQNoCSDsK9+u73CAUDEQeEvbbHlor0MFSaD2+qQnpZjdMszTF8wwrO5xiAiKUQXNc3SkwbEd0nnqxb7e843byMOGrfP7GLx8+KiRTj/K+bLGLxDJHXubpmOtTXR15nfRHLd8DZC2sfGh9ZOcIY+QQ6gIGMIKAEBaSt9yIsABpE9vvvl2ATiCz1AqDdiZImuz7cdiQCaivJrILomXZQIHvc1m0lfPcq7WWD+JUnVgG3yFGy7GozL/nwLKymdGa2fCdtC6MIsqfj/vlXFjTcZsHJeOMlcHipFMC4diqFESZ0QlgR4IGJB4CXA4oHfQ== Received: from PR2PR09CA0011.eurprd09.prod.outlook.com (2603:10a6:101:16::23) by PR0P264MB3340.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:144::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.12; Wed, 9 Feb 2022 18:01:44 +0000 Received: from PR2FRA01FT003.eop-fra01.prod.protection.outlook.com (2603:10a6:101:16:cafe::df) by PR2PR09CA0011.outlook.office365.com (2603:10a6:101:16::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT003.mail.protection.outlook.com (10.152.48.96) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:44 +0000 Received: from sah1lpt571.softathome.com (unknown [192.168.75.67]) by proxy.softathome.com (Postfix) with ESMTPSA id 2F0891FFC7; Wed, 9 Feb 2022 19:01:44 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v5 01/16] arch: Kconfig: imply BINMAN for SANDBOX Date: Wed, 9 Feb 2022 19:01:13 +0100 Message-Id: <20220209180128.10655-2-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220209180128.10655-1-philippe.reynes@softathome.com> References: <20220209180128.10655-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: d3999672-86eb-4974-376d-08d9ebf63b95 X-MS-TrafficTypeDiagnostic: PR0P264MB3340:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1186; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: W8c+a9IMPIjg62bMwgv9/WxJUa8xuSF+yRGXUNT6Pyz9C/dGXbSWrg3m7ZgE9L2UQknylNING6yP1R/O/jL9lCJByIOlRMEmbtrvjUFHc3t0LLQ2+/tdlom56E31WEeL5WYsXNLNtvJrpbopdm6/ybWCjodcKudQOiW8ftHnnNrNSGYH8deWxZS557gL8gi8Z4dakek0s6BF/4ydaUj5uL079n+Ov9XIfCy7JNIieWmkRV0KG2ly3pj5phjgL8ED8XzNVd9auspl93+GxN4mH6BV4wwhNXxQshIfSKO6GSGvyp5qpSdKs02pbrv2svuGDcQr11LkxEVNCq3qqY/Hspp5CjikCC4lsR3OTttqsglTxYJe/ffnJuxGXlm0wTRmNuFtTRrxeCV2Vku1Ic2t1HSOzBFbYbGx5D1EiF48u5CweTJiPsTsDcFbFLZKNL6iDSgv8HV2lqS8qg9lJHISVf84ZaNZ+V4NbxZrKRTwPMrEgae5b3X8ltOrUFwbYEDWAJ9N4ZoJq7toFC9kaYbKUWB3HXurfA3vL6Gym+7zsHWTGy0rTmO48IFjMhLirMioIuwn+1bRgm6jmAFW2Yp66GSjXbcg5sVSLFjxbu0hL28leic87UcOCVi5ztgJ30atM4ByT9YfYWKe/Bn/n0WYAGS0NOXG9L6FKGMLaFXIJJ6WVX5nrBBgtb/+ewS1xxCzsaADhDi4Sy+4edDzPZtMpA== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(36860700001)(336012)(26005)(426003)(47076005)(508600001)(107886003)(316002)(7696005)(6966003)(40460700003)(5660300002)(2906002)(81166007)(356005)(8936002)(36756003)(82310400004)(8676002)(1076003)(4326008)(2616005)(6666004)(186003)(44832011)(6266002)(86362001)(83380400001)(70206006)(82960400001)(70586007)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2022 18:01:44.3283 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d3999672-86eb-4974-376d-08d9ebf63b95 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT003.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR0P264MB3340 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean To be able to use BINMAN on sandbox, the config SANDBOX imply BINMAN. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- arch/Kconfig | 1 + arch/sandbox/dts/sandbox.dtsi | 3 +++ arch/sandbox/dts/test.dts | 3 +++ test/py/tests/test_fit.py | 3 +++ test/py/tests/vboot/sandbox-u-boot.dts | 3 +++ 5 files changed, 13 insertions(+) diff --git a/arch/Kconfig b/arch/Kconfig index e6191446a3..35624377ca 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -203,6 +203,7 @@ config SANDBOX imply KEYBOARD imply PHYSMEM imply GENERATE_ACPI_TABLE + imply BINMAN config SH bool "SuperH architecture" diff --git a/arch/sandbox/dts/sandbox.dtsi b/arch/sandbox/dts/sandbox.dtsi index 66b813faad..826db26fc2 100644 --- a/arch/sandbox/dts/sandbox.dtsi +++ b/arch/sandbox/dts/sandbox.dtsi @@ -7,6 +7,9 @@ #define USB_CLASS_HUB 9 / { + binman { + }; + chosen { stdout-path = "/serial"; }; diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts index 48ca3e1e47..c11ad8cb9f 100644 --- a/arch/sandbox/dts/test.dts +++ b/arch/sandbox/dts/test.dts @@ -61,6 +61,9 @@ osd0 = "/osd"; }; + binman { + }; + config { testing-bool; testing-int = <123>; diff --git a/test/py/tests/test_fit.py b/test/py/tests/test_fit.py index 6d5b43c3ba..5856960be2 100755 --- a/test/py/tests/test_fit.py +++ b/test/py/tests/test_fit.py @@ -89,6 +89,9 @@ base_fdt = ''' model = "Sandbox Verified Boot Test"; compatible = "sandbox"; + binman { + }; + reset@0 { compatible = "sandbox,reset"; reg = <0>; diff --git a/test/py/tests/vboot/sandbox-u-boot.dts b/test/py/tests/vboot/sandbox-u-boot.dts index 63f8f401de..5809c62fc1 100644 --- a/test/py/tests/vboot/sandbox-u-boot.dts +++ b/test/py/tests/vboot/sandbox-u-boot.dts @@ -4,6 +4,9 @@ model = "Sandbox Verified Boot Test"; compatible = "sandbox"; + binman { + }; + reset@0 { compatible = "sandbox,reset"; }; From patchwork Wed Feb 9 18:01:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1590657 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=Du+pArXs; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jv7640c0Mz9sCD for ; Thu, 10 Feb 2022 05:03:24 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0FAD883EC3; Wed, 9 Feb 2022 19:02:27 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="Du+pArXs"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 54EDC83EB5; Wed, 9 Feb 2022 19:01:59 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0611.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::611]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 1992783EA2 for ; Wed, 9 Feb 2022 19:01:47 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g4rkYckXKcaNHO9IComlvusxSYeNKn+e5RZNTBDwvtKu/sbajGKwW5KyOSsoxK/eiLa5QYC/TqKsTTkVeIplHOtYyRAiK+9u9lQqXh8jUKAjQWNG7Xzl4kzDTq27bd1u7hOZn1YLr8cw6vCXrB4BFN2w7m8sBEl/XQq6h2OTMcSqh00Sq2bdaG2lVqADU8vckYyvSQ9EZmWIN3+V1i2nNwdSvDcgGxno1jZq9q7IwKu0Huds4AipsQrfaN021ZjGiqLo4f/2m3bu40MGKb1Rn/27aGu/6WVsvBwEYn1bFrTCytuq/uJzTesdnux7K7p4/j//83tq18Ih6dbg8j7E8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dJc2afhGOmqa6cDu3SAT6rlcbDGxK0RfV8N5fI901tE=; b=b0r6vu+WmwRgIO8PVRTVovTeVJCgHDIvUm5+NF1HFFvpVose3Ns7C7ry3D4B8seIcLTYThzL9fD6uaoT+YME+M/ckmk1UDyTbNJuYXNQwzYkdrD+YBG7YYO+i/4YV12gNYQY1Cguvhp+YrfNg2yAP6O4nQLOFRPNPjJyqM/TpBweT7UcyVNZmWhYWB0QDSedHBwUAV/bB++801Ku7ClOLJzG7GpvR2u4IlVox9CA0wvuxBx5LhFj7tZZyGaID3JuY20Q3mMPgf2BtHBMi0ok3xXjAN9nMpHBaMrJ08er0jC+yGxBh1+mQs3x/nm7tGU3H670KcEvmtK+jiOPEenZag== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dJc2afhGOmqa6cDu3SAT6rlcbDGxK0RfV8N5fI901tE=; b=Du+pArXstehzInhOybQGDgvx88pooliUP+grICMUnb+p5BStLUaOQuaic2t94C4bx3ItDXF383CmBgAuY19ztihKgA4hVUtr4fLfHmt3cEBDF7af0B43wQwFKYyJvSeS3knYzRI4JV08L5fxJZhndmce8TZT5QShimjYyj2UnCYLWt8zRp0i36ijdasR8EosiSpZ+aZaT8mSt1K8b4+6bDvVDYKmqJ2+vJKz/p4+7Pk2Ah2rikbATk48AUPjoNRaO2y6wFCgaiznQw7aTAJxtSV1OBZx/uJcO9gkC0k/irj7IOsmuR3gUAosW9zfR9E+ZSP3n5gPDdZw+aA21HCfzg== Received: from PR3P191CA0042.EURP191.PROD.OUTLOOK.COM (2603:10a6:102:55::17) by MR1P264MB3297.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:29::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11; Wed, 9 Feb 2022 18:01:44 +0000 Received: from PR2FRA01FT006.eop-fra01.prod.protection.outlook.com (2603:10a6:102:55:cafe::94) by PR3P191CA0042.outlook.office365.com (2603:10a6:102:55::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT006.mail.protection.outlook.com (10.152.48.99) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:44 +0000 Received: from sah1lpt571.softathome.com (unknown [192.168.75.67]) by proxy.softathome.com (Postfix) with ESMTPSA id 3C9641FFD6; Wed, 9 Feb 2022 19:01:44 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v5 02/16] lib: Kconfig: enhance help for ASN1 Date: Wed, 9 Feb 2022 19:01:14 +0100 Message-Id: <20220209180128.10655-3-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220209180128.10655-1-philippe.reynes@softathome.com> References: <20220209180128.10655-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 570f8a24-904a-4aa9-3be7-08d9ebf63b93 X-MS-TrafficTypeDiagnostic: MR1P264MB3297:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5236; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: vf28tViDJndt9XBF+sWpUWqBHSGiLq88jnWmbm7H38A8Axgu2wB6pNNXYTeolq94hi8+au1ROb6yNxPqPfhnPu0TW2kbDCqNvctY/hSa+v4kZJqes2aJfCem4bHVjtx10tAXCqYGNZ/PZHp5IX5bBm1RF3ByNOKIxqyKFv4iWw+meAOrZ6J6v3g8qQqqjZ/Qur8AgyxkSjtolX8a8iNGfX6NejMPtrOYFWY6cj2/+0zSfYC9a+u/gQMRT/O8lVUr3rcptBhKPPVE0rPEbhDjiPEw8dRfYUmqSHVahTOUCDEQxfNZVgTsWTZL+F8ElEg/qcneZlrLKKDXhLNgnDXzmgJIr3/ByfQadPwap3bsJJSQD+ZrsulRv3bl5V8QmXf9C9Wskg8l72k+P3OXzyzZRbaxFyrTm+DqAmEC9j6Hhtt5pigGnoOiiD/3SsDMeo3Uy1pxmaoChI0+GTpjaPJQbpLdIstVqrUFG4Rpd2N7Amlq4XIIfCp/GpB6QDR+RGybFqsb/P4MYC4JCs/BIF8Xw+oDEXiqLPrCPc70VipbbcISC2OiSr/8FxineLxOEyZDa71WQnknLHtlZBa/6skRoEJhlUtHy4SToGWmcAryZUW2etLzgXuDzea98imeiSSJNcNiaDVOvUZcZqC0BRLxZLdp+YFaO1nk6dnARTY7idA3LMGDuTmqmhjYsAzNRddItOFuPbH1zfeZscr3IZOnQM64VfbmGT6Od1zASFjg1s1VtVxejygrPOGbCOO8kw98tOUguLk8YYpJE3ietZ05VbJGOvfNQttZpPEukbTVGNg= X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(36756003)(316002)(6266002)(86362001)(83380400001)(426003)(6966003)(82310400004)(40460700003)(2906002)(336012)(5660300002)(8676002)(4326008)(356005)(8936002)(7696005)(44832011)(36860700001)(70586007)(26005)(1076003)(47076005)(186003)(508600001)(81166007)(70206006)(6666004)(2616005)(82960400001)(107886003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2022 18:01:44.3154 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 570f8a24-904a-4aa9-3be7-08d9ebf63b93 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT006.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MR1P264MB3297 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Enhance the help for configs ASN1_COMPILER and ASN1_decoder. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- lib/Kconfig | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/Kconfig b/lib/Kconfig index 3c6fa99b1a..b0e5d60b3d 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -791,11 +791,23 @@ endmenu config ASN1_COMPILER bool + help + ASN.1 (Abstract Syntax Notation One) is a standard interface + description language for defining data structures that can be + serialized and deserialized in a cross-platform way. It is + broadly used in telecommunications and computer networking, + and especially in cryptography (https://en.wikipedia.org/wiki/ASN.1). + This option enables the support of the asn1 compiler. config ASN1_DECODER bool help - Enable asn1 decoder library. + ASN.1 (Abstract Syntax Notation One) is a standard interface + description language for defining data structures that can be + serialized and deserialized in a cross-platform way. It is + broadly used in telecommunications and computer networking, + and especially in cryptography (https://en.wikipedia.org/wiki/ASN.1). + This option enables the support of the asn1 decoder. config OID_REGISTRY bool From patchwork Wed Feb 9 18:01:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1590655 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=HABv4o0V; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jv75X6ngdz9sCD for ; Thu, 10 Feb 2022 05:02:56 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3C9BB83EEB; Wed, 9 Feb 2022 19:02:20 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="HABv4o0V"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id D94F283EDB; Wed, 9 Feb 2022 19:01:53 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-PR2-obe.outbound.protection.outlook.com (mail-pr2fra01on060d.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e18::60d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id A873D83E91 for ; Wed, 9 Feb 2022 19:01:46 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JJ+SnJFueO7CQj3z98tswMkXvzPfC0MqOSThNeW3k4YtQ26qnc0RB+WdRAwMOnLjTtbbiHiBQEaDJ9zTiwVHf2gniAxYqNi1amNwWpxRjIO6nbAGylswonpFp6UsFJwSCSAiUo21OqnazlQr5q24/TMgtWabQWVlaz3QQ27ysNF7rNZ4LgnBUN/TaOtO4m7+JdalwndedcE0zfYi01u1WCB8dzQ53qwbwiL4yZShRGq42aiNQGwbNpCv6R774do2/7Tz+f60g6JG6IoMxlO/P7hjaR8N2PMiqxPL8insD8opgy6mTPmGXS81gYb/QS4hLgtieDuazSxsi/TOTkEkqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XyWuE2Zne/K4B+redeaUUmK34dnU4ZghPItqFNW31bY=; b=UiLRDlzuXCARbzOIHLVNqs19gR9/pJewmZlOb9K5vcUijdLyy1THKz+9qcnITvJAXSCRD+a4vB1XN0x8nIi1ih4G1iGq5tbo0R1xH8fqbPWgRjbnC/QT7fGQHiDmGPNJhZMPvsghRKHgNlkGMVgM1xRISeV6XiUbk1gJjaf5kU7+H2JlbOBZ6yNMgtANHtDMQasPshKfyZYM/NSs3Sy6LjysYlUzCF8e+ibPE94k+u+xlK5DgxT8moCCG5xSjCWN7RPE1qUIWj5mCgWAOsdBjLucosaYZTbiYf44PpTW8A9o2DV4uRKsNqcvsxFBE75aotosaUFVCrsqOozBWwlejw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XyWuE2Zne/K4B+redeaUUmK34dnU4ZghPItqFNW31bY=; b=HABv4o0VjaOuh8wbYAk4GUWUN3tq+ky8itY/IKQo8mNmzwN8if0phdzAmo45vQ2rk9ypeDHvEbpDpRoT3JyYRDTrUjpQJOeFmvyhwTJIwaP/xdRDyvvn/j7Adi7U+xOYFm9xnSHWAgG2S9DKsG3SM6q/1QjfOiwleRX6Q+4/MdoWJHJPwdqndLupMZVUdsSfOeI+HM+jHupuEtXt1oq/MJic9az7N8eqiUF82J1gvM2KbycvSTMIsKDS/6XToffiUl/2dVTwylm6VHfjAccemigV31tJ3/FK0eIjVG54SVvHMUMxrsh+vfjZIfGKWHV06eucWf9dNbaoqx5GFbhy3Q== Received: from PR1P264CA0030.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:19f::17) by MR1P264MB1668.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:11::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.18; Wed, 9 Feb 2022 18:01:44 +0000 Received: from PR2FRA01FT013.eop-fra01.prod.protection.outlook.com (2603:10a6:102:19f:cafe::1c) by PR1P264CA0030.outlook.office365.com (2603:10a6:102:19f::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.12 via Frontend Transport; Wed, 9 Feb 2022 18:01:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT013.mail.protection.outlook.com (10.152.48.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:44 +0000 Received: from sah1lpt571.softathome.com (unknown [192.168.75.67]) by proxy.softathome.com (Postfix) with ESMTPSA id 3FCC91FFF4; Wed, 9 Feb 2022 19:01:44 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v5 03/16] lib: Kconfig: enhance the help of OID_REGISTRY Date: Wed, 9 Feb 2022 19:01:15 +0100 Message-Id: <20220209180128.10655-4-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220209180128.10655-1-philippe.reynes@softathome.com> References: <20220209180128.10655-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 863308b0-009e-45de-045a-08d9ebf63b9b X-MS-TrafficTypeDiagnostic: MR1P264MB1668:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3044; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: EgUhwd7new9kMU7wMfaI49qu/h8C6BSQ7Lsa6ejMHEYxftLs/xFGw6Enklca6m8pq6og/2GxRZNU6ZTwA6vR0Ln35jEluvB++peeHZFpXdpTt/TlsFKwehMwWSFbuGqBfm95RV2FWd79L95ZkJ/mI8I/Kh7DW12x7PrlpGDHWFKE9ffTNCjoOHYGP92FPgfK120O2PcDnkkABT9UXr1HB0/sgVMw/4e9WNJ+FkukyIQL914Tzl5E29REAiIaV2n8ULIcmFCDaUwf0ipNK/zz+Ch5ROqTEqvyQ0g0+mQ/F4zkJNN0+E4o3hW+WVjQX8F8sffb2gHt/a5Nr7jGO7WmLlUf0xZ3bs4BiUDpYx6zzUgTrz3stVroj0UO7WfaovlXTOJ3BJ9QGqb4C6kmcEEM0U6z1xKcxStvgKaoeDwvJ1QahDF/anMHjazrZlp5ku/Q2RKDmVFNJ5tzZVooAtZB2xbmnoDftZAIlZN6I3mmX9YcXv6lCqqi0ayAzv1FnMs2zC4Tlbpznzox2JMzi4HoyQiB/Lha+pTlEl4Kv0IKqzCcgPbCEBnw7lgptMqECOcsxHQ2BCaCzFqNvdVjguzBtAkCCWOe4U9x52I0vydoBoZ4BOFW9o5f235aYpksuAwX7mlX7nA3NAtiITastJuDjC9BErKqL5lnCcXUKgKIVTcPzLwBbppFtAQvSP3ktzaKl6gGDynuU3BKA79c1DBtDJv0IxcgTcYNPlw0C+DARDwTwkal3SZBZQO7ypqKWb9mQ4+DmIUbj6b2rjGYR/pG10Dhaqs4TNrVnb+LS/p3CZY= X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(5660300002)(336012)(47076005)(81166007)(2616005)(86362001)(6266002)(186003)(36860700001)(70586007)(426003)(1076003)(8936002)(82960400001)(4744005)(26005)(8676002)(70206006)(4326008)(6666004)(316002)(7696005)(82310400004)(6966003)(40460700003)(36756003)(107886003)(2906002)(44832011)(508600001)(356005)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2022 18:01:44.3664 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 863308b0-009e-45de-045a-08d9ebf63b9b X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT013.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MR1P264MB1668 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Enhance the help for the config OID_REGISTRY. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- lib/Kconfig | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/Kconfig b/lib/Kconfig index b0e5d60b3d..e749826f22 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -812,6 +812,10 @@ config ASN1_DECODER config OID_REGISTRY bool help + In computing, object identifiers or OIDs are an identifier mechanism + standardized by the International Telecommunication Union (ITU) and + ISO/IEC for naming any object, concept, or "thing" with a globally + unambiguous persistent name (https://en.wikipedia.org/wiki/Object_identifier). Enable fast lookup object identifier registry. config SMBIOS_PARSER From patchwork Wed Feb 9 18:01:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1590656 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=wmH28VpO; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jv75q1nB5z9sCD for ; Thu, 10 Feb 2022 05:03:11 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 9D49283EBD; Wed, 9 Feb 2022 19:02:23 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="wmH28VpO"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4A20583E97; Wed, 9 Feb 2022 19:01:56 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-PR2-obe.outbound.protection.outlook.com (mail-pr2fra01on0600.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e18::600]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 0A99883EB5 for ; Wed, 9 Feb 2022 19:01:47 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JVK63aX86wEYVANsa4EY+l0udBo111TFRQQ30kzMEYwy9dNtgOVdFdZU9SnE6/8O0N7qVNeGkx5lZS9x4nwgjPWVAcqbOgs6y/BrSyJoVquQn56hpfZtUEy1dNLR+06wY0zfaHEF5xj4iseQOwSCoFGBWcL+ZUfxS/vro662f6F/abm6n64GK+SCfHanulJh1T9BkobTQ7g2WZ5lKXFBjqKSaLgAp+/qnerf27JNLXIl+dPfa4UV5kbNs8fRtNEUwRIXtO/pKWPExeIsjid+6lSUkh+yIaCC4LdRDYDY4ie2N8JvuvB7xVIxe1Hh1dLFifb2Iyu83hcKi8+/2aJ4Sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eaMP/2/Nvu+2M32F/+sMNxwPiLKaYLxOMNP7aX3gdIM=; b=Jls3noA5NFi1cT7EjxhxzFdMWWThw/HAXhpJfYA6u4PdtqVIUohdbr6n6g+h0mbnu+OAR3qcBVMiomUD1sAbRMC+RVqq3iIWH8NOa+nLyCGxcwFiD9PYXzjwTc4abj6Y//tGPXew+aT14iQgWspBsQ2zccp6Uoi0jMx/tbAtwWY1y2qLlmoz5TmiBEyKsiLnncPypvFB2GaIp+9/VCcEjCMJyhH1ieJq0Sk7jLla4vN/7XP8M/3bJVJ1R0xjc9denSYkhA+Y54gZMhv7k3txWH1Fua/oesjclV7UFPKPXFU4wVAzrRM8Hqr4YKpgMLE65hJfDLE4Z84HYSRvhEtK9g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eaMP/2/Nvu+2M32F/+sMNxwPiLKaYLxOMNP7aX3gdIM=; b=wmH28VpO3IWAnJEwYqOnh0UxGBJdB0sTyCY7IzX/IMLorBqE2MDk6ch23nifbXpEEBi4nz/FsUVut9+r9/T9B9DbeR/TuMvslovyIHQfiOQsoHaeAeSEYUr7Rv9h746jmcJIpXhEfEJbBRbAtVncPlEpYwkbHMqbjaxpIOSxCht3zFB1OFeMQ/Iz32ji6aGLlxaPDkVFDahnnKCGL+heBPrjqHrtcmH8WUsCIQhTHYHPKaljSTIWaQlq1Cl1JkhbhBUS4OS+gmW0pEKrwoTk1/tCK8yc/AK5cGTSGp1VQrPlYG6SKlxFXEsGZ60NDwqE4QrPgFJ6EfdFm+1YTgSrvg== Received: from MR1P264CA0110.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:50::19) by MR1P264MB3569.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:23::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11; Wed, 9 Feb 2022 18:01:44 +0000 Received: from MR2FRA01FT001.eop-fra01.prod.protection.outlook.com (2603:10a6:501:50:cafe::e0) by MR1P264CA0110.outlook.office365.com (2603:10a6:501:50::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.12 via Frontend Transport; Wed, 9 Feb 2022 18:01:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by MR2FRA01FT001.mail.protection.outlook.com (10.152.50.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:44 +0000 Received: from sah1lpt571.softathome.com (unknown [192.168.75.67]) by proxy.softathome.com (Postfix) with ESMTPSA id 4D7C020117; Wed, 9 Feb 2022 19:01:44 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v5 04/16] lib: allow to build asn1 decoder and oid registry in SPL Date: Wed, 9 Feb 2022 19:01:16 +0100 Message-Id: <20220209180128.10655-5-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220209180128.10655-1-philippe.reynes@softathome.com> References: <20220209180128.10655-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 87fd33c9-f75d-4fca-0e2e-08d9ebf63bb6 X-MS-TrafficTypeDiagnostic: MR1P264MB3569:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:170; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: pv1WXfxzJU46fKma0O9nZusOwYU9eF7M3vQs/uz1EqEkUF1EjglHGWmceDZZGuTnEX/aUK+lWwuwQo5snRoIRaMTSY2AkJdyGIORlw3/ZfsRUy+/S2wxcKO4dd/+ACpM8dgvqqSuE5pwhU4W5sWUX17iLLWQGsJIf2/XNL3EGv8aJSIOdItzjpW4iiGQfG7Tflj+pZHoF/xmstxRzQnWhuGxOMGymYoagvMuZh/fvYHsXCzaWpwePzZGNV0+zCbd2rQtAC/hb8EiCVXB75UZylu6lBL4i0DzclCIvQr0+uZhCR6KWiPvwvWt/DijvKC45YT5sSOnJH/XOpndr5NKJlpRqnTEeoZ540CHNsmP4in2zZWAMoZPt+h+n0fQ4f+mXUghwQ0/fyDRhcan3uRPbcCPILjxZaleC1ZixYIYIWtuv7MCqXIuLOcbJ8TnPQpZBOXMbHb0GvzJEKmpS0efsIl2pGO9mZN7BnMWcQiQxpBFQsrq2vSvF67UCNA4NlRujyuXSuZUrIHwroYJSsd7/kdbCI0FcUcj2q/0Ajza4Wub8+096wHDCjR3mEs1icrsEPWlC7fRCiZD9iBm991I/XqzxAsKYZpgtla/bFw2dL4uekxgSNacYs+FO/JRshhjgAXx4JUnNOU1hYe9fbuD1kAZnOWAhV+KN5EIrSt7aveQYw62euRkgrCUVo24S4nZiiTLyb1F31Tfhy42wwHKXJaxLF1L3zoU2FEZDuoxt13fK7eyUESXZMGc4zHtV2DJtOt4KxdPu3VW0ScrMiuwMguRWWB4kNajN7cULkB0PhIHHWiEy5+7Upzhhjsu8Llzzny0vHuOUPZoaLvyK8wL5Q== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(82960400001)(2616005)(40460700003)(36756003)(47076005)(316002)(44832011)(2906002)(107886003)(356005)(83380400001)(81166007)(4326008)(5660300002)(6666004)(8936002)(336012)(6266002)(426003)(1076003)(7696005)(86362001)(70206006)(70586007)(8676002)(508600001)(36860700001)(26005)(186003)(82310400004)(6966003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2022 18:01:44.5279 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 87fd33c9-f75d-4fca-0e2e-08d9ebf63bb6 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: MR2FRA01FT001.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MR1P264MB3569 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean This commit adds the options: - SPL_ASN1_DECODER - SPL_OID_REGISTRY Signed-off-by: Philippe Reynes --- lib/Kconfig | 19 +++++++++++++++++++ lib/Makefile | 7 +++++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/lib/Kconfig b/lib/Kconfig index e749826f22..effe735365 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -809,6 +809,16 @@ config ASN1_DECODER and especially in cryptography (https://en.wikipedia.org/wiki/ASN.1). This option enables the support of the asn1 decoder. +config SPL_ASN1_DECODER + bool + help + ASN.1 (Abstract Syntax Notation One) is a standard interface + description language for defining data structures that can be + serialized and deserialized in a cross-platform way. It is + broadly used in telecommunications and computer networking, + and especially in cryptography (https://en.wikipedia.org/wiki/ASN.1). + This option enables the support of the asn1 decoder in the SPL. + config OID_REGISTRY bool help @@ -818,6 +828,15 @@ config OID_REGISTRY unambiguous persistent name (https://en.wikipedia.org/wiki/Object_identifier). Enable fast lookup object identifier registry. +config SPL_OID_REGISTRY + bool + help + In computing, object identifiers or OIDs are an identifier mechanism + standardized by the International Telecommunication Union (ITU) and + ISO/IEC for naming any object, concept, or "thing" with a globally + unambiguous persistent name (https://en.wikipedia.org/wiki/Object_identifier). + Enable fast lookup object identifier registry in the SPL. + config SMBIOS_PARSER bool "SMBIOS parser" help diff --git a/lib/Makefile b/lib/Makefile index 11b03d1cbe..fc284d68f8 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -17,7 +17,6 @@ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ obj-$(CONFIG_OPTEE_LIB) += optee/ -obj-$(CONFIG_ASN1_DECODER) += asn1_decoder.o obj-y += crypto/ obj-$(CONFIG_AES) += aes.o @@ -74,6 +73,7 @@ obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SHA256) += sha256.o obj-$(CONFIG_SHA512) += sha512.o obj-$(CONFIG_CRYPT_PW) += crypt/ +obj-$(CONFIG_$(SPL_)ASN1_DECODER) += asn1_decoder.o obj-$(CONFIG_$(SPL_)ZLIB) += zlib/ obj-$(CONFIG_$(SPL_)ZSTD) += zstd/ @@ -135,9 +135,9 @@ obj-$(CONFIG_$(SPL_TPL_)STRTO) += strto.o else # Main U-Boot always uses the full printf support obj-y += vsprintf.o strto.o -obj-$(CONFIG_OID_REGISTRY) += oid_registry.o obj-$(CONFIG_SSCANF) += sscanf.o endif +obj-$(CONFIG_$(SPL_)OID_REGISTRY) += oid_registry.o obj-y += abuf.o obj-y += date.o @@ -148,6 +148,9 @@ obj-$(CONFIG_LIB_ELF) += elf.o # Build a fast OID lookup registry from include/linux/oid_registry.h # $(obj)/oid_registry.o: $(obj)/oid_registry_data.c +ifdef CONFIG_SPL_BUILD +CFLAGS_oid_registry.o += -I$(obj) +endif $(obj)/oid_registry_data.c: $(srctree)/include/linux/oid_registry.h \ $(srctree)/scripts/build_OID_registry From patchwork Wed Feb 9 18:01:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1590651 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=T6LRN44d; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jv74h0sNxz9sCD for ; Thu, 10 Feb 2022 05:02:12 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id CEC0B83E91; Wed, 9 Feb 2022 19:01:57 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="T6LRN44d"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1EC0483ED4; Wed, 9 Feb 2022 19:01:51 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-PR2-obe.outbound.protection.outlook.com (mail-pr2fra01on061f.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e18::61f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 9F37083DB7 for ; Wed, 9 Feb 2022 19:01:46 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W6/oMz6aovV2w6gDPPMuF2XJlxXepXIZOAPprMcyWYi+NHmtS0CAaUOY4UieA0qYsyaQHdEdi2DiZ2wEyZRuhL1krLpGmTyY0IS00jbJlH25gHq9F/v63Rzw2Fz/z2QuODIznFnmDeZX8agzghM6a1E060icagB3CrqsgNKyOYiTsFkyFdSacWaSEiYo49/bPhOhJctE3jfEluDsJLyJiE+jGkLO1wijhV06BM9nWpCEmTcrBB4but6FxjtTaRTBd1oHpNQcjNW79PxxmOVTwfxwl9bbUPFWOmBEZuBepPAsBSuHocjMiB71Wjf6KurSjtp0IXar3o3lAyvBFpUbHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=G0IkOiY/tpMXcinkJX8CouK50cgNeqbh/LMdggTWR60=; b=cXppi6CrcWJys5BIAunQxfW6md4hRG4FPNGaf8IvKcUp3ZdJE6mI8XnwbVPgsKQLACVGr1hw2AWTVCKhbNin1fzmH+DDqrj01sdZ5XjNflW5lXYfmtwFURHlW9F4ghyIXYq89uuWU8fGE70ssRTGNUKFziZA3HUwdDHNM+SKSwSZWs6bWbVap1PX+phaV0LsUKBAHKYOBxDz9F4DGrdlIh6s5VRP4f8CkDMt6zRONmk6ifZX75/tX6c3/YifslQFs+HqI5U/4lsZXYzxqIqqXX1sxhrZEm+KVFQjuQba1uYG5NYx0lMVypE9Z52qck3ROY6RNtGWB1p60PJU4gFkqA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G0IkOiY/tpMXcinkJX8CouK50cgNeqbh/LMdggTWR60=; b=T6LRN44dUOYaGMKeqwxjw7aw8vHTC/huyBjPBbnfn2NVl9Yk4Y7QcTNjZdc2o96DPEu/EPJB9KSFEJX7MDQGTfwSfsHVa3i9h/41EPFl9SZsPZEMWTupAkGnUgH7QGbcNY2J4DDXtBrL2oL0Xg5OQ5lM3LZH8Io8PqNa+tE3SNg2SaI/ib3D6tGSVbetL+Zc/ds032WchYKVDXtnCnhOYxENlWVkMStuN4zgmZCgiP8XvfqRxQO+0Eho4Y5rgWw61fJIlr1cSv6zh/FxpFmTMa4U6jIQudWIznb+7n2+1s8HCeoZg1zDDejsOgHhUf1xkpR77dWslt6FZa6D4XtSXw== Received: from PR0P264CA0166.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:1b::34) by PR0P264MB3547.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:160::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.12; Wed, 9 Feb 2022 18:01:45 +0000 Received: from PR2FRA01FT008.eop-fra01.prod.protection.outlook.com (2603:10a6:100:1b:cafe::f2) by PR0P264CA0166.outlook.office365.com (2603:10a6:100:1b::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.12 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT008.mail.protection.outlook.com (10.152.48.101) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:44 +0000 Received: from sah1lpt571.softathome.com (unknown [192.168.75.67]) by proxy.softathome.com (Postfix) with ESMTPSA id 51C072013C; Wed, 9 Feb 2022 19:01:44 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v5 05/16] lib: crypto: allow to build crypyo in SPL Date: Wed, 9 Feb 2022 19:01:17 +0100 Message-Id: <20220209180128.10655-6-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220209180128.10655-1-philippe.reynes@softathome.com> References: <20220209180128.10655-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: b3cfbfce-4962-46fe-aaa4-08d9ebf63bf6 X-MS-TrafficTypeDiagnostic: PR0P264MB3547:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:519; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: aZKiCPsDlt+xyTYrHOWZRffJMtnkVG5rI6LjXPIVsabHy6atast46YJcA3u39+UFJgTMTZ2GAjLWtNLdsewG6rEkI/eco0VH3lKN7WVvlB8bFsKaECCgXE+KtzB/RZ/KEGX0DIhn685YVs6D3F7B1/PPlSEu2C7d6bgHB2W1ess8bxQq0hBUrlMaMbSmNeHko+gtTRkoIDDMZtaptkhANxIgtvGgyI+UeWUmPC+RHHbm8epC+C94HPx6n010sY4YvUWtKw0kepP5UQNP4WYYtBFL0d1LZBI6WEPF5kh2bMznSiXRX05kzBhlLbYgBcxFjvX0clI8HFgap5Wtyih5uZQ7qmtQQ4HBErbs05fKn9mVglJihrMxfy44nhueEXr6idILuC1JvfspcaBiwKiwq09ODgKxEq3Ebdev018xEjsZFl6SEYDNf6R89Qksc8E5ZnumN3q2gv0mhnc/GtXPElMiLVxFToFXx/PI9qGTiZki6SfXf0o4IcV/gxRCcnifhTROXMaGDjYwHqgT0ZKDVr/L6mwzQicjsDKjUrb7ilmCcXP/sdtyg1ukmJW7hvQVbjjJ5DcePoCWkL5xjNsPXv52ySw5D6UJyRYxObwd4QJRUrrAZFrs2sRDKB1CCIFBXJXJQpPt6V1WrVzQ+hZ9vmsZx+pBrvR7D4M+E0R3iwPGyDkwjGIKZfBnvgdYcyhqe8Xkvd0Y/WRtEsHr3/Ayhg== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(70586007)(508600001)(40460700003)(47076005)(82310400004)(44832011)(8936002)(70206006)(86362001)(7696005)(107886003)(8676002)(81166007)(4326008)(356005)(82960400001)(5660300002)(6666004)(36860700001)(36756003)(2616005)(1076003)(6266002)(336012)(426003)(186003)(26005)(6966003)(316002)(83380400001)(2906002)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2022 18:01:44.9670 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b3cfbfce-4962-46fe-aaa4-08d9ebf63bf6 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT008.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR0P264MB3547 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean This commit adds the options: - SPL_ASYMMETRIC_KEY_TYPE - SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE - SPL_RSA_PUBLIC_KEY_PARSER Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- lib/Makefile | 3 ++- lib/crypto/Kconfig | 29 +++++++++++++++++++++++++++++ lib/crypto/Makefile | 19 +++++++++++++------ 3 files changed, 44 insertions(+), 7 deletions(-) diff --git a/lib/Makefile b/lib/Makefile index fc284d68f8..7aaee3488b 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -17,7 +17,6 @@ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ obj-$(CONFIG_OPTEE_LIB) += optee/ -obj-y += crypto/ obj-$(CONFIG_AES) += aes.o obj-$(CONFIG_AES) += aes/ @@ -63,6 +62,8 @@ obj-$(CONFIG_TPM_V1) += tpm-v1.o obj-$(CONFIG_TPM_V2) += tpm-v2.o endif +obj-y += crypto/ + obj-$(CONFIG_$(SPL_TPL_)GENERATE_ACPI_TABLE) += acpi/ obj-$(CONFIG_$(SPL_)MD5) += md5.o obj-$(CONFIG_ECDSA) += ecdsa/ diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig index 6369bafac0..509bc28311 100644 --- a/lib/crypto/Kconfig +++ b/lib/crypto/Kconfig @@ -8,6 +8,15 @@ menuconfig ASYMMETRIC_KEY_TYPE if ASYMMETRIC_KEY_TYPE +config SPL_ASYMMETRIC_KEY_TYPE + bool "Asymmetric (public-key cryptographic) key Support within SPL" + depends on SPL + help + This option provides support for a key type that holds the data for + the asymmetric keys used for public key cryptographic operations such + as encryption, decryption, signature generation and signature + verification in the SPL. + config ASYMMETRIC_PUBLIC_KEY_SUBTYPE bool "Asymmetric public-key crypto algorithm subtype" help @@ -16,6 +25,15 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE appropriate hash algorithms (such as SHA-1) must be available. ENOPKG will be reported if the requisite algorithm is unavailable. +config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + bool "Asymmetric public-key crypto algorithm subtype within SPL" + depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE + help + This option provides support for asymmetric public key type handling in the SPL. + If signature generation and/or verification are to be used, + appropriate hash algorithms (such as SHA-1) must be available. + ENOPKG will be reported if the requisite algorithm is unavailable. + config RSA_PUBLIC_KEY_PARSER bool "RSA public key parser" depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE @@ -27,6 +45,17 @@ config RSA_PUBLIC_KEY_PARSER public key data and provides the ability to instantiate a public key. +config SPL_RSA_PUBLIC_KEY_PARSER + bool "RSA public key parser within SPL" + depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_ASN1_DECODER + select ASN1_COMPILER + select SPL_OID_REGISTRY + help + This option provides support for parsing a blob containing RSA + public key data and provides the ability to instantiate a public + key in the SPL. + config X509_CERTIFICATE_PARSER bool "X.509 certificate parser" depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index f3a414525d..6792b1d4f0 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -3,27 +3,34 @@ # Makefile for asymmetric cryptographic keys # -obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o +obj-$(CONFIG_$(SPL_)ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o asymmetric_keys-y := asymmetric_type.o -obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o +obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o # # RSA public key parser # -obj-$(CONFIG_RSA_PUBLIC_KEY_PARSER) += rsa_public_key.o +obj-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER) += rsa_public_key.o rsa_public_key-y := \ rsapubkey.asn1.o \ rsa_helper.o $(obj)/rsapubkey.asn1.o: $(obj)/rsapubkey.asn1.c $(obj)/rsapubkey.asn1.h +ifdef CONFIG_SPL_BUILD +CFLAGS_rsapubkey.asn1.o += -I$(obj) +endif + $(obj)/rsa_helper.o: $(obj)/rsapubkey.asn1.h +ifdef CONFIG_SPL_BUILD +CFLAGS_rsa_helper.o += -I$(obj) +endif # # X.509 Certificate handling # -obj-$(CONFIG_X509_CERTIFICATE_PARSER) += x509_key_parser.o +obj-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER) += x509_key_parser.o x509_key_parser-y := \ x509.asn1.o \ x509_akid.asn1.o \ @@ -40,11 +47,11 @@ $(obj)/x509_akid.asn1.o: $(obj)/x509_akid.asn1.c $(obj)/x509_akid.asn1.h # # PKCS#7 message handling # -obj-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o +obj-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER) += pkcs7_message.o pkcs7_message-y := \ pkcs7.asn1.o \ pkcs7_parser.o -obj-$(CONFIG_PKCS7_VERIFY) += pkcs7_verify.o +obj-$(CONFIG_$(SPL_)PKCS7_VERIFY) += pkcs7_verify.o $(obj)/pkcs7_parser.o: $(obj)/pkcs7.asn1.h $(obj)/pkcs7.asn1.o: $(obj)/pkcs7.asn1.c $(obj)/pkcs7.asn1.h From patchwork Wed Feb 9 18:01:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1590654 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=MimrGLSb; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jv75L0Y5wz9sCD for ; Thu, 10 Feb 2022 05:02:45 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 774C383EC5; Wed, 9 Feb 2022 19:02:17 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="MimrGLSb"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id F1C6483EDC; Wed, 9 Feb 2022 19:01:55 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0622.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::622]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E309883E97 for ; Wed, 9 Feb 2022 19:01:46 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JN3fgBnjyVKvHSjzSCgU6tiFJL3imPbaXxqoWzpEjOvzQPbJKwEDawzpLhGc0QBKQDAg37AmVmlc52I+TY7a2xcOvS5LcpujOTVIezAjLZ3cipsohK5YOR0JvW9KizBihiUsxYNrwa+9UJ4UqSjRpObOWqhdmBoiSf2ILyc7IH58HnILpLRodq7P0+nbQd4qCrov6g9Ly9iQMouw863P54APFW8agJRDGByVp3+mkx4OuQKlEUkUTfoRoaSaBDJdE1AU1mbBaNZY65sjKXVB2G94hS1cQX/bwGrCMkhenF5VGk3NvJw+R0GQvdJcucsalfvQTwMnvfT7WZ4c2IFTFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=M5KogDfJxy1DKP0Cfr+T+bAU5BmrqTOQWlD76KfjbMw=; b=PPlIq5SsU6gkjEIMOb9WY3YzZ5ixkCX6eT5WEkvPDgIJ6r87P4c3ahNUM0+EaptA1IbOOS+xOFNHoNV3qG0TtWvMfFDJhqlLrkA/NeQne6SMi+VQx8umcxvyYyuma7yEFqzhy4DAXKXQW+bwQKHIUigfAzTGf3KWLmKDzUAw5VxEddwXBceKHYhPA5KsO2YQNZHIomdJHObpGaEX0U5Ff9k/T32gptrjFpJu9Ujif52f8OASJqEipkz8Qquc+0FXOL2nLktAg3N1JlZ876PUByQxNGwrIHKzbJCB/Yrvk+BNq+ANQvvyb3pPflSBxd2bkWZSYz84wfg74BeeqjFhPQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M5KogDfJxy1DKP0Cfr+T+bAU5BmrqTOQWlD76KfjbMw=; b=MimrGLSbUUtNJr3vy7wD0NpLBu0kRgS325C9Oi+4XVhCSBPkEcH1gtXx4lLYHjQyquC574IId88VGPeoGvTxekuFYCNatDWbxvSkkIQDVOWdoGZjswVBXZ2EfymJwXrVcST776iAoPkzQbU36qnlrXxOeZcwh/ZCWCzqLBy9LTQZNRi4XJf6/u/EotU2ZLcdpkYp6nMe6DXXOpm9uCZPgYaVffbEFhBo4vTO4r+u883PKNK4u2hxeDdUbpHSkwGtr0BZ3dTQeBK5oVy5IDHtfde+YEH+HbEiWI7VABPIDLrgy3KQA0PmQZABH5oDJojCTRKLr8sSNZ84xCPbmDTQSg== Received: from PR3PR09CA0004.eurprd09.prod.outlook.com (2603:10a6:102:b7::9) by MR1P264MB4401.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:43::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11; Wed, 9 Feb 2022 18:01:45 +0000 Received: from PR2FRA01FT015.eop-fra01.prod.protection.outlook.com (2603:10a6:102:b7:cafe::aa) by PR3PR09CA0004.outlook.office365.com (2603:10a6:102:b7::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.14 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT015.mail.protection.outlook.com (10.152.48.108) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 Received: from sah1lpt571.softathome.com (unknown [192.168.75.67]) by proxy.softathome.com (Postfix) with ESMTPSA id 6149A2015D; Wed, 9 Feb 2022 19:01:44 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v5 06/16] lib: rsa: allow rsa verify with pkey in SPL Date: Wed, 9 Feb 2022 19:01:18 +0100 Message-Id: <20220209180128.10655-7-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220209180128.10655-1-philippe.reynes@softathome.com> References: <20220209180128.10655-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: d3e55677-8888-495e-4790-08d9ebf63c05 X-MS-TrafficTypeDiagnostic: MR1P264MB4401:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:989; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: S7XcjuWnW9MgEgWy0jM2AlmZ7Y+T8+DfYVuZ/Z4UebygghVwi4UKQu4WpSOhe0173RFguC6jd+iIFeQ8lHsUAfNiJmoR9c1QB+wP1C9qYfKyFZXevCUYIZuwD2RtYVPN2mJgmzxAJhi8ifv0P6KuN8AKN4gGA53OyQM6qTxvjHs2/nNI+CAl9R8fEsgl8Mduq+tBWfgfPXnWG2HMF0EEMe/uCkeugupBYWeFI8HO+GFIJYmk6FS17VoE8ohnemiojNnRJkHosJodWnEIzzflg4FrwIEwwEcaqxpLfGo7ZmJ0rZs2cDPAcBxhjsVOFqZEXh98rpxTX025CitxfNRVXLra0rxooefFSyRoHyjOJPU52XnudqOGY9NjW7kE94JL+3Isi4G8dUniQGbOvkBoU3+KKyRvJRrD+2Xcw8vjb3lw+xtsS3hlPWr803yPFJz4XCKHvn3zyQY2kr4+XK0TYidyPUWrioetZoJTCc5RsRegbQHs+ktxlW7C34Zg5dlASTnMRxIcIewA4pVVVhQrmDlbvqcrEx4t79Y5aLpzqA4MaMnbfHPlFZvv62YMcu9tpY0W0YipqW1/Et6NxIV9R8BO2x4jJfU2c3oeM54A408XKxmROZ4V7xkTXk9zXx/aF6dPXyx1B8vdn+g6BFXYVL8xxFQ0XksLBlJf/nC6CWcCuidvRWA7ouA6DHxq/zSyqxxKUp4j5q8pgDAyzqeuvg== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(2616005)(6966003)(107886003)(8936002)(8676002)(26005)(186003)(4326008)(82310400004)(36756003)(1076003)(86362001)(70206006)(70586007)(316002)(40460700003)(36860700001)(426003)(336012)(6266002)(2906002)(83380400001)(44832011)(508600001)(356005)(81166007)(6666004)(47076005)(82960400001)(5660300002)(15650500001)(7696005)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2022 18:01:45.0628 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d3e55677-8888-495e-4790-08d9ebf63c05 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT015.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MR1P264MB4401 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean This commit adds the option SPL_RSA_VERIFY_WITH_PKEY. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- lib/rsa/Kconfig | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index be9775bcce..b773f17c26 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -47,6 +47,25 @@ config RSA_VERIFY_WITH_PKEY directly specified in image_sign_info, where all the necessary key properties will be calculated on the fly in verification code. +config SPL_RSA_VERIFY_WITH_PKEY + bool "Execute RSA verification without key parameters from FDT within SPL" + depends on SPL + select SPL_RSA_VERIFY + select SPL_ASYMMETRIC_KEY_TYPE + select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_RSA_PUBLIC_KEY_PARSER + help + The standard RSA-signature verification code (FIT_SIGNATURE) uses + pre-calculated key properties, that are stored in fdt blob, in + decrypting a signature. + This does not suit the use case where there is no way defined to + provide such additional key properties in standardized form, + particularly UEFI secure boot. + This options enables RSA signature verification with a public key + directly specified in image_sign_info, where all the necessary + key properties will be calculated on the fly in verification code + in the SPL. + config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" depends on DM From patchwork Wed Feb 9 18:01:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1590660 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=m1SF6cUz; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jv76W6WFPz9sCD for ; Thu, 10 Feb 2022 05:03:47 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 7659883EFF; Wed, 9 Feb 2022 19:02:34 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="m1SF6cUz"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 76C0183EDD; Wed, 9 Feb 2022 19:02:01 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on062a.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::62a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 542E983EC7 for ; Wed, 9 Feb 2022 19:01:47 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Szigs+uMkq/ogMbgrsWr04jEOQqCTZ1fApiUrQyNrB5jNOHCf6AsU0R10NtYXhTPF5DwpCJw3AxYGYnTzBRPx0OfWD02mV17mrilMj6f/HMDvm0hPxshuRgHzDCkQk76GNHv3PLfz/r9WiSjCx9DHywFxqWozut/UN71ipxo8O0Uu+cOvBIxGIqIx1N1w4ymE5D0KC37MTFqKohtfgWXdC03siFfF8tSFpKU/GlD6/vetmozEcaQMOkg91SfRQ+yRIIsVdQXN0MLV3Sa7hxknSaksaAqdR+2umeTY33DcZX1hnkb/tgbg9g8cScq2b3OvFHjsWblu4rdN83TVhHd0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=n/H/0oUvhWforUC/XI5f0JiEwqHlhHt1JDHHci+Gvxs=; b=Tw9l58kqDHDgaK9YOnJAFRA9vT4NbmZVD8LrOKIjM5YvCrJSIUkQQtGRHVoBrTlnndmYlLQdqkbHBuruy9CaaMhTCwONLiQpYb0ktc+MVO2fUhsVvuJimWjirK04II0TxYUOdMWqNgq4AjJuOqpdp6mOOXaqZQY8Hp66BIS89GqF2/IaoYdr4UsQA13yIQ00uyBTXX8NpBegPZp6NG8muSZsXIaCEv1I0HhWD+wKyVYvLas7CJjMR4MctQSxwM/Os7znkKqG4X4kjCwnvqt20AS77w4aWY4dqdsMu5kjUKLXBS3SwidQ0z6tKjTP6LnvI9k7kytsEaHXKNuAe8M6Vg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n/H/0oUvhWforUC/XI5f0JiEwqHlhHt1JDHHci+Gvxs=; b=m1SF6cUzsGsH16DUdNed4UB0N3+it/SsZ8m8ex6P5SyGpz6ixvBKYp957Xd7xzcEfaeG0X78CwAsZNmWkccXLAg4PmlJdWliZBLP2mm6wSPWGZtC8ZkWjcF+fg34ALx7NMLlQ/3ZFMbmfTD3BQ/pM6kAf1ISe029eHOnkItsd6U3+zHeOghjzrTt48McgZUmn4AcsWqrWMC+4xh4Uu4GUhNs1wpOzB1mVfDUWJ6y/B6FAXJlTGcmN/hjTtzdBxwXK2R+4sRPSRDcaBFvYRNndAuPO0np19ybMCbd7/rGVQh8hvB915Cg5qaerYq5m9Ea3uDl4mKYpDH8vt9jaMcZug== Received: from PR3P195CA0006.EURP195.PROD.OUTLOOK.COM (2603:10a6:102:b6::11) by MRZP264MB2827.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:18::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11; Wed, 9 Feb 2022 18:01:45 +0000 Received: from MR2FRA01FT004.eop-fra01.prod.protection.outlook.com (2603:10a6:102:b6:cafe::2f) by PR3P195CA0006.outlook.office365.com (2603:10a6:102:b6::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by MR2FRA01FT004.mail.protection.outlook.com (10.152.50.111) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 Received: from sah1lpt571.softathome.com (unknown [192.168.75.67]) by proxy.softathome.com (Postfix) with ESMTPSA id 7028F20179; Wed, 9 Feb 2022 19:01:44 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v5 07/16] boot: image: add a stage pre-load Date: Wed, 9 Feb 2022 19:01:19 +0100 Message-Id: <20220209180128.10655-8-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220209180128.10655-1-philippe.reynes@softathome.com> References: <20220209180128.10655-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 82fc362a-f779-4164-7dac-08d9ebf63c09 X-MS-TrafficTypeDiagnostic: MRZP264MB2827:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hrUowKDsMIB8YeI3W44Dw1mQ5TrYExMl+ZttHGp+n6ZKUGjKu+Irh/MB78eXY2cKtesPLxQBnqEjSSFcjW6epMSV6LTpdrqLCpc9ZzoD/wfSG1ggBRAkyqcRn6fGaWSY4AwDWVqvyMKGnK08Nps6TpKdns0oY62/0ERZod8GFnjHjnK6e2+VqhZ5ooyNwM7AElPLMV6O2triLTSk0eKfOaDvoh3I8B6pQh1fVeWLI+Hi2KknvHpYmg6WYNZ3z9yg+kopylXxGu+5bPLqc0DnOOgTOHkA99/afdPFwGnCHGJNmJG9cBCxuHD6lYzjqhfYfj46JF4j2ie+ayko8ocP+ZHI6Nr8I92kjq7SPQtEe2oUYHrCHwvlloq5vXCq3oP6nzySio7VEOstl+kUvl/7+m2CSVilYrOCtieaajjViW2fCLyhedsWCDB7FOOABfPUkocM61mAT5MPCkqRUEgygsk1D9IqzTiNgqwGvjpKmEN/tKtbyqqJVQudt813uWNCoe+Egl3VRd3HVglTOtdpG/1R3+ySO5iyTgnLwYn3zglKeRkSuB/Y5MqjNgiyKzN93FRc2KTqGhAtByqQJIEm4RtxTUOGleKPKhhWC8CtyH4LXlBonCjJxstRu4v7BKucSdkVpymVfHfZgEk4V8gAbyUpSProMSDL/I6GuoCnXc6/7MT9G79TkZSHY3p5VDxn+rEcLur4Ev5Tpm4fT5syuw== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(40470700004)(46966006)(47076005)(426003)(70586007)(70206006)(26005)(186003)(36860700001)(83380400001)(8936002)(4326008)(316002)(6966003)(2616005)(508600001)(86362001)(36756003)(40460700003)(336012)(107886003)(6266002)(8676002)(1076003)(5660300002)(82310400004)(82960400001)(2906002)(6666004)(7696005)(356005)(44832011)(81166007)(30864003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2022 18:01:45.0748 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 82fc362a-f779-4164-7dac-08d9ebf63c09 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: MR2FRA01FT004.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MRZP264MB2827 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Add a stage pre-load that could check or modify an image. For the moment, only a header with a signature is supported. This header has the following format: - magic : 4 bytes - version : 4 bytes - header size : 4 bytes - image size : 4 bytes - offset image signature : 4 bytes - flags : 4 bytes - reserved0 : 4 bytes - reserved1 : 4 bytes - sha256 of the image signature : 32 bytes - signature of the first 64 bytes : n bytes - image signature : n bytes - padding : up to header size The stage uses a node /image/pre-load/sig to get some informations: - algo-name (mandatory) : name of the algo used to sign - padding-name : name of padding used to sign - signature-size : size of the signature (in the header) - mandatory : set to yes if this sig is mandatory - public-key (madatory) : value of the public key Before running the image, the stage pre-load checks the signature provided in the header. This is an initial support, later we could add the support of: - ciphering - uncompressing - ... Signed-off-by: Philippe Reynes --- boot/Kconfig | 55 ++++++ boot/Makefile | 1 + boot/image-pre-load.c | 408 ++++++++++++++++++++++++++++++++++++++++++ include/image.h | 14 ++ 4 files changed, 478 insertions(+) create mode 100644 boot/image-pre-load.c diff --git a/boot/Kconfig b/boot/Kconfig index b83a4e8400..cb5f48dcf9 100644 --- a/boot/Kconfig +++ b/boot/Kconfig @@ -993,6 +993,61 @@ config AUTOBOOT_MENU_SHOW endmenu +menu "Image support" + +config IMAGE_PRE_LOAD + bool "Image pre-load support" + help + Enable an image pre-load stage in the SPL. + This pre-load stage allows to do some manipulation + or check (for example signature check) on an image + before launching it. + +config SPL_IMAGE_PRE_LOAD + bool "Image pre-load support within SPL" + depends on SPL && IMAGE_PRE_LOAD + help + Enable an image pre-load stage in the SPL. + This pre-load stage allows to do some manipulation + or check (for example signature check) on an image + before launching it. + +config IMAGE_PRE_LOAD_SIG + bool "Image pre-load signature support" + depends on IMAGE_PRE_LOAD + select FIT_SIGNATURE + select RSA + select RSA_VERIFY_WITH_PKEY + help + Enable signature check support in the pre-load stage. + For this feature a very simple header is added before + the image with few fields: + - a magic + - the image size + - the signature + All other information (header size, type of signature, + ...) are provided in the node /image/pre-load/sig of + u-boot. + +config SPL_IMAGE_PRE_LOAD_SIG + bool "Image pre-load signature support witin SPL" + depends on SPL_IMAGE_PRE_LOAD && IMAGE_PRE_LOAD_SIG + select SPL_FIT_SIGNATURE + select SPL_RSA + select SPL_RSA_VERIFY_WITH_PKEY + help + Enable signature check support in the pre-load stage in the SPL. + For this feature a very simple header is added before + the image with few fields: + - a magic + - the image size + - the signature + All other information (header size, type of signature, + ...) are provided in the node /image/pre-load/sig of + u-boot. + +endmenu + config USE_BOOTARGS bool "Enable boot arguments" help diff --git a/boot/Makefile b/boot/Makefile index 2938c3f145..59752c65ca 100644 --- a/boot/Makefile +++ b/boot/Makefile @@ -26,6 +26,7 @@ obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += image-fdt.o obj-$(CONFIG_$(SPL_TPL_)FIT_SIGNATURE) += fdt_region.o obj-$(CONFIG_$(SPL_TPL_)FIT) += image-fit.o obj-$(CONFIG_$(SPL_)MULTI_DTB_FIT) += boot_fit.o common_fit.o +obj-$(CONFIG_$(SPL_TPL_)IMAGE_PRE_LOAD) += image-pre-load.o obj-$(CONFIG_$(SPL_TPL_)IMAGE_SIGN_INFO) += image-sig.o obj-$(CONFIG_$(SPL_TPL_)FIT_SIGNATURE) += image-fit-sig.o obj-$(CONFIG_$(SPL_TPL_)FIT_CIPHER) += image-cipher.o diff --git a/boot/image-pre-load.c b/boot/image-pre-load.c new file mode 100644 index 0000000000..3b18c5086a --- /dev/null +++ b/boot/image-pre-load.c @@ -0,0 +1,408 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (C) 2021 Philippe Reynes + */ + +#include +#include +DECLARE_GLOBAL_DATA_PTR; +#include +#include + +#include + +#define IMAGE_PRE_LOAD_SIG_MAGIC 0x55425348 +#define IMAGE_PRE_LOAD_SIG_OFFSET_MAGIC 0 +#define IMAGE_PRE_LOAD_SIG_OFFSET_IMG_LEN 4 +#define IMAGE_PRE_LOAD_SIG_OFFSET_SIG 8 + +#define IMAGE_PRE_LOAD_PATH "/image/pre-load/sig" +#define IMAGE_PRE_LOAD_PROP_ALGO_NAME "algo-name" +#define IMAGE_PRE_LOAD_PROP_PADDING_NAME "padding-name" +#define IMAGE_PRE_LOAD_PROP_SIG_SIZE "signature-size" +#define IMAGE_PRE_LOAD_PROP_PUBLIC_KEY "public-key" +#define IMAGE_PRE_LOAD_PROP_MANDATORY "mandatory" + +#ifndef CONFIG_SYS_BOOTM_LEN +/* use 8MByte as default max gunzip size */ +#define CONFIG_SYS_BOOTM_LEN 0x800000 +#endif + +/* + * Information in the device-tree about the signature in the header + */ +struct image_sig_info { + char *algo_name; /* Name of the algo (eg: sha256,rsa2048) */ + char *padding_name; /* Name of the padding */ + u8 *key; /* Public signature key */ + int key_len; /* Length of the public key */ + u32 sig_size; /* size of the signature (in the header) */ + int mandatory; /* Set if the signature is mandatory */ + + struct image_sign_info sig_info; /* Signature info */ +}; + +/* + * Header of the signature header + */ +struct sig_header_s { + u32 magic; + u32 version; + u32 header_size; + u32 image_size; + u32 offset_img_sig; + u32 flags; + u32 reserved0; + u32 reserved1; + u8 sha256_img_sig[SHA256_SUM_LEN]; +}; + +#define SIG_HEADER_LEN (sizeof(struct sig_header_s)) + +/* + * Offset of the image + * + * This value is used to skip the header before really launching the image + */ +ulong image_load_offset; + +/* + * This function gathers information about the signature check + * that could be done before launching the image. + * + * return: + * < 0 => an error has occurred + * 0 => OK + * 1 => no setup + */ +static int image_pre_load_sig_setup(struct image_sig_info *info) +{ + const void *algo_name, *padding_name, *key, *mandatory; + const u32 *sig_size; + int key_len; + int node, ret = 0; + + if (!info) { + log_err("ERROR: info is NULL for image pre-load sig check\n"); + ret = -EINVAL; + goto out; + } + + memset(info, 0, sizeof(*info)); + + node = fdt_path_offset(gd_fdt_blob(), IMAGE_PRE_LOAD_PATH); + if (node < 0) { + log_info("INFO: no info for image pre-load sig check\n"); + ret = 1; + goto out; + } + + algo_name = fdt_getprop(gd_fdt_blob(), node, + IMAGE_PRE_LOAD_PROP_ALGO_NAME, NULL); + if (!algo_name) { + printf("ERROR: no algo_name for image pre-load sig check\n"); + ret = -EINVAL; + goto out; + } + + padding_name = fdt_getprop(gd_fdt_blob(), node, + IMAGE_PRE_LOAD_PROP_PADDING_NAME, NULL); + if (!padding_name) { + log_info("INFO: no padding_name provided, so using pkcs-1.5\n"); + padding_name = "pkcs-1.5"; + } + + sig_size = fdt_getprop(gd_fdt_blob(), node, + IMAGE_PRE_LOAD_PROP_SIG_SIZE, NULL); + if (!sig_size) { + log_err("ERROR: no signature-size for image pre-load sig check\n"); + ret = -EINVAL; + goto out; + } + + key = fdt_getprop(gd_fdt_blob(), node, + IMAGE_PRE_LOAD_PROP_PUBLIC_KEY, &key_len); + if (!key) { + log_err("ERROR: no key for image pre-load sig check\n"); + ret = -EINVAL; + goto out; + } + + info->algo_name = (char *)algo_name; + info->padding_name = (char *)padding_name; + info->key = (uint8_t *)key; + info->key_len = key_len; + info->sig_size = fdt32_to_cpu(*sig_size); + + mandatory = fdt_getprop(gd_fdt_blob(), node, + IMAGE_PRE_LOAD_PROP_MANDATORY, NULL); + if (mandatory && !strcmp((char *)mandatory, "yes")) + info->mandatory = 1; + + /* Compute signature information */ + info->sig_info.name = info->algo_name; + info->sig_info.padding = image_get_padding_algo(info->padding_name); + info->sig_info.checksum = image_get_checksum_algo(info->sig_info.name); + info->sig_info.crypto = image_get_crypto_algo(info->sig_info.name); + info->sig_info.key = info->key; + info->sig_info.keylen = info->key_len; + + out: + return ret; +} + +static int image_pre_load_sig_get_magic(ulong addr, u32 *magic) +{ + struct sig_header_s *sig_header; + int ret = 0; + + sig_header = (struct sig_header_s *)map_sysmem(addr, SIG_HEADER_LEN); + if (!sig_header) { + log_err("ERROR: can't map first header\n"); + ret = -EFAULT; + goto out; + } + + *magic = fdt32_to_cpu(sig_header->magic); + + unmap_sysmem(sig_header); + + out: + return ret; +} + +static int image_pre_load_sig_get_header_size(ulong addr, u32 *header_size) +{ + struct sig_header_s *sig_header; + int ret = 0; + + sig_header = (struct sig_header_s *)map_sysmem(addr, SIG_HEADER_LEN); + if (!sig_header) { + log_err("ERROR: can't map first header\n"); + ret = -EFAULT; + goto out; + } + + *header_size = sig_header->header_size; + + unmap_sysmem(sig_header); + + out: + return ret; +} + +/* + * return: + * < 0 => no magic and magic mandatory (or error when reading magic) + * 0 => magic found + * 1 => magic NOT found + */ +static int image_pre_load_sig_check_magic(struct image_sig_info *info, ulong addr) +{ + u32 magic; + int ret = 1; + + ret = image_pre_load_sig_get_magic(addr, &magic); + if (ret < 0) + goto out; + + if (magic != IMAGE_PRE_LOAD_SIG_MAGIC) { + if (info->mandatory) { + log_err("ERROR: signature is mandatory\n"); + ret = -EINVAL; + goto out; + } + ret = 1; + goto out; + } + + ret = 0; /* magic found */ + + out: + return ret; +} + +static int image_pre_load_sig_check_header_sig(struct image_sig_info *info, ulong addr) +{ + void *header; + struct image_region reg; + u32 sig_len; + u8 *sig; + int ret = 0; + + /* Only map header of the header and its signature */ + header = (void *)map_sysmem(addr, SIG_HEADER_LEN + info->sig_size); + if (!header) { + log_err("ERROR: can't map header\n"); + ret = -EFAULT; + goto out; + } + + reg.data = header; + reg.size = SIG_HEADER_LEN; + + sig = (uint8_t *)header + SIG_HEADER_LEN; + sig_len = info->sig_size; + + ret = info->sig_info.crypto->verify(&info->sig_info, ®, 1, sig, sig_len); + if (ret) { + log_err("ERROR: header signature check has failed (err=%d)\n", ret); + ret = -EINVAL; + goto out_unmap; + } + + out_unmap: + unmap_sysmem(header); + + out: + return ret; +} + +static int image_pre_load_sig_check_img_sig_sha256(struct image_sig_info *info, ulong addr) +{ + struct sig_header_s *sig_header; + void *header; + u8 sha256_img_sig[SHA256_SUM_LEN]; + int ret = 0; + + sig_header = (struct sig_header_s *)map_sysmem(addr, SIG_HEADER_LEN); + if (!sig_header) { + log_err("ERROR: can't map first header\n"); + ret = -EFAULT; + goto out; + } + + header = (void *)map_sysmem(addr, sig_header->header_size); + if (!header) { + log_err("ERROR: can't map header\n"); + ret = -EFAULT; + goto out_sig_header; + } + + sha256_csum_wd(header + sig_header->offset_img_sig, info->sig_size, + sha256_img_sig, CHUNKSZ_SHA256); + + ret = memcmp(sig_header->sha256_img_sig, sha256_img_sig, SHA256_SUM_LEN); + if (ret) { + log_err("ERROR: sha256 of image signature is invalid\n"); + ret = -EFAULT; + goto out_header; + } + + out_header: + unmap_sysmem(header); + out_sig_header: + unmap_sysmem(sig_header); + out: + return ret; +} + +static int image_pre_load_sig_check_img_sig(struct image_sig_info *info, ulong addr) +{ + struct sig_header_s *sig_header; + void *image; + struct image_region reg; + u32 sig_len; + u8 *sig; + int ret = 0; + + sig_header = (struct sig_header_s *)map_sysmem(addr, SIG_HEADER_LEN); + if (!sig_header) { + log_err("ERROR: can't map first header\n"); + ret = -EFAULT; + goto out; + } + + image = (void *)map_sysmem(addr, sig_header->header_size + sig_header->image_size); + if (!image) { + log_err("ERROR: can't map full image\n"); + ret = -EFAULT; + goto out_unmap_sig_header; + } + + reg.data = image + sig_header->header_size; + reg.size = sig_header->image_size; + + sig = (uint8_t *)image + sig_header->offset_img_sig; + sig_len = info->sig_size; + + ret = info->sig_info.crypto->verify(&info->sig_info, ®, 1, sig, sig_len); + if (ret) { + log_err("ERROR: signature check has failed (err=%d)\n", ret); + ret = -EINVAL; + goto out_unmap_image; + } + + log_info("INFO: signature check has succeed\n"); + + out_unmap_image: + unmap_sysmem(image); + + out_unmap_sig_header: + unmap_sysmem(sig_header); + + out: + return ret; +} + +int image_pre_load_sig(ulong addr) +{ + struct image_sig_info info; + int ret; + + ret = image_pre_load_sig_setup(&info); + if (ret < 0) + goto out; + if (ret > 0) { + ret = 0; + goto out; + } + + ret = image_pre_load_sig_check_magic(&info, addr); + if (ret < 0) + goto out; + if (ret > 0) { + ret = 0; + goto out; + } + + /* Check the signature of the signature header */ + ret = image_pre_load_sig_check_header_sig(&info, addr); + if (ret < 0) + goto out; + + /* Check sha256 of the image signature */ + ret = image_pre_load_sig_check_img_sig_sha256(&info, addr); + if (ret < 0) + goto out; + + /* Check the image signature */ + ret = image_pre_load_sig_check_img_sig(&info, addr); + if (!ret) { + u32 header_size; + + ret = image_pre_load_sig_get_header_size(addr, &header_size); + if (ret) { + log_err("%s: can't get header size\n", __func__); + ret = -EINVAL; + goto out; + } + + image_load_offset += header_size; + } + + out: + return ret; +} + +int image_pre_load(ulong addr) +{ + int ret = 0; + + image_load_offset = 0; + + if (CONFIG_IS_ENABLED(IMAGE_PRE_LOAD_SIG)) + ret = image_pre_load_sig(addr); + + return ret; +} diff --git a/include/image.h b/include/image.h index 97e5f2eb24..fbcf70f5e4 100644 --- a/include/image.h +++ b/include/image.h @@ -48,6 +48,7 @@ struct fdt_region; extern ulong image_load_addr; /* Default Load Address */ extern ulong image_save_addr; /* Default Save Address */ extern ulong image_save_size; /* Default Save Size */ +extern ulong image_load_offset; /* Default Load Address Offset */ /* An invalid size, meaning that the image size is not known */ #define IMAGE_SIZE_INVAL (-1UL) @@ -1323,6 +1324,19 @@ struct crypto_algo *image_get_crypto_algo(const char *full_name); */ struct padding_algo *image_get_padding_algo(const char *name); +/** + * image_pre_load() - Manage pre load header + * + * Manage the pre-load header before launching the image. + * It checks the signature of the image. It also set the + * variable image_load_offset to skip this header before + * launching the image. + * + * @param addr Address of the image + * @return: 0 on success, -ve on error + */ +int image_pre_load(ulong addr); + /** * fit_image_verify_required_sigs() - Verify signatures marked as 'required' * From patchwork Wed Feb 9 18:01:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1590666 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=GhgpA+2q; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jv77d4lWgz9sCD for ; Thu, 10 Feb 2022 05:04:45 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 458B983EB5; Wed, 9 Feb 2022 19:02:53 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="GhgpA+2q"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id DD43D83EC5; Wed, 9 Feb 2022 19:02:09 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0620.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::620]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id AA74983ED0 for ; Wed, 9 Feb 2022 19:01:47 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F9X8jQkzwvHZgMZ/49iYIcItESxB57a4Xhtz140+U8GNoMR+zTNO1q2l4L7XfiDWqUMp3pl43e/zhXZiAfKqVBakM1A7U287kjgU1r8ZyuX2sUG5YZwNDLfXlupFW6cOQ5GP6rxNnDCO9xevZ6GPJ2BqwJM5lNDhB2SDpC9r4riGIhsgnCBMZh76sBAMeJCsTO7RQYSrgOywB9+5UliMQlQ2eEr3SrW58JJH85FoCXpaF9XUFhEmTRw0yfK4pzBfHLem3+VjjUX/SGEiqjZFXYV6ZeYBsev/aYZZyAZCrj0JXYOjVA7cHd9J+HrTEJVwXNmj2aWO2PwJA2uO44lo3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ju+dTXHCzQooHwcbiAdS2U9QZQ8pwu8wOZw1KOIa7qs=; b=Oq/VeX5o3rVlCE/BG0MV1obbilrBSqpjKn6CXn15R0KUXneZ9K/QJEDweDDgJzwNOqYiRnwuCIbyynCXiDJGgbkCp1Nvbx0SBohHKJAZCKSY9xtnoOZZcKxgT0XTKeNpbie+EvwwUipzllwchbL1P+IuZspNzLLveOg5ZksqsPO06BwAb/yrwqbPB0aCXAI3hl2C7XJQMKPonyKikLfs34HZesaDaaVOV3M3pYj7szm4shOEiReUOOkeqmTBhOS3W3bFvgmyhpylUBbnYtEaopGO/w/wTUOSW5voDq6gOnBC0yPo0Eur7KHEztWmB5mHIIzU+48Xo94/0Qp/1zq9Og== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ju+dTXHCzQooHwcbiAdS2U9QZQ8pwu8wOZw1KOIa7qs=; b=GhgpA+2qJfJ5B1CwAnUx0z2gXWJO7BEb53FxmVV/q8dXe4IjDIhsiFi92/8teFQoHzZw1A6ASD2zhN7WM/h91prHNKwlh7FGFS0VZ4zHRc3ghyg/VZcAGLFXLYq28zNOI1rTiiNrdLt0cONfghei/FLod/oOh5L8qdvYEQvJ5ctSllvrS7Hd82P5F6V9pns5IgmGvnKR2xk6F33J5K5JYcOcHAXVpkpRjryGl1FBjcS9si3j+LmFGJvJCYmhcmS1Xyoiu47qaMWDoVxoUYxNcEnKyz6EjXcV0hEcoflBOYWmiv8HJn2qKhY8D/HdJZW5zM3BjaA981D/SOkRDnLwJw== Received: from MR2P264CA0102.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:33::18) by MRXP264MB0456.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:22::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.16; Wed, 9 Feb 2022 18:01:45 +0000 Received: from MR2FRA01FT007.eop-fra01.prod.protection.outlook.com (2603:10a6:500:33:cafe::af) by MR2P264CA0102.outlook.office365.com (2603:10a6:500:33::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by MR2FRA01FT007.mail.protection.outlook.com (10.152.50.174) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 Received: from sah1lpt571.softathome.com (unknown [192.168.75.67]) by proxy.softathome.com (Postfix) with ESMTPSA id 7992F20197; Wed, 9 Feb 2022 19:01:44 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v5 08/16] cmd: bootm: add a stage pre-load Date: Wed, 9 Feb 2022 19:01:20 +0100 Message-Id: <20220209180128.10655-9-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220209180128.10655-1-philippe.reynes@softathome.com> References: <20220209180128.10655-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: adfa6f0e-9344-48d7-ca12-08d9ebf63c0f X-MS-TrafficTypeDiagnostic: MRXP264MB0456:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: e2xVuCqJD2aH1I4sTuZIwWrPNTBZpROFXhBKw20EPdSEg0PNTIoUWAm2NwGqEM5tfiMYCoCSn1GraKiiCgopZX0B5ES68VNsWcj5ZlBpiXLcWmAeEr4O9miZAKs8YL4GDnBguQQkbIk9s8sgNCEqe5hI5UgV/H9ipynmbGtlaWwwY2Ee/GqbOgQontXkKKPs/wMONYuvSXovwSG5F3sYloPWWq0tkYbMhdlM6Pv0TyzW806BCrFGr/ttFVml98Tngo7GgbgSRlUQw75yBDwELGU1sUfCVBZxhJPAmPLwh5FP2jrDWv3dY+Aiau3WakEpGvjwHULFxpMsx+HoMEJesnkYp5iUMxOROB170uNAR9LXnUTjEA4i+Kexm17sGUfum7alKNgzPxEpblPiH9flA+C4MhSkdyOZp3OojH6roU7PqtqeY8YNat3vJvrchx51q1eQlwtCf+T3MnG8+nIF0ntWwFT041Vd9ZGVHJGJUFpeLMqhrDmEa2jSNobG8a+h19xk/C10taxHW0Devvo/eFUfweeOyhaUHnifI+07zgDiyt36u2oOBBeKr3PjC+KZTWMGQoqSQYvMayFTNle/wbEK1rS5QYAxl24uZ+r9ZinbSbbpZl3NrN6Y60dGi7wWAGrVPnh63HVp4oMc6upti/6hcmQNjTwW7jmg0yZYMaE5k5ZbsI2b0phRZ1+omlDkUHKl3NtiFGaS/7x4DGlxJg== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(46966006)(40470700004)(36840700001)(36860700001)(336012)(83380400001)(82960400001)(47076005)(36756003)(82310400004)(356005)(70586007)(8676002)(70206006)(8936002)(81166007)(508600001)(5660300002)(6966003)(44832011)(316002)(26005)(2906002)(2616005)(1076003)(40460700003)(107886003)(426003)(6266002)(186003)(7696005)(6666004)(4326008)(86362001)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2022 18:01:45.1004 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: adfa6f0e-9344-48d7-ca12-08d9ebf63c0f X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: MR2FRA01FT007.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MRXP264MB0456 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Add a stage pre-load to the command bootm. Right now, this stage may be used to read a header and check the signature of the full image. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- boot/bootm.c | 33 +++++++++++++++++++++++++++++++++ cmd/Kconfig | 10 ++++++++++ cmd/bootm.c | 2 +- include/image.h | 1 + 4 files changed, 45 insertions(+), 1 deletion(-) diff --git a/boot/bootm.c b/boot/bootm.c index 00c00aef84..714406ab66 100644 --- a/boot/bootm.c +++ b/boot/bootm.c @@ -87,6 +87,33 @@ static int bootm_start(struct cmd_tbl *cmdtp, int flag, int argc, return 0; } +static ulong bootm_data_addr(int argc, char *const argv[]) +{ + ulong addr; + + if (argc > 0) + addr = simple_strtoul(argv[0], NULL, 16); + else + addr = image_load_addr; + + return addr; +} + +static int bootm_pre_load(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + ulong data_addr = bootm_data_addr(argc, argv); + int ret = 0; + + if (CONFIG_IS_ENABLED(CMD_BOOTM_PRE_LOAD)) + ret = image_pre_load(data_addr); + + if (ret) + ret = CMD_RET_FAILURE; + + return ret; +} + static int bootm_find_os(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { @@ -677,6 +704,9 @@ int do_bootm_states(struct cmd_tbl *cmdtp, int flag, int argc, if (states & BOOTM_STATE_START) ret = bootm_start(cmdtp, flag, argc, argv); + if (!ret && (states & BOOTM_STATE_PRE_LOAD)) + ret = bootm_pre_load(cmdtp, flag, argc, argv); + if (!ret && (states & BOOTM_STATE_FINDOS)) ret = bootm_find_os(cmdtp, flag, argc, argv); @@ -866,6 +896,9 @@ static const void *boot_get_kernel(struct cmd_tbl *cmdtp, int flag, int argc, &fit_uname_config, &fit_uname_kernel); + if (CONFIG_IS_ENABLED(CMD_BOOTM_PRE_LOAD)) + img_addr += image_load_offset; + bootstage_mark(BOOTSTAGE_ID_CHECK_MAGIC); /* check image type, for FIT images get FIT kernel node */ diff --git a/cmd/Kconfig b/cmd/Kconfig index 5e25e45fd2..87aa3fb11a 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -194,6 +194,16 @@ config CMD_BOOTM help Boot an application image from the memory. +config CMD_BOOTM_PRE_LOAD + bool "enable pre-load on bootm" + depends on CMD_BOOTM + depends on IMAGE_PRE_LOAD + default n + help + Enable support of stage pre-load for the bootm command. + This stage allow to check or modify the image provided + to the bootm command. + config BOOTM_EFI bool "Support booting UEFI FIT images" depends on CMD_BOOTEFI && CMD_BOOTM && FIT diff --git a/cmd/bootm.c b/cmd/bootm.c index e8b7066888..c5de339fba 100644 --- a/cmd/bootm.c +++ b/cmd/bootm.c @@ -126,7 +126,7 @@ int do_bootm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) } return do_bootm_states(cmdtp, flag, argc, argv, BOOTM_STATE_START | - BOOTM_STATE_FINDOS | BOOTM_STATE_FINDOTHER | + BOOTM_STATE_FINDOS | BOOTM_STATE_PRE_LOAD | BOOTM_STATE_FINDOTHER | BOOTM_STATE_LOADOS | #ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH BOOTM_STATE_RAMDISK | diff --git a/include/image.h b/include/image.h index fbcf70f5e4..496b7af3f3 100644 --- a/include/image.h +++ b/include/image.h @@ -351,6 +351,7 @@ typedef struct bootm_headers { #define BOOTM_STATE_OS_PREP (0x00000100) #define BOOTM_STATE_OS_FAKE_GO (0x00000200) /* 'Almost' run the OS */ #define BOOTM_STATE_OS_GO (0x00000400) +#define BOOTM_STATE_PRE_LOAD 0x00000800 int state; #if defined(CONFIG_LMB) && !defined(USE_HOSTCC) From patchwork Wed Feb 9 18:01:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1590658 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=lRJByV2+; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jv76J3M32z9sCD for ; Thu, 10 Feb 2022 05:03:36 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2581483F01; Wed, 9 Feb 2022 19:02:30 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="lRJByV2+"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 84C1E83DB7; Wed, 9 Feb 2022 19:02:00 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0603.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::603]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 697B683ECE for ; Wed, 9 Feb 2022 19:01:47 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DuN5OwmNtbVaLbgRg4qGK9rw1IT1HYVdK1HvEjh8J6fWfiVG7HhonIfr1DTdpmTWlrs53eBgEg6iBIy2q75PkbeNQ5nBNlS6In0SZuXYrvK1gXaxj/QQ4B1EeZf7y0NjoYBaTIer5OriPDXtaDAoc/2IQoZIfCy+gJOFYjiYPRhpOGowNb1caQ4JYcZNm+F9dZ/R2G24kF99tuaKCLsP83tCdg4aTcAn76FlMJgFOyFSyVBgYmViJPFk4mCI0QXo665vey+fXEW1juoH308//vlLPk3Y8FjLIVMPa6w3zMh9zhE/YoJ8MK/TDRKTLWJ/QnxT4Yea/i5ppT+BrvFQdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2pEEYn7nnzZOZl+jy0l51f0ICxwClBxOskAf3YPTKbM=; b=RpY3qhp4rWB1w2d5JDZ59IRt1sKxBiZpHiXcSP7YXH7zreG8a0+z9ayVrlXIjLe8R01lliJ5jjiEGwNKXQP57Wsqb7I77Cy9V8Ti2Rga/pqG8jV4BbN7jBbclaVJEX1vP/FQclOb7QaR7cnyS7x/cJdyPefd9n8B/1/nuNA6/eG8kLbA707TJI1lIPGb8E1zCRwoMYTYXUOv2JTJ+fMpV+uf7A3y6fiMrk0Vmktie+DEIu5JWYQjORHFzDVQUhn2Uz8PcURrtmOU/pXmv/JBQprSSmqtthF4shijDMxxrwP33phcg4ooLCqewToFKp0LE4h4Kq0KD4J2xpTfneWZMg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2pEEYn7nnzZOZl+jy0l51f0ICxwClBxOskAf3YPTKbM=; b=lRJByV2+yWAvPnfR+trrJQxLrwPGs4JeK0vcZ0JxPUVl7eVtuJYiy34tGf+dzAKcM7cm1kgp319BsTjUx9kXl/5DPZ58TvRx6Yb2ER/RA8HDvP+ZqMPMVZNK4Jm4WO5zJf6GJxLdGNKw24Wnhba5M3P3y8NKJNQlQpxcn/JtVyYf8NoIqfRDqUvezckSveq9JTMaUSuduCeZ4Oo4YDFOlIB8cuTQb46Db/vKP9r704clBrT+snRb1IbpMXHnKolXSaNy6meTLfZTwPVRa9Q08C4OKnoSJ8M4O7aVGWf40Q7IA3JmsIWikldtKbY6o+WWGTgA43zFtgFxaN4XCl8p6g== Received: from PR1PR01CA0020.eurprd01.prod.exchangelabs.com (2603:10a6:102::33) by MR1P264MB1970.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:3::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11; Wed, 9 Feb 2022 18:01:45 +0000 Received: from MR2FRA01FT010.eop-fra01.prod.protection.outlook.com (2603:10a6:102:0:cafe::76) by PR1PR01CA0020.outlook.office365.com (2603:10a6:102::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.12 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by MR2FRA01FT010.mail.protection.outlook.com (10.152.50.176) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 Received: from sah1lpt571.softathome.com (unknown [192.168.75.67]) by proxy.softathome.com (Postfix) with ESMTPSA id 887192019C; Wed, 9 Feb 2022 19:01:44 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v5 09/16] common: spl: fit_ram: allow to use image pre load Date: Wed, 9 Feb 2022 19:01:21 +0100 Message-Id: <20220209180128.10655-10-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220209180128.10655-1-philippe.reynes@softathome.com> References: <20220209180128.10655-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: a88a40e4-87de-4013-3a86-08d9ebf63c11 X-MS-TrafficTypeDiagnostic: MR1P264MB1970:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:800; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: N2ppPXDTj4mjofCjQ3YXVewshF3FVFRZpkyFS2rU+qayCsLPf65uVlC4997ahVreq6ZgnHDq8dpY2O9sF5Xn0ika+ZXnvDo5wOK8hIDlveXh3IH2gzWCEn1fbZl8eZ7FxORloBHWaRkLeXOJGFhvw/YYbMcs80XxRQpwPyIxXakVAg9h1rtXc1ACd1eRK8bEG6xVRvgARMsH0wmDhbCiN/ra2KorHZHS9pDcNWL3Z8l7H6+oMEOHRZ4OVmS5hnv1oGDDAd4JHZCBW2OZjAaQQmRanVWxIFcdD+TWc3+wP2NHHRQJNEX5HFRlWvK70OIB07je5iEOcXa3ZCCMAR5V/8B0C1RANr/zZ7g9SiSkD+wppvexSDGfSgMwVYk2reYACR087GdOnE/pdLXMrZnACTK2ytc6dY/JhASRKXMt1ySOYkFyjOK6tKCZfL9w9LTGEWoJAb/5nSwKpYTZf8QRI3Jx56NQfp5orpCUSRcayFMz68Y+r8I0XgR+6GuDHWfRTAZc2PDbOuU1znYgqP2Jn5JG1BQWTOnidZdelrJKj3vvTXRyuSZ6vAg++5lYSFhcND3SFd5rQpjeZWcxgir5G/3qmJ6B5e2jNJf5nwZ1odyABDrZgE9bzjKnGlMKkuxjdwtmKX04T1LeHxETQbXi3E92L29h+5Ev+PHamUenwYXGWLi0bGl/n+QsVVzvJJD6G6rG2vHIs/eawifLyneBPg== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(82960400001)(2616005)(40460700003)(36756003)(47076005)(316002)(44832011)(2906002)(107886003)(356005)(83380400001)(81166007)(4326008)(5660300002)(6666004)(8936002)(336012)(6266002)(426003)(1076003)(7696005)(86362001)(70206006)(70586007)(8676002)(508600001)(36860700001)(26005)(186003)(82310400004)(6966003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2022 18:01:45.1255 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a88a40e4-87de-4013-3a86-08d9ebf63c11 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: MR2FRA01FT010.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MR1P264MB1970 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Add the support of image pre load in spl or tpl when loading an image from ram. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- common/spl/spl_ram.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/common/spl/spl_ram.c b/common/spl/spl_ram.c index 3f7f7accc1..8296459257 100644 --- a/common/spl/spl_ram.c +++ b/common/spl/spl_ram.c @@ -24,9 +24,17 @@ static ulong spl_ram_load_read(struct spl_load_info *load, ulong sector, ulong count, void *buf) { + ulong addr; + debug("%s: sector %lx, count %lx, buf %lx\n", __func__, sector, count, (ulong)buf); - memcpy(buf, (void *)(CONFIG_SPL_LOAD_FIT_ADDRESS + sector), count); + + addr = (ulong)CONFIG_SPL_LOAD_FIT_ADDRESS + sector; + if (CONFIG_IS_ENABLED(IMAGE_PRE_LOAD)) + addr += image_load_offset; + + memcpy(buf, (void *)addr, count); + return count; } @@ -37,6 +45,17 @@ static int spl_ram_load_image(struct spl_image_info *spl_image, header = (struct image_header *)CONFIG_SPL_LOAD_FIT_ADDRESS; + if (CONFIG_IS_ENABLED(IMAGE_PRE_LOAD)) { + unsigned long addr = (unsigned long)header; + int ret = image_pre_load(addr); + + if (ret) + return ret; + + addr += image_load_offset; + header = (struct image_header *)addr; + } + #if CONFIG_IS_ENABLED(DFU) if (bootdev->boot_device == BOOT_DEVICE_DFU) spl_dfu_cmd(0, "dfu_alt_info_ram", "ram", "0"); From patchwork Wed Feb 9 18:01:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1590653 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=cuFAutQd; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jv7576bHSz9sCD for ; Thu, 10 Feb 2022 05:02:35 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id D70D683EB1; Wed, 9 Feb 2022 19:02:06 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="cuFAutQd"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 0D93983E91; Wed, 9 Feb 2022 19:01:55 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0613.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::613]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id D575D83EAF for ; Wed, 9 Feb 2022 19:01:46 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E1vti2BRDcIMazYbdeu8daRV+d/MQcLDFMdh8k77+43FzPgTKRQGFfCFjsy6BFFigtS4aA0uq5m+JqgPJ0uI8wZOEJ7RnUCfkOtjDYstIXZXLQjrb2Y5ZesxikWreUmxQVRaUAxl/CsF3sequ4xnmNoN3TSqPDE1bdqSY6WHmTIxJNLxEJEHTzMzFxJNDH+uz1OHgD53LE9/FTWXR6VMZZLWTiJBo0l+yhlS36u72DTxFG/9XzeA4FT7seMo7nc+Bo6Wj0NIA2XpLBuESRyMEtoZso/UnjAhRQIFnFe7RaUKSNZjDFxCtnvYO1hKi842EmR2Ds7sWvU0FxgvZQwpFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3117ocJD8AohAUBL8QiIptkwjBvTS/BYiXUa9+8yrLo=; b=LlOd14nKFRqEGvFHQuEAbiGuwswxb7xZOFHKfuiknLerb95xxay8tPVAPISsYOcb8JMGYzwdRKOAoHTGM7zqIdP4YW2kQlw6c78bOf/xH+RjDJS/jWb6scZ6yDw49fNQ6GW3EGapMNhgXQ/XWzNHKwMCOU05nguGzp1k6tr0xWFlEdY3YCF73BrHt2HJpNGnTPpG8ia+P7HloE6Fms1UAhn7JCSmbLj48I1voYZvmlKm2QflOetpp0CV11MlhU1fSS+GHf7lh8zLYX6/obbPNuceOdyXI0JsSsSLtGIdSVXbIVCID13O6c3iCEu5C2gH7hUgKlO2h5sGEIFlAcw8zg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3117ocJD8AohAUBL8QiIptkwjBvTS/BYiXUa9+8yrLo=; b=cuFAutQdiVlRm9vyvqR8a13aImOwgYZD1eRaMhAeE2hoJWREPaa+Csh4okSzIEqResp8SJNfPZljuqghuB5SXXsG3/NJx0rv2HsWXsoBA+Jv3flY2vqWRe1nIGDz6kz7sdMpLlqDjZ6M/WhUWAc6E/BMuCFfIOvOOvtPDh8HZaMfSrlHhHE/rkLtWKsVoYS7UBi32ktvv223c3bEIXSL68qK9kkuQt2Hon3fLpiKgOYWUf3s9DXo7jLePdVnILafj7PlhImWnB+WP6z0lt4Yz620Ma9rHY7Pmf3nw8uiSNHvL6zMbqqemwZxXJJ963lNYDQjCr36h+RqDIrqp2yoxA== Received: from PR3PR09CA0013.eurprd09.prod.outlook.com (2603:10a6:102:b7::18) by PAYP264MB4143.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:11a::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11; Wed, 9 Feb 2022 18:01:45 +0000 Received: from PR2FRA01FT015.eop-fra01.prod.protection.outlook.com (2603:10a6:102:b7:cafe::a1) by PR3PR09CA0013.outlook.office365.com (2603:10a6:102:b7::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT015.mail.protection.outlook.com (10.152.48.108) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 Received: from sah1lpt571.softathome.com (unknown [192.168.75.67]) by proxy.softathome.com (Postfix) with ESMTPSA id 9744E2019E; Wed, 9 Feb 2022 19:01:44 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v5 10/16] mkimage: add public key for image pre-load stage Date: Wed, 9 Feb 2022 19:01:22 +0100 Message-Id: <20220209180128.10655-11-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220209180128.10655-1-philippe.reynes@softathome.com> References: <20220209180128.10655-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 4ed0fdcb-1a8d-42a6-aa0e-08d9ebf63c07 X-MS-TrafficTypeDiagnostic: PAYP264MB4143:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:59; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 12urHe6yqijsg5avkUDKNiMDgeUAqj+G7Z5wTMzpH4dcRzEKb1YzZRQXTs5IlbLlJ80cLOGURezMuDGl+TSpEe78aknrWtuooDqzU8UKRHhfzCcH6GpyQ5teQC1eGcHWeNIPcAloZAslBF9F1kpsSIWqXWk93xKDkSZtno0Un7nD4UXynaUplaWA77+fe9hl03GVv86NaW1xDgehbHtP/pCyFsIAtxZguAwK9J5jHOZ9CLNs2yEps42Unixy5VDZl1+rYami3eIH8/TCS+aIKE5CuRnjaGUZJiGqsrpw+D/gTvPp+fdev8KnbZnlDjjk2NSCkd9EZPfxGTPhbk1lELuFdEaJyXRAjdBjElgNzkCAlcLumD4NTEpVHoS/rktLW2DKpwcIYpcoOl5JWjmYqWNRSZVIlZ+r/9bYaTcoNUF8JbVdnSDeBFRf1TwnE85fPw+Z58nfGCWcdVe7oSVdl5sr8eDhmdPEfcZdzmy30E38ME1nsSr3dV6yWQHy95Fdo0jgdntBp7qZ7YRHnc1laEh+l6d2w68OLJ2Kv9odPWhVlIRfGyVDYdiQK4AMz1X6CFDk0rktsSuYhUXa5GwD8mnz8LuAA2MEFLW8hEw0fIGJ8kJc3VgSlVvFRqB2JZEGjmrs8Wgiit2NOhsJ5Fhh4Ju5irJRsVD1pt3hZGulEOTl14BY8ukeCU1jqxl/LKRPe4Xt4DN32LSSbzrJ4tuMaQ== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(6266002)(426003)(336012)(5660300002)(70206006)(186003)(70586007)(82310400004)(4326008)(26005)(8676002)(83380400001)(86362001)(2906002)(81166007)(44832011)(356005)(82960400001)(6666004)(316002)(40460700003)(107886003)(36860700001)(36756003)(8936002)(2616005)(47076005)(6966003)(508600001)(1076003)(7696005)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2022 18:01:45.0784 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4ed0fdcb-1a8d-42a6-aa0e-08d9ebf63c07 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT015.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAYP264MB4143 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Signed-off-by: Philippe Reynes --- include/image.h | 15 ++++++ tools/fit_image.c | 3 ++ tools/image-host.c | 114 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 132 insertions(+) diff --git a/include/image.h b/include/image.h index 496b7af3f3..498eb7f2e3 100644 --- a/include/image.h +++ b/include/image.h @@ -1019,6 +1019,21 @@ int fit_image_hash_get_value(const void *fit, int noffset, uint8_t **value, int fit_set_timestamp(void *fit, int noffset, time_t timestamp); +/** + * fit_pre_load_data() - add public key to fdt blob + * + * Adds public key to the node pre load. + * + * @keydir: Directory containing keys + * @keydest: FDT blob to write public key + * @fit: Pointer to the FIT format image header + * + * returns: + * 0, on success + * < 0, on failure + */ +int fit_pre_load_data(const char *keydir, void *keydest, void *fit); + int fit_cipher_data(const char *keydir, void *keydest, void *fit, const char *comment, int require_keys, const char *engine_id, const char *cmdname); diff --git a/tools/fit_image.c b/tools/fit_image.c index 15f7c82d61..1884a2eb0b 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -59,6 +59,9 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc, ret = fit_set_timestamp(ptr, 0, time); } + if (!ret) + ret = fit_pre_load_data(params->keydir, dest_blob, ptr); + if (!ret) { ret = fit_cipher_data(params->keydir, dest_blob, ptr, params->comment, diff --git a/tools/image-host.c b/tools/image-host.c index eaeb76545c..ab6f756cf1 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -14,6 +14,11 @@ #include #include +#include +#include + +#define IMAGE_PRE_LOAD_PATH "/image/pre-load/sig" + /** * fit_set_hash_value - set hash value in requested has node * @fit: pointer to the FIT format image header @@ -1111,6 +1116,115 @@ static int fit_config_add_verification_data(const char *keydir, return 0; } +/* + * 0) open file (open) + * 1) read certificate (PEM_read_X509) + * 2) get public key (X509_get_pubkey) + * 3) provide der format (d2i_RSAPublicKey) + */ +static int read_pub_key(const char *keydir, const void *name, + unsigned char **pubkey, int *pubkey_len) +{ + char path[1024]; + EVP_PKEY *key = NULL; + X509 *cert; + FILE *f; + int ret; + + memset(path, 0, 1024); + snprintf(path, sizeof(path), "%s/%s.crt", keydir, (char *)name); + + /* Open certificate file */ + f = fopen(path, "r"); + if (!f) { + fprintf(stderr, "Couldn't open RSA certificate: '%s': %s\n", + path, strerror(errno)); + return -EACCES; + } + + /* Read the certificate */ + cert = NULL; + if (!PEM_read_X509(f, &cert, NULL, NULL)) { + printf("Couldn't read certificate"); + ret = -EINVAL; + goto err_cert; + } + + /* Get the public key from the certificate. */ + key = X509_get_pubkey(cert); + if (!key) { + printf("Couldn't read public key\n"); + ret = -EINVAL; + goto err_pubkey; + } + + /* Get DER form */ + ret = i2d_PublicKey(key, pubkey); + if (ret < 0) { + printf("Couldn't get DER form\n"); + ret = -EINVAL; + goto err_pubkey; + } + + *pubkey_len = ret; + ret = 0; + +err_pubkey: + X509_free(cert); +err_cert: + fclose(f); + return ret; +} + +int fit_pre_load_data(const char *keydir, void *keydest, void *fit) +{ + int pre_load_noffset; + const void *algo_name; + const void *key_name; + unsigned char *pubkey = NULL; + int ret, pubkey_len; + + if (!keydir || !keydest || !fit) + return 0; + + /* Search node pre-load sig */ + pre_load_noffset = fdt_path_offset(keydest, IMAGE_PRE_LOAD_PATH); + if (pre_load_noffset < 0) { + ret = 0; + goto out; + } + + algo_name = fdt_getprop(keydest, pre_load_noffset, "algo-name", NULL); + key_name = fdt_getprop(keydest, pre_load_noffset, "key-name", NULL); + + /* Check that all mandatory properties are present */ + if (!algo_name || !key_name) { + if (!algo_name) + printf("The property algo-name is missing in the node %s\n", + IMAGE_PRE_LOAD_PATH); + if (!key_name) + printf("The property key-name is missing in the node %s\n", + IMAGE_PRE_LOAD_PATH); + ret = -ENODATA; + goto out; + } + + /* Read public key */ + ret = read_pub_key(keydir, key_name, &pubkey, &pubkey_len); + if (ret < 0) + goto out; + + /* Add the public key to the device tree */ + ret = fdt_setprop(keydest, pre_load_noffset, "public-key", + pubkey, pubkey_len); + if (ret) + printf("Can't set public-key in node %s (ret = %d)\n", + IMAGE_PRE_LOAD_PATH, ret); + + out: + return ret; +} + int fit_cipher_data(const char *keydir, void *keydest, void *fit, const char *comment, int require_keys, const char *engine_id, const char *cmdname) From patchwork Wed Feb 9 18:01:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1590665 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=GnCWVJow; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jv77Q4K7Rz9sCD for ; Thu, 10 Feb 2022 05:04:34 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3932383F13; Wed, 9 Feb 2022 19:02:50 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="GnCWVJow"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 071EC83EC3; Wed, 9 Feb 2022 19:02:08 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-PR2-obe.outbound.protection.outlook.com (mail-pr2fra01on061f.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e18::61f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 930F183EC1 for ; Wed, 9 Feb 2022 19:01:47 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h9OSMSWVILTubfbe7DUrm+dCPRg1c70vDADEJ/KoKHZozcGLmBs9FRzZCyfqDi20w+GdPnsnYFn8yxAv+CXdV9/E5XZGacmOcjkpedh9V2HUoCuyLJBDqqeMiPWEg5FK+Jzib6OWWvUXUBlG3lLc1nHWB1AIgWll278FGZrdziRsxGOeqbZ4K03he58+L5wh3WVygD6pm1i/wo//449jnIYsXlWEIa8WxQZlEp5r6PE5UbEGpvXj2BPsYrJ9AQAJf45+WkKFUhbbXmbqNrn/qYBXCPuEAAgjHZqEWMC/uru400Dp8jrWuNPeQdOPMEShP8uw2sTPRyizAuH9W97s/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mwP4scG7YF/RLl7h3D5ds2PcmH+CHLQ9hOih32LA+j0=; b=OmqOqr0HGIoSbMjbTdwJB/nLDPsuskHMFkieWNwZt7xMOd/C02f/jtsZjDcdvvyLrpoNR7FA/a/tdd0H2k2snvUnR1O2s9ymLepOXTEBpDDYPwYiakiZ0LrK2klIRAAtflt+8V1za+6wBHut/etuetqyAdHD8DiiY2uhyxlQbeuAYgPJ5DpPhc6z7qGcBpRRLa58UVHIjRG5263ArHT1zQ8ZB6potft3sxBhlP8WeY/MhiCOZBYFU+K28fHaer5n+kPCrWUBetgrU/Y5StLYODhf8+df6aY0lF3WLwEA/mK5ALpkmUrjPUQWC+j5dBEYctxLCjEPEoWcAv8AoDN7rA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mwP4scG7YF/RLl7h3D5ds2PcmH+CHLQ9hOih32LA+j0=; b=GnCWVJowuIyPljbeNjQGEo5lPe4hKDA3dInnMzjcXLesZg0J96HrAIW4TpeQqGSR1/AdnrYNw+l6V39H+5yyIlFqOrJIzLrunG/marucg3sCiqPnuF7DTV6zU/38jmIMwjRJT0HM3Rigi8TNH7C7lngV5POK0ShCoDk6MeFfXuYpt2jO4za1xJJivq4C9rYemHsPGOrd7E/5wtl3bgOiXme4U1q/qetWUplPa/AcW/qge0TAGKfmHV2OaN5yspQeyUPUJowNZXFwCAd053FYUDl8Lf3eAToxYlmx2nG/r0HT5ujVcYpX/k/p/gf2NlQ4i65cRDT/XdaTSE+u6GZAGA== Received: from MR1P264CA0130.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:51::23) by PR2P264MB0047.FRAP264.PROD.OUTLOOK.COM (2603:10a6:101:3::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.12; Wed, 9 Feb 2022 18:01:45 +0000 Received: from MR2FRA01FT012.eop-fra01.prod.protection.outlook.com (2603:10a6:501:51:cafe::3c) by MR1P264CA0130.outlook.office365.com (2603:10a6:501:51::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by MR2FRA01FT012.mail.protection.outlook.com (10.152.50.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 Received: from sah1lpt571.softathome.com (unknown [192.168.75.67]) by proxy.softathome.com (Postfix) with ESMTPSA id 9D6CA201C2; Wed, 9 Feb 2022 19:01:44 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v5 11/16] Makefile: provide sah-key to binman Date: Wed, 9 Feb 2022 19:01:23 +0100 Message-Id: <20220209180128.10655-12-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220209180128.10655-1-philippe.reynes@softathome.com> References: <20220209180128.10655-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: e2509d75-6e15-4f20-08db-08d9ebf63c1c X-MS-TrafficTypeDiagnostic: PR2P264MB0047:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2582; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Ts36m7ZqwsAx1IiCPF2igA8QRWN+i/vqP1ANP+3Xs5ifmO4+LKsVTpFi5+5sH8w7Nas1/3SMFU5C4XWlmtd64JkMaN68F77dmWJcfkjome1ghewfB2xm+zxGjwk7Dk0gAfFq5Bg0WubPl/RFOGgN7e9PMdNOFH69DCQHfM45kUYLT7SIJ5D11EVdlUvNFq5ow7q3mPixRZEfJA277kYjYiyV/eDoIU2iWQGCeNVOTHtPMZ8/pZKhwrFP/UeqkQr78tGCEnBNVmlTMwpOUC7IdeTeP0ckEuML7hZYMKYEQWcLaHYz9y59x1mWQQwHV59WMnQEpr763kiffPMWOWgPFVqOIoKA8q30l2RoSA21zNiPPrH2bnBqSOtOxgsQDfNVmNg6nsOpWj+rsBCDXbFgf2lbnOb4S7ZVPaPpgW1GAOYDhUzSYEtCW1Uzf0ZO5Lkqw/q2DJDjE6nw8L5Kl7Xn3SiOoMz80ofjrch5jiG6zWdviyC90hdAoyj/onW4zcr2AfG2fwD4XPh5ySZhTATw+tFX9ng26B4m+W8qNjYlidCNPFon+uzqAYfUlQjXn9+WU/xOU6vI7LnpJgtmCapNZJmiQ0GjfmkyIN6B3x3omcV65bminC560bXDIx2ziRIWm7FlCGTOATM4yOBDKFZFjtoj6ZEOc/XVhJD3DQYc/lYDaMRITsB7JChXMijUmL032M4TtqJvcW6riujlv8a5Sw== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(40470700004)(46966006)(107886003)(426003)(2906002)(36860700001)(8936002)(26005)(4326008)(82960400001)(8676002)(1076003)(6666004)(7696005)(47076005)(336012)(86362001)(316002)(36756003)(82310400004)(508600001)(81166007)(70206006)(44832011)(70586007)(2616005)(6266002)(4744005)(40460700003)(186003)(6966003)(5660300002)(356005)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2022 18:01:45.1963 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e2509d75-6e15-4f20-08db-08d9ebf63c1c X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: MR2FRA01FT012.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR2P264MB0047 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Set the variable key-path with the shell variable KEY_PATH that contain the keys path (used for signature). This variable key-path is provided to binman. Signed-off-by: Philippe Reynes --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 1ee7089c52..dcc582d958 100644 --- a/Makefile +++ b/Makefile @@ -1334,6 +1334,7 @@ cmd_binman = $(srctree)/tools/binman/binman $(if $(BINMAN_DEBUG),-D) \ -a tpl-bss-pad=$(if $(CONFIG_TPL_SEPARATE_BSS),,1) \ -a spl-dtb=$(CONFIG_SPL_OF_REAL) \ -a tpl-dtb=$(CONFIG_TPL_OF_REAL) \ + -a key-path=${KEY_PATH} \ $(BINMAN_$(@F)) OBJCOPYFLAGS_u-boot.ldr.hex := -I binary -O ihex From patchwork Wed Feb 9 18:01:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1590662 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=tHve8IT5; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jv76m0kGqz9sFN for ; Thu, 10 Feb 2022 05:04:00 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1A2A583EF2; Wed, 9 Feb 2022 19:02:39 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="tHve8IT5"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 2066983EB1; Wed, 9 Feb 2022 19:02:00 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0615.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::615]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3D92283E8E for ; Wed, 9 Feb 2022 19:01:47 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fWDT0UGLGpCHOzHhjUJ3uOtLvkuKVR4XPKjf9RAaqMVisKrbGNkXA8xocrpSNQ5eE2I2/+U1MaUJw8HNc2aHPTQHFHqx5JPhgyy+R40Uu/S3np3jujTDra4aOpSd851TfZQjcTsv8ztWpuIXSneRCXpmIZQtbNY0UYb+obPYbUgUpc9uJwo6t5T7cVoZm50BHpdEjeR7Y33rmFWp/xwB3ppG8/x0/q6nMhtkB5KzHuWIxdU8izTQx6+C1mzX+pPD73TlbraH+qgYUno538BzF7DjIAlinrYxAkGxi6wfhcOL40QokLzAAUgvj89Hyq6t2WXYov3bXciEp9NBW+Z8jQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/Zi4VdUw0nwaShqvsgPNCSC1Dnwf+WC8CveKeO0Cfho=; b=if4wfy+WHlnD2XmwU2YHfxosG3YBGyVPjW7EAbiIvLZlBde4sg/nBHIVhLIIc4ak50thQxTx6VJyKqSeW7T/lKXLSfHyeQUZ+gFFuoaBHi7ao3kDrm9Tr3M8SpoEh+VLxZWKnakjOfJkPBzs+qofsWjv/BhO1fZkAVJNLoAUHj4Lor67xuYw/RrvgEnegVwqGiFndLqJE492KZu5OP6EBeGnYk7lmdEhZYDA1qTVEOUxSDgXQNp0+VnuFWC+ip9cGTvSUyka4SRCnrRXZs3ahC3IPVpbXyHIhO5b0Skp9SEK3BiOahx7tPxkGpM6lQKIuqkCvgBsUcM3iLwFaSDuqw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/Zi4VdUw0nwaShqvsgPNCSC1Dnwf+WC8CveKeO0Cfho=; b=tHve8IT5D1K/u4eyLWnxBS8v4s2Hz9IIfSqjkijfkrU3fHCbBBcHWs6wyjHGvPH7VZou6n11xpldnNXNQKvb6ihOovORhFLP6A0QMHRIhcSoaECmxRGOpbQSCZstoye4LB82x6mzr99h4bJPBrwjwH/TUd2GGPWXPjGqQa6JZ8b4AEtLJGSeXlk7ZKCbjOrFwOaxaP10ZZHQcFMKpD79NumDqTTdUVDBu5bkyAFb0I7y4x1imrjdMXix6boZrwdw0uR1NhODL37lajmqIV6mqsO82ddoA4vxUPXSVADU38G5ZUPUufS+a7MsmfA/o8GQY7K1rSvNzaoSOnzJKoWVxA== Received: from PAZP264CA0082.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:1fa::14) by MR1P264MB2354.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:33::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11; Wed, 9 Feb 2022 18:01:45 +0000 Received: from PR2FRA01FT005.eop-fra01.prod.protection.outlook.com (2603:10a6:102:1fa:cafe::d0) by PAZP264CA0082.outlook.office365.com (2603:10a6:102:1fa::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT005.mail.protection.outlook.com (10.152.48.98) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 Received: from sah1lpt571.softathome.com (unknown [192.168.75.67]) by proxy.softathome.com (Postfix) with ESMTPSA id ABD14201F0; Wed, 9 Feb 2022 19:01:44 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v5 12/16] tools: binman: add support for pre-load header Date: Wed, 9 Feb 2022 19:01:24 +0100 Message-Id: <20220209180128.10655-13-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220209180128.10655-1-philippe.reynes@softathome.com> References: <20220209180128.10655-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 5d8ec520-6f06-4fda-45b9-08d9ebf63c0b X-MS-TrafficTypeDiagnostic: MR1P264MB2354:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: jkRN675EqgIL5IwzrjFeKWb1EDJQFAwGyYMwPcLoR3Ze++m07tyaloTQ7rFUnZQFCFlOzv/X3C+wRRpGjQnAE0xSLpaJzdD0Vzspw2+CopXwsJbPpkYrIQYswRyib3waRzGKPEurae8aSbLglImkwd9j5Ut6/eICYXgcpu3PgjU60It/pBI6TWVz+wn4+aHkS8tYjAq5HUZNg2FB2gRk/7vfNfLJ9tJsMhVc0G1yytpQS/0PLe+N3FwS8IKj2LdSuduJpoZGOtAtoncDYd9nUqpQPNoQpSRoFka6Kw1Kk4pksswmUWEBbXa3PiImUk7KVS1aY5HmS/CkMs+++0yCbnE+PQF5kemD1c1OMTPAik4GfqgYn/uKJYZj9cAHmiwxEziqYcQ7LkNJxohuJodZNu1sp9kspbNbx5O3+sviKIESOkVJdq6IwFsMUtXHdK9h5c/PaUTNcTvWOpRnOnBAqzwpu74Kggyz0bKXx7LT6L6objj2bOK/Wu0QJKFmyKGmswZsMIFrGtEYUIm7uA+QXcH50IaDsi4goC+LOWDO7cW0jO9fan2Dq6gcuZ/aXCTSHR8zfiscar1Jm86oTqOXllG1/DFVUEUd/Al3vgYgEZyoSUhWmxdZxSsjbufm32Q9iHcXIFJVHhjPR0qmu1laUNX5HN8JjzzfTm62/Sp4fwiB/YuFEgXKm68h4IIOY5j8Ai8+eEadtph32303mCt4Dg== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(40470700004)(36840700001)(46966006)(8676002)(4326008)(70586007)(316002)(70206006)(6966003)(508600001)(36756003)(81166007)(356005)(86362001)(82960400001)(426003)(83380400001)(36860700001)(7696005)(1076003)(107886003)(26005)(186003)(6666004)(2616005)(5660300002)(8936002)(40460700003)(336012)(82310400004)(6266002)(47076005)(2906002)(44832011)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2022 18:01:45.1021 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5d8ec520-6f06-4fda-45b9-08d9ebf63c0b X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT005.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MR1P264MB2354 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Adds the support of the pre-load header with the image signature to binman. Signed-off-by: Philippe Reynes --- tools/binman/etype/pre_load.py | 156 +++++++++++++++++++++++++++++++++ 1 file changed, 156 insertions(+) create mode 100644 tools/binman/etype/pre_load.py diff --git a/tools/binman/etype/pre_load.py b/tools/binman/etype/pre_load.py new file mode 100644 index 0000000000..adc25fe844 --- /dev/null +++ b/tools/binman/etype/pre_load.py @@ -0,0 +1,156 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright (c) 2022 Softathome +# Written by Philippe Reynes +# +# Entry-type for the global header +# + +import struct +from dtoc import fdt_util +from patman import tools + +from binman.entry import Entry +from binman.etype.blob import Entry_blob +from binman.entry import EntryArg + +from Cryptodome.Hash import SHA256, SHA384, SHA512 +from Cryptodome.PublicKey import RSA +from Cryptodome.Signature import pkcs1_15 +from Cryptodome.Signature import pss + +PRE_LOAD_MAGIC = b'UBSH' + +RSAS = { + 'rsa1024': 1024 / 8, + 'rsa2048': 2048 / 8, + 'rsa4096': 4096 / 8 +} + +SHAS = { + 'sha256': SHA256, + 'sha384': SHA384, + 'sha512': SHA512 +} + +class Entry_pre_load(Entry_blob): + """Pre load image header + + Properties / Entry arguments: + - key-path: Path of the directory that store key (provided by the environment variable KEY_PATH) + - image: Filename of the image + - algo-name: Hash and signature algo to use for the signature + - padding-name: Name of the padding (pkcs-1.5 or pss) + - key-name: Filename of the private key to sign + - header-size: Total size of the header + - version: Version of the header + + This entry create a pre-load header that contain a global + image signature. + + For example, this creates an image with a pre-load header and a binary:: + + binman { + image2 { + filename = "sandbox.bin"; + + pre-load { + image = "sandbox.itb"; + algo-name = "sha256,rsa2048"; + padding-name = "pss"; + key-name = "private.pem"; + header-size = <4096>; + version = <1>; + }; + + blob-ext { + filename = "sandbox.itb"; + }; + }; + }; + """ + + def __init__(self, section, etype, node): + super().__init__(section, etype, node) + self.image = fdt_util.GetString(self._node, 'image') + self.pathimage = tools.GetInputFilename(self.image, + self.external and self.section.GetAllowMissing()) + self.algo_name = fdt_util.GetString(self._node, 'algo-name') + self.padding_name = fdt_util.GetString(self._node, 'padding-name') + self.key_name = fdt_util.GetString(self._node, 'key-name') + self.header_size = fdt_util.GetInt(self._node, 'header-size') + self.version = fdt_util.GetInt(self._node, 'version') + + def _CreateHeader(self): + """Create a pre load header""" + with open(self.pathimage, 'rb') as f: + image = f.read() + hash_name, sign_name = self.algo_name.split(',') + padding_name=self.padding_name + key_path, = self.GetEntryArgsOrProps([EntryArg('key-path', str)]) + if key_path == "": + key_name = self.key_name + else: + key_name = key_path + "/" + self.key_name + + # Check hash and signature name/type + if hash_name not in SHAS: + raise ValueError(hash_name + " is not supported") + if sign_name not in RSAS: + raise ValueError(sign_name + "is not supported") + + # Read the key + with open(key_name, 'rb') as pem: + key = RSA.import_key(pem.read()) + + # Check if the key has the expected size + if key.size_in_bytes() != RSAS[sign_name]: + raise ValueError("The key " + self.key_name + " don't have the expected size") + + + # Compute the hash + hash_image = SHAS[hash_name].new() + with open(self.pathimage, 'rb') as f: + image = f.read() + hash_image.update(image) + + # Compute the signature + if padding_name is None: + padding_name = "pkcs-1.5" + if padding_name == "pss": + salt_len = key.size_in_bytes() - hash_image.digest_size - 2 + padding = pss + padding_args = {'salt_bytes': salt_len} + elif padding_name == "pkcs-1.5": + padding = pkcs1_15 + padding_args = {} + else: + raise ValueError(padding_name + " is not supported") + + sig = padding.new(key, **padding_args).sign(hash_image) + + hash_sig = SHA256.new() + hash_sig.update(sig) + + version = self.version + header_size = self.header_size + image_size = len(image) + ofs_img_sig = 64 + len(sig) + flags = 0 + reserved0 = 0 + reserved1 = 0 + + first_header = PRE_LOAD_MAGIC + struct.pack(' X-Patchwork-Id: 1590652 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=Mfy5CbmU; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jv74v3Fjbz9sCD for ; Thu, 10 Feb 2022 05:02:23 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 7D71583EB5; Wed, 9 Feb 2022 19:02:00 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="Mfy5CbmU"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A6D5283EDD; Wed, 9 Feb 2022 19:01:54 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0605.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::605]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 07C8483EBC for ; Wed, 9 Feb 2022 19:01:47 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OVpTVPt0PFF/IGA6z3bGEuAx8MtuTovoaZGTkpAZqkNrAXy6wpD9JI2NBZhiUt37UYoFYERcRIo+8agMwAm7SXJr1TidLaKTeXadkQo/s6tBFONE8xcdks6xZeDg9yYVGQIgKA0vbz37Re/e5sBtKFi0uM0g1vH6L5solR6RQjd8XpvuKNVVb3eqPArGypCM/soddBnKySXSDfIoWDqj5wXrTee/e2zGijQ0b19CpTqZhIpceHFcWlQkwm8GTtB0Qe+5KcIYQUGlZsaQcFzjWR84a+Uv2yuOOFrL46lF6jix/IKNqvdeIvhgm16yR75JcIUf4f5Xrf5loceYkKNQ6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=V6kdh5eJ11ukyG46MUAcJKuYjlHzqHigYGfkKcSdh0A=; b=KMO7YkUYMyKPOMWu8MDsNjv1Zkj5uqyLMj6A0UWKwBbj/Xq0jUfKiVZPskUzTJm0Z0tfVSnsiPfLScleRodvRIGJDOsaODbehCzA+W9Z7TW2P0E0Rr4d3CkGmKTY/yUMN/O/xhnZJDpZpcHmy5uVIws9idRTrAKspvXcnyiQMhg1rXp0hIn6Mccr9xXFauOu5eAL/7QVrbAjoRLt/pICXEiHq7g/e199dwyOFzBq73gQ3Lxc5MAGED1fDBjwReusQTscMcEEp3oZYFaYNsBananCCR5jvzHyXUBCu+HpMRIiinBoULWHRmC4zUtN12abcgw2ijWUoBuhe4iY0aifvw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V6kdh5eJ11ukyG46MUAcJKuYjlHzqHigYGfkKcSdh0A=; b=Mfy5CbmU03rN23guw1Q3LsEMtEhU1xmYYh2gBJYybwFkBmpJaxG0YNQ64q1uJKegBEm4tp542/5sto6dXg4snldStLV1KY6fN8UkxIASVSrHZCBzVkoo3EqFBdm1aP/BB4clomFUn7ndn1RzLyEcq+78Lfw4wLDOqOetIs2ipIJWSU4TR6Koh0/E9a4qHjmLjfts0EILaBGwI80H1x1QjHN2ROuJGDOUoeHxANkiEgGP8enBPrLnXo/C3gi3PG7llOuP9v/+t1ZidhhzV8e/ODF9+QPPRHLbEsoPzOMSdgVsGq9IFcTuYsxRQP/ziZgo6dWEI9U+JjGCoL66rgqh3Q== Received: from PR1P264CA0031.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:19f::18) by MR1P264MB2865.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:36::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11; Wed, 9 Feb 2022 18:01:45 +0000 Received: from PR2FRA01FT013.eop-fra01.prod.protection.outlook.com (2603:10a6:102:19f:cafe::9d) by PR1P264CA0031.outlook.office365.com (2603:10a6:102:19f::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.12 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT013.mail.protection.outlook.com (10.152.48.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 Received: from sah1lpt571.softathome.com (unknown [192.168.75.67]) by proxy.softathome.com (Postfix) with ESMTPSA id BC5B1201F3; Wed, 9 Feb 2022 19:01:44 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v5 13/16] configs: sandbox_defconfig: enable stage pre-load in bootm Date: Wed, 9 Feb 2022 19:01:25 +0100 Message-Id: <20220209180128.10655-14-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220209180128.10655-1-philippe.reynes@softathome.com> References: <20220209180128.10655-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 23da5086-e4c0-4b56-98e4-08d9ebf63c14 X-MS-TrafficTypeDiagnostic: MR1P264MB2865:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2657; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: vFM4M3OTfb+h2s9ZKsA+vREtgza3zSYZdg59ltwJpxPKzNW7fbDOkvjkJdJtCGqKbi25SkHv0O11YIkCt1aN0J6QFqW5554IPhq6oVsx5+2i/2Eb/Xhrq1xC9r7/bjBwhMdpGK4uPgdRIFZRnYOB64uvEkCI9YSdeaHWxA/NiNF2hMrJk2pH13W7hjXW7/tAVrgxxOZn7wlD3i4GgfGC429en6mLN5dodXNnysm+iuofeCwV6xs3Q2aL19Eha+w9hyGjTNL00ma4X/gH2mrRAXoOvA22cBJMHnK+BnE/hWwKVonsL6gsVL5zqUiqwqa5U2qYg3f95wZZc8O7DvBK1vKR8lgYCwJF9HbsvJPt04tQaMoBqvXhDLinMtzMvYTXC20j0LsZFg8B8QTtCwV1p64LIKYloHS8WAIR/0KAmbTd9b31VgAYE+bykFgyONl4K6NJOw3EjBKhGh8Yrw+IPYsQecBQJqhKHllZi84wSzKOyOt8JvN38pJZw+fW63nwta2afvAHFFVwVU2mNSNiZlzAZCUsZmvCEMq+MmxZ/1YAW30iB2+m1YklE2+N/qey6NzEeQT4ueGtCU10LFROdw488NzhIqh/8C3Lr7ZMx4szwhotgxm7pvH2etIEbHBi81CoM+ANp520vnkyctDO+X8DMfqh0dfj9HM3trnpo66Q2skHA+2oGRmoAlTP3oUWgbWyrpfJiknE7ZXvps6AtA== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(82960400001)(2616005)(40460700003)(36756003)(47076005)(316002)(44832011)(2906002)(107886003)(356005)(83380400001)(81166007)(4326008)(5660300002)(6666004)(8936002)(336012)(6266002)(426003)(1076003)(7696005)(86362001)(70206006)(70586007)(8676002)(508600001)(36860700001)(26005)(186003)(82310400004)(6966003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2022 18:01:45.1632 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 23da5086-e4c0-4b56-98e4-08d9ebf63c14 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT013.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MR1P264MB2865 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Enable the support of stage pre-load in bootm. For the moment, this stage allow to verify the signature of the full image with a header. Signed-off-by: Philippe Reynes --- configs/sandbox_defconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 68e958216e..2732b05ca7 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -27,6 +27,8 @@ CONFIG_AUTOBOOT_SHA256_FALLBACK=y CONFIG_AUTOBOOT_NEVER_TIMEOUT=y CONFIG_AUTOBOOT_STOP_STR_ENABLE=y CONFIG_AUTOBOOT_STOP_STR_CRYPT="$5$rounds=640000$HrpE65IkB8CM5nCL$BKT3QdF98Bo8fJpTr9tjZLZQyzqPASBY20xuK5Rent9" +CONFIG_IMAGE_PRE_LOAD=y +CONFIG_IMAGE_PRE_LOAD_SIG=y CONFIG_CONSOLE_RECORD=y CONFIG_CONSOLE_RECORD_OUT_SIZE=0x1000 CONFIG_PRE_CONSOLE_BUFFER=y @@ -37,6 +39,7 @@ CONFIG_STACKPROTECTOR=y CONFIG_ANDROID_AB=y CONFIG_CMD_CPU=y CONFIG_CMD_LICENSE=y +CONFIG_CMD_BOOTM_PRE_LOAD=y CONFIG_CMD_BOOTZ=y CONFIG_CMD_BOOTEFI_HELLO=y CONFIG_CMD_ABOOTIMG=y From patchwork Wed Feb 9 18:01:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1590668 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=V3shS8+p; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jv7833c7pz9sCD for ; Thu, 10 Feb 2022 05:05:07 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C8E5983F16; Wed, 9 Feb 2022 19:02:57 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="V3shS8+p"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id C8F1783EB7; Wed, 9 Feb 2022 19:02:13 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on062d.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id A9FDA83ECA for ; Wed, 9 Feb 2022 19:01:47 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fWT8RQEMdNwmmzQbXKkUaf/yOrLroAqowtrpEGNymjrwHPzYrHlzYZWAu+illoL+To5KcCAjIsFvMarMSigoWsgHGLLD79fG+PbmuJZJmBWvXqXHmFPafL4gTwT0HFjXsVXXpI73K1uDKuJLMotoyW2LKnBj6MgcJaecVbBUKKe7x8nCgBW3vaQaTUn8dn/PUqOideNY2YoYgKwOoZ2HZzcVYwhWD+3mV1N4BHqtnDyI8cv97Sx8zsf/JwJltFiYies4kbqlDDGmio3jWQE7pFhZ6fo282uY0tONKsvGJumrC5WMXtQSt2xy2/S7wCTE96yfKeTPF8g8nazbqbFghQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QXrXE106g7CzScJNNstrt9YGAHNRjyoY0y/yf0jCbhU=; b=dg9eLIh5R3km+Taf8cnn1DlXecnZrxEJQeWtrJA6gLWvX5olfamcAZPTjd2jj6KQc0A6AVJBPNAs2X5455CVe0iCgM3/oXwq7wwlMY+LPjdoiA1pGF47wht5pigXLhs1v1v2xfgZBYFnfNCqWVYdjokCtrcUNw8nENHMAnPGK/z/5pCdR9fJqrgf65HHAjHSBnjwLz4GGLh/IGAlt5UjvoeWzGSUGmSVxyvuER/PhvHJuLMzR5ip7fxhPndCQGboUG2fyY2qntTeYmhp/vz/8SoWU1cq64+vvSHXdlYiYQTrsyOvbF3/aVJnQCz1i7JGhrb+yf0R37Wz96cREY7DvQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QXrXE106g7CzScJNNstrt9YGAHNRjyoY0y/yf0jCbhU=; b=V3shS8+pqUdWESRvhX9Dp1fJdO+V4AKDF12ND58BBKMsDzHoocIYK4MVE2gAOiNbVRxncR06s9au3RaM134ZvatuXzE+YStdCPn3iGu+WElH9Cxm2eN010xCM1NdQWXl8l9wO+escuMsQtflBrZGi587NaStlqgJ3xrnfom0kAyrZ2vvwVAFJSe3ARCV+/eXuCkh1+qKFiq4gf1fk9RdqCY8atKY1fY/jf6pMyIgi85vK5v93u0e28iFn63NTL1jJ4eP5DnieLi8E4DHwGNlNoF5suax/dsWkLe2U5ZYgfEUMo1IrMqn4qDNjxwL8btDhhmGi7ecoCDah7AXg0OPhQ== Received: from PR0P264CA0159.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:1b::27) by MRXP264MB0535.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:1c::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11; Wed, 9 Feb 2022 18:01:45 +0000 Received: from PR2FRA01FT009.eop-fra01.prod.protection.outlook.com (2603:10a6:100:1b:cafe::77) by PR0P264CA0159.outlook.office365.com (2603:10a6:100:1b::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT009.mail.protection.outlook.com (10.152.48.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 Received: from sah1lpt571.softathome.com (unknown [192.168.75.67]) by proxy.softathome.com (Postfix) with ESMTPSA id C0E83201F4; Wed, 9 Feb 2022 19:01:44 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v5 14/16] test: py: vboot: add test for global image signature Date: Wed, 9 Feb 2022 19:01:26 +0100 Message-Id: <20220209180128.10655-15-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220209180128.10655-1-philippe.reynes@softathome.com> References: <20220209180128.10655-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: bd06e17a-4b26-4b91-eb1e-08d9ebf63c1c X-MS-TrafficTypeDiagnostic: MRXP264MB0535:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:219; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: YskWYD9dk85fgti40VKIyQv34idXjHOxSgLOGbB+vq/q5i1CdSpOwbEU2FzTVWgTBBTd5otwBrqJQWdgG48SbPmev/JSmNE4ENxMVc3A5OUDMBILiax03DeemnvjGYrysWYtgSJZLx0i3DrrSFEbzfuxP6dw2o3XieS1VNe4ghvmOOeVdCLog90LQl7kcduS0p2DY3/OS0E7wE11r5focxtNZvOnPFvR2Ww0XaNILSI4P8ML3IwhQFdzHtBy2fh4Zwe7uKG9Z16KVfH9dGNzp4MmvK0Mqjj26hFTBuWX+uwalev0TwUCm7oFwO7xkqGTbn5wv9qfbxaahvSmYlcz88m4PQbgbAtzW/umCGrkki2YY/+NRhqBcNZgzx8430VTCgwC4JiChlp2LjVpQCMpGCJ0HSOoXxAfHrf47AUJzTDnbJu01e+Nbi8L2JGMGausToclH2Kf8bVB52GqdOUDWtAmsVHvIjI9+d0odcLQ3N65TWuOrpuclkmPRukI09FmJbTDbQuIeb+QbZW5Dwxi+YEPaxf6Wq85SfTd2kLUwvgDPkhDHu0JRFFxcKseD68KPB8xNFCqnqaKktrfSSE5Xvm8lslyx0gdQ/cI1m1vNgN/CJ+vgzIl8WGVLOa/Wf53CA+9ud0lamGdBAvvcQytzG3sQv3x0DJd8DFxzE+SVYXPNjdL/gYrZgu2Rl6p8qszRksm+8uGRigb2Twgca3q5g== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(40470700004)(46966006)(8676002)(4326008)(70206006)(70586007)(316002)(6966003)(508600001)(86362001)(36756003)(356005)(81166007)(82960400001)(6266002)(336012)(6666004)(36860700001)(8936002)(26005)(186003)(107886003)(7696005)(2616005)(1076003)(5660300002)(426003)(40460700003)(47076005)(82310400004)(83380400001)(2906002)(44832011)(30864003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2022 18:01:45.2177 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bd06e17a-4b26-4b91-eb1e-08d9ebf63c1c X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT009.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MRXP264MB0535 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Adds test units for the pre-load header signature. Signed-off-by: Philippe Reynes --- test/py/tests/test_vboot.py | 123 +++++++++++++++--- test/py/tests/vboot/sandbox-binman-pss.dts | 25 ++++ test/py/tests/vboot/sandbox-binman.dts | 24 ++++ .../tests/vboot/sandbox-u-boot-global-pss.dts | 28 ++++ test/py/tests/vboot/sandbox-u-boot-global.dts | 27 ++++ test/py/tests/vboot/simple-images.its | 36 +++++ 6 files changed, 248 insertions(+), 15 deletions(-) create mode 100644 test/py/tests/vboot/sandbox-binman-pss.dts create mode 100644 test/py/tests/vboot/sandbox-binman.dts create mode 100644 test/py/tests/vboot/sandbox-u-boot-global-pss.dts create mode 100644 test/py/tests/vboot/sandbox-u-boot-global.dts create mode 100644 test/py/tests/vboot/simple-images.its diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py index b080d482af..e53c2c7a00 100644 --- a/test/py/tests/test_vboot.py +++ b/test/py/tests/test_vboot.py @@ -35,18 +35,20 @@ import vboot_evil # Only run the full suite on a few combinations, since it doesn't add any more # test coverage. TESTDATA = [ - ['sha1-basic', 'sha1', '', None, False, True], - ['sha1-pad', 'sha1', '', '-E -p 0x10000', False, False], - ['sha1-pss', 'sha1', '-pss', None, False, False], - ['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x10000', False, False], - ['sha256-basic', 'sha256', '', None, False, False], - ['sha256-pad', 'sha256', '', '-E -p 0x10000', False, False], - ['sha256-pss', 'sha256', '-pss', None, False, False], - ['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x10000', False, False], - ['sha256-pss-required', 'sha256', '-pss', None, True, False], - ['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x10000', True, True], - ['sha384-basic', 'sha384', '', None, False, False], - ['sha384-pad', 'sha384', '', '-E -p 0x10000', False, False], + ['sha1-basic', 'sha1', '', None, False, True, False], + ['sha1-pad', 'sha1', '', '-E -p 0x10000', False, False, False], + ['sha1-pss', 'sha1', '-pss', None, False, False, False], + ['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x10000', False, False, False], + ['sha256-basic', 'sha256', '', None, False, False, False], + ['sha256-pad', 'sha256', '', '-E -p 0x10000', False, False, False], + ['sha256-pss', 'sha256', '-pss', None, False, False, False], + ['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x10000', False, False, False], + ['sha256-pss-required', 'sha256', '-pss', None, True, False, False], + ['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x10000', True, True, False], + ['sha384-basic', 'sha384', '', None, False, False, False], + ['sha384-pad', 'sha384', '', '-E -p 0x10000', False, False, False], + ['sha256-global-sign', 'sha256', '', '', False, False, True], + ['sha256-global-sign-pss', 'sha256', '-pss', '', False, False, True], ] @pytest.mark.boardspec('sandbox') @@ -55,10 +57,10 @@ TESTDATA = [ @pytest.mark.requiredtool('fdtget') @pytest.mark.requiredtool('fdtput') @pytest.mark.requiredtool('openssl') -@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test", +@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test,global_sign", TESTDATA) def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, - full_test): + full_test,global_sign): """Test verified boot signing with mkimage and verification with 'bootm'. This works using sandbox only as it needs to update the device tree used @@ -80,6 +82,29 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, util.run_and_log(cons, 'dtc %s %s%s -O dtb ' '-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb)) + def dtc_options(dts, options): + """Run the device tree compiler to compile a .dts file + + The output file will be the same as the input file but with a .dtb + extension. + + Args: + dts: Device tree file to compile. + options: Options provided to the compiler. + """ + dtb = dts.replace('.dts', '.dtb') + util.run_and_log(cons, 'dtc %s %s%s -O dtb ' + '-o %s%s %s' % (dtc_args, datadir, dts, tmpdir, dtb, options)) + + def run_binman(dtb): + """Run binman to build an image + + Args: + dtb: Device tree file used as input file. + """ + util.run_and_log(cons, [binman, 'build', '-d', "%s/%s" % (tmpdir,dtb), + '-a', "key-path=%s" % tmpdir, '-O', tmpdir, '-I', tmpdir]) + def run_bootm(sha_algo, test_type, expect_string, boots, fit=None): """Run a 'bootm' command U-Boot. @@ -138,6 +163,23 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, cons.log.action('%s: Sign images' % sha_algo) util.run_and_log(cons, args) + def sign_fit_dtb(sha_algo, options, dtb): + """Sign the FIT + + Signs the FIT and writes the signature into it. It also writes the + public key into the dtb. + + Args: + sha_algo: Either 'sha1' or 'sha256', to select the algorithm to + use. + options: Options to provide to mkimage. + """ + args = [mkimage, '-F', '-k', tmpdir, '-K', dtb, '-r', fit] + if options: + args += options.split(' ') + cons.log.action('%s: Sign images' % sha_algo) + util.run_and_log(cons, args) + def sign_fit_norequire(sha_algo, options): """Sign the FIT @@ -175,6 +217,11 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, handle.write(struct.pack(">I", size)) return struct.unpack(">I", total_size)[0] + def corrupt_file(fit,offset,value): + with open(fit, 'r+b') as handle: + handle.seek(offset) + handle.write(struct.pack(">I", value)) + def create_rsa_pair(name): """Generate a new RSA key paid and certificate @@ -373,6 +420,49 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, (dtb)) run_bootm(sha_algo, 'multi required key', '', False) + def test_global_sign(sha_algo, padding, sign_options): + """Test global image signature with the given hash algorithm and padding. + + Args: + sha_algo: Either 'sha1' or 'sha256', to select the algorithm to use + padding: Either '' or '-pss', to select the padding to use for the + rsa signature algorithm. + """ + + dtb = '%ssandbox-u-boot-global%s.dtb' % (tmpdir, padding) + cons.config.dtb = dtb + + # Compile our device tree files for kernel and U-Boot. These are + # regenerated here since mkimage will modify them (by adding a + # public key) below. + dtc('sandbox-kernel.dts') + dtc_options('sandbox-u-boot-global%s.dts' % padding, '-p 1024') + + # Build the FIT with dev key (keys NOT required). This adds the + # signature into sandbox-u-boot.dtb, NOT marked 'required'. + make_fit('simple-images.its') + sign_fit_dtb(sha_algo, '', dtb) + + # Build the dtb for binman that define the pre-load header + # with the global sigature. + dtc('sandbox-binman%s.dts' % padding) + + # Run binman to create the final image with the not signed fit + # and the pre-load header that contains the global signature. + run_binman('sandbox-binman%s.dtb' % padding) + + # Check that the signature is correctly verified by u-boot + run_bootm(sha_algo, 'global image signature', 'signature check has succeed', True, "%ssandbox.img" % tmpdir) + + # Corrupt the image (just one byte after the pre-load header) + corrupt_file("%ssandbox.img" % tmpdir, 4096, 255); + + # Check that the signature verification fails + run_bootm(sha_algo, 'global image signature', 'signature check has failed', False, "%ssandbox.img" % tmpdir) + + # Check that the boot fails if the global signature is not provided + run_bootm(sha_algo, 'global image signature', 'signature is mandatory', False) + cons = u_boot_console tmpdir = os.path.join(cons.config.result_dir, name) + '/' if not os.path.exists(tmpdir): @@ -380,6 +470,7 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, datadir = cons.config.source_dir + '/test/py/tests/vboot/' fit = '%stest.fit' % tmpdir mkimage = cons.config.build_dir + '/tools/mkimage' + binman = cons.config.source_dir + '/tools/binman/binman' fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign' dtc_args = '-I dts -O dtb -i %s' % tmpdir dtb = '%ssandbox-u-boot.dtb' % tmpdir @@ -402,7 +493,9 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, # afterwards. old_dtb = cons.config.dtb cons.config.dtb = dtb - if required: + if global_sign: + test_global_sign(sha_algo, padding, sign_options) + elif required: test_required_key(sha_algo, padding, sign_options) else: test_with_algo(sha_algo, padding, sign_options) diff --git a/test/py/tests/vboot/sandbox-binman-pss.dts b/test/py/tests/vboot/sandbox-binman-pss.dts new file mode 100644 index 0000000000..54f82f1df5 --- /dev/null +++ b/test/py/tests/vboot/sandbox-binman-pss.dts @@ -0,0 +1,25 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + filename = "sandbox.img"; + + pre-load { + image = "test.fit"; + algo-name = "sha256,rsa2048"; + padding-name = "pss"; + key-name = "dev.key"; + header-size = <4096>; + version = <1>; + }; + + blob-ext { + filename = "test.fit"; + }; + }; +}; diff --git a/test/py/tests/vboot/sandbox-binman.dts b/test/py/tests/vboot/sandbox-binman.dts new file mode 100644 index 0000000000..56d835a938 --- /dev/null +++ b/test/py/tests/vboot/sandbox-binman.dts @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + filename = "sandbox.img"; + + pre-load { + image = "test.fit"; + algo-name = "sha256,rsa2048"; + key-name = "dev.key"; + header-size = <4096>; + version = <1>; + }; + + blob-ext { + filename = "test.fit"; + }; + }; +}; diff --git a/test/py/tests/vboot/sandbox-u-boot-global-pss.dts b/test/py/tests/vboot/sandbox-u-boot-global-pss.dts new file mode 100644 index 0000000000..c59a68221b --- /dev/null +++ b/test/py/tests/vboot/sandbox-u-boot-global-pss.dts @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + model = "Sandbox Verified Boot Test"; + compatible = "sandbox"; + + binman { + }; + + reset@0 { + compatible = "sandbox,reset"; + }; + + image { + pre-load { + sig { + algo-name = "sha256,rsa2048"; + padding-name = "pss"; + signature-size = <256>; + mandatory = "yes"; + + key-name = "dev"; + }; + }; + }; +}; diff --git a/test/py/tests/vboot/sandbox-u-boot-global.dts b/test/py/tests/vboot/sandbox-u-boot-global.dts new file mode 100644 index 0000000000..1409f9e1a1 --- /dev/null +++ b/test/py/tests/vboot/sandbox-u-boot-global.dts @@ -0,0 +1,27 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + model = "Sandbox Verified Boot Test"; + compatible = "sandbox"; + + binman { + }; + + reset@0 { + compatible = "sandbox,reset"; + }; + + image { + pre-load { + sig { + algo-name = "sha256,rsa2048"; + signature-size = <256>; + mandatory = "yes"; + + key-name = "dev"; + }; + }; + }; +}; diff --git a/test/py/tests/vboot/simple-images.its b/test/py/tests/vboot/simple-images.its new file mode 100644 index 0000000000..f62786456b --- /dev/null +++ b/test/py/tests/vboot/simple-images.its @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + }; + fdt-1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + }; + }; + configurations { + default = "conf-1"; + conf-1 { + kernel = "kernel"; + fdt = "fdt-1"; + }; + }; +}; From patchwork Wed Feb 9 18:01:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1590663 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=qGRIJJ/g; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jv76z3ZzLz9sCD for ; Thu, 10 Feb 2022 05:04:11 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 12CF683F0D; Wed, 9 Feb 2022 19:02:42 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="qGRIJJ/g"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 2351683EC3; Wed, 9 Feb 2022 19:02:06 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on061d.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::61d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 6F54383EC5 for ; Wed, 9 Feb 2022 19:01:47 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KvdyY2bfoBWoDWLcsO9bQ2QGVCsKJl8vJCd4cjiKEhLYG4VXEZsx9TujUgF82SDLnxVRqI2+Ug4P1h2lZ6Qbsx73iJdbCJKf9pUwq+6wBzH2fT0EraKp4BEofn+nwrxumIRQ+21QweABxNzMAaa5ANiRfID6DfHVgmEDPWGjGe/NnZCpXlQilJ/Wij+34sQE2pOrnvYKDWuf1dXTJF/t8ntmfm7WXBpJgWWrl5/YgQMXvkhp0/5cx2PLFCBV9Nf6YpidD9M/ac5l/gPH5Dp6oKhHPqXMDyNovT933nZrArWqRTwGhvHqpk4PZhtrc3JMmvOK+rFvtpV8ndGTRWDIjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=px6x9OCM03yjhg5xzmpcfBwg10D+CEqOZb7O/IK88ZQ=; b=ifkQ+qclUvVqVTMkddssvgOLuAynhPdxd5ZZfP5fE877EaCcl0oLHGYhFC1I1l656CUIU7WOniwfNuWqHUN1J/JgRYUqyOcl7VcF88Rq+Uyh+ejC1Y0O9aKMY+PVB/46OrRtAzx7sPrUZscczJJm15VZ6bSUl/wDsKpIbsWdV540jnX7TQNNPNP8Vh+XV06f1qunqnRXUlDVzXFwp2CrOhHLWvOVq5n5etkJuwC0qpzFmic1CsJhY+jQpHe6raH3R54FTGsyJpixO+TByV1XhLlPBJfGdUfT3BouUhErUydpdkRLW1AYS4nVAATFpxEYKLMTb7tZC3HQaU7ObyYvbg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=px6x9OCM03yjhg5xzmpcfBwg10D+CEqOZb7O/IK88ZQ=; b=qGRIJJ/gcSgpZcA47CLThMpoCODiGiO8+kIAgMfkgKmcJkCoT4o+IRSemAsQ6d4J3AdzOBQOc408opf5R2fpgAb+v4ZEFRSMS2umSn9HenHDf35TXX2tJPIoZ0TcvTX59Qu58yEC+KaZrzWEI9b303+l9oDu66EbNN0E2DtOkCzLVgGMHmDTzC3+8fAdQKpP7tDAcIYpCXOtRsrAreLy+p7HPLYDdHq97NaSmLFXdD5MUAjxdbKG0I3MVprLj+GTt6cOj0g8NBzjWWm5oSHoJgK2yAyEGvAarHUZ0L1TZzgzqWlCiTiohfXwfIYaVPa/bcC3erhuIdunL1hQHMf81w== Received: from PR2P264CA0037.FRAP264.PROD.OUTLOOK.COM (2603:10a6:101:1::25) by PR0P264MB2327.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:1e2::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.12; Wed, 9 Feb 2022 18:01:45 +0000 Received: from MR2FRA01FT014.eop-fra01.prod.protection.outlook.com (2603:10a6:101:1:cafe::94) by PR2P264CA0037.outlook.office365.com (2603:10a6:101:1::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by MR2FRA01FT014.mail.protection.outlook.com (10.152.50.113) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 Received: from sah1lpt571.softathome.com (unknown [192.168.75.67]) by proxy.softathome.com (Postfix) with ESMTPSA id C8E88201F8; Wed, 9 Feb 2022 19:01:44 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v5 15/16] cmd: verify: initial import Date: Wed, 9 Feb 2022 19:01:27 +0100 Message-Id: <20220209180128.10655-16-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220209180128.10655-1-philippe.reynes@softathome.com> References: <20220209180128.10655-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 935bcb53-24dd-4947-35fd-08d9ebf63c58 X-MS-TrafficTypeDiagnostic: PR0P264MB2327:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: OXEQm+IDAd806590HWepdjp+kzBNrZbafpqEVdxFIpSERySwDgdtql+c2EbQmzMIEujO/iaM0uAhpeXsK97LoNPjZN0kZtPQeIXtQCDc84kn/AZyrE5JxnL5P9bP2PhddcD+6SeygIVcS6AqIsPjUTy0CuSpJC8nKS7FjL7jVK+9ZTDdQdg723gN3PZJAz5vbYwBLaKaqW0tfLdzYDIuj9+AC52rZqkKOsuobC7+66MPewY1lXxKydPTEp0usENT9vqkkF1kxJRgYN8xRewWi8imr7g8lhJE5J4kUkIGT7bynrOtmDKjRoVUpKq1Gu9YCnskQaygFo13CTOYg5Psd7+ap07ZBswWSrGuls5hE7Yoe3dCKuCMgrgYD0V12KiiWU8/LN1GRGAKKjOSOwTLzW3kDqENJpGJ0bmSqJZfADGrVJ3RkBfr3LgrQuAsWnemLAFtfH3aBMwrw/gpgZBmjDTYAML47izrVY9hMr6aZazePOeEsU8tFpoLFTKlWi+iDNR6v0ErLr0banGlM+mBSozsoADdu3uhVgZMwRJnWeUarHJJC6Lb3Of7N7rQ2Neh/Obl6v3tNrlZ4stfU00Cu4ncBmQ6HwLPt/hwRO2X4wKYX/D6BTGbmwygY0Yf7G3HZ58LHpdv3bxAS4EnMMqUopurGkjWq7GRNATeoOh4x4exme3264NggpZ1iRjzRexJNHFcCvE6p8i9uRSngwQ4BQ== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(46966006)(40470700004)(36840700001)(70206006)(44832011)(4326008)(8936002)(316002)(15650500001)(86362001)(2906002)(8676002)(70586007)(36860700001)(5660300002)(83380400001)(82960400001)(508600001)(40460700003)(186003)(2616005)(81166007)(47076005)(26005)(36756003)(426003)(6266002)(7696005)(82310400004)(6666004)(356005)(1076003)(107886003)(336012)(6966003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2022 18:01:45.5906 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 935bcb53-24dd-4947-35fd-08d9ebf63c58 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: MR2FRA01FT014.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR0P264MB2327 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Add the command verify that check the signature of an image with the pre-load header. If the check succeed, the u-boot env variable 'loadaddr_verified' is set to the address of the image (without the header). It allows to run such commands: tftp script.img && verify $loadaddr && source $loadaddr_verified Signed-off-by: Philippe Reynes --- cmd/Kconfig | 7 +++++++ cmd/Makefile | 1 + cmd/verify.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+) create mode 100644 cmd/verify.c diff --git a/cmd/Kconfig b/cmd/Kconfig index 87aa3fb11a..0460d5c3a0 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -428,6 +428,13 @@ config CMD_THOR_DOWNLOAD There is no documentation about this within the U-Boot source code but you should be able to find something on the interwebs. +config CMD_VERIFY + bool "verify the global signature" + depends on CMD_BOOTM_PRE_LOAD + help + Verify the signature provided in a pre-load header of + a full image. + config CMD_ZBOOT bool "zboot - x86 boot command" help diff --git a/cmd/Makefile b/cmd/Makefile index 166c652d98..80e054e806 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -177,6 +177,7 @@ obj-$(CONFIG_CMD_THOR_DOWNLOAD) += thordown.o obj-$(CONFIG_CMD_XIMG) += ximg.o obj-$(CONFIG_CMD_YAFFS2) += yaffs2.o obj-$(CONFIG_CMD_SPL) += spl.o +obj-$(CONFIG_CMD_VERIFY) += verify.o obj-$(CONFIG_CMD_W1) += w1.o obj-$(CONFIG_CMD_ZIP) += zip.o obj-$(CONFIG_CMD_ZFS) += zfs.o diff --git a/cmd/verify.c b/cmd/verify.c new file mode 100644 index 0000000000..4d055e0790 --- /dev/null +++ b/cmd/verify.c @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (C) 2022 Philippe Reynes + */ + +#include +#include +#include +#include + +static ulong verify_get_addr(int argc, char *const argv[]) +{ + ulong addr; + + if (argc > 0) + addr = simple_strtoul(argv[0], NULL, 16); + else + addr = image_load_addr; + + return addr; +} + +static int do_verify(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + ulong addr = verify_get_addr(argc, argv); + int ret = 0; + + argc--; argv++; + + addr = verify_get_addr(argc, argv); + + if (CONFIG_IS_ENABLED(CMD_BOOTM_PRE_LOAD)) { + ret = image_pre_load(addr); + + if (ret) { + ret = CMD_RET_FAILURE; + goto out; + } + + env_set_hex("loadaddr_verified", addr + image_load_offset); + } + + out: + return ret; +} + +U_BOOT_CMD(verify, 2, 1, do_verify, + "verify the global signature provided in the pre-load header,\n" + "\tif the check succeed, the u-boot env variable loadaddr_verified\n" + "\tis set to the address of the image (without the header)", + "" +); From patchwork Wed Feb 9 18:01:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1590667 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=Jm1av6oE; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jv77r12jxz9sCD for ; Thu, 10 Feb 2022 05:04:56 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C359883F18; Wed, 9 Feb 2022 19:02:55 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="Jm1av6oE"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4651E83EAF; Wed, 9 Feb 2022 19:02:10 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0606.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::606]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id DB48483ED2 for ; Wed, 9 Feb 2022 19:01:47 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bI9HNz4NBKs6AEO2qtrVRsnqOvXywas6dDovP0Ff2d13k3DDsWYgkpUpfDxvoFhFMr4SEUb7MM+Pqve34aZK5yLfQchN8Tpz94Slb6CD/2vSflOZSBlmW3xkrDCgEDAR5Srg9nebTAn7Ih0bgX8FlaGI7X8WUpsiXBbYYAFGNzBMBdLWincpIiv7NhxkmHflfciASUrISq4429d7CX+SvOuMCSgByNMIzK4ISxM2nX4yuq8+JzP3/puqV0zFOVNeh9s7J7bcjgHuK433l0nm/JFURtjY5zuOaK+Y7ovQybyWHw7QgNSqBYaSlTuK1faLx7/kD8/iuiPDPb0ubmSSNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YR3bbhcEWCvQT+DxgChp2GSyCcvRhKcXwKb58gOLkpA=; b=Dxa+fpmmLELgkSe1YV6Dmj3/rkKSlDVl6QqUFgXWPTqXuuIw5x9OWtBeq4h4bCTHATG3PePWoaQEHoR5N3Gqtf5bWV/X+sd8nW2wpae1a7x4sv98yB3w9W/SqDdmPGL3ZSN8mv/dbmPlEUEcss+FzNxmR6JKBQu7ycGY3i89+T2zVBVlVvOkZpvN+jcadXWhug1V+S7g7PrswWVcBJymogeXousCaD8h5tiMOcG6ugIPzuhuT76MLiBNsPl+ucEHglUByiB7pvHZmqIr+9Hu82XaVLcd+UnDp5JvwP15YOqsQNLUGSGCeQLzYnkka9XyiI4pV54gvhYj0ElSXO/Gvg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YR3bbhcEWCvQT+DxgChp2GSyCcvRhKcXwKb58gOLkpA=; b=Jm1av6oE8nb+rhpxCviNYA9HnzrWXMgu9E7ikCdWUfXHwiwBDjhwJZEL9jgpTLWKvs32Rh+EskMQ90aIizqFE7tZKyvHCBmZf/hvFyn2Cj02GAbujzClDAJW7zbhu/iLQiHcxsWPS11MMrB0/VtbqqMr+ZeAdddBFyJeQiT7KdD89hjCyLVKj4gqyQvD1E4F0F0O56VMjhOvpbomyR8z1QQpmE8qck8OpgXvEYgOKXiSyPfa+hNgSIS7+oViooikDSop0RsD6PztPeZtJ263k9Zg2L6s3c/i4mBr84vWdqvcp4lOEK3KafxwRIY5rupXB7e8oQ63tJLt5Du5gZe6eA== Received: from MR1P264CA0014.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:2e::19) by PAZP264MB3088.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:1e6::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.12; Wed, 9 Feb 2022 18:01:45 +0000 Received: from MR2FRA01FT013.eop-fra01.prod.protection.outlook.com (2603:10a6:501:2e:cafe::70) by MR1P264CA0014.outlook.office365.com (2603:10a6:501:2e::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.12 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by MR2FRA01FT013.mail.protection.outlook.com (10.152.50.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11 via Frontend Transport; Wed, 9 Feb 2022 18:01:45 +0000 Received: from sah1lpt571.softathome.com (unknown [192.168.75.67]) by proxy.softathome.com (Postfix) with ESMTPSA id D7A0820245; Wed, 9 Feb 2022 19:01:44 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v5 16/16] configs: sandbox_defconfig: enable config CMD_VERIFY Date: Wed, 9 Feb 2022 19:01:28 +0100 Message-Id: <20220209180128.10655-17-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220209180128.10655-1-philippe.reynes@softathome.com> References: <20220209180128.10655-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: fee445cd-d8e6-480b-a368-08d9ebf63c50 X-MS-TrafficTypeDiagnostic: PAZP264MB3088:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:862; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ui8PMZL2hy2x+fOD3+EXzxNHqEKU2BNAzPI76Cvs6tnrFWeT/dn+uIUoC3j1/5RDCz6ju+oM5zEeh4yJYa2k9sEc3yUkeKGTXk0QiIzVvInJeJjelRwSb2hIiu+OSWRLjYz/Ppji1odZ9Km8LHmgOlmPbWjBQTSbALUpbXPc0Wt+zKKsw8pd3gh/ROt7FQ+QhmsBgO3bo1nA0jBTqsd1RmMWUh6JvFclncfvAZxEQGz6KG4JIqzZH97ND9iv7H9l1r3vXRFnavU2sx3G94v/3r/crrB3M64CYP6kRpPdDhNgUMxHcZpuPkdE6eOR8wL7hlfjsMY77cmoZCGUOOEB/qceQ7IJ75ROle4uCVN4viaQSAxmXYs6nN7239bifpBXvDJ0MtnyxXxEyBBmwdrMVhLZemWpHLERgOQEH3yEhmkMvNiuGGlOnu76nyVNjYyWFfKD8OE6MKf4ArlMu/NkpN29uPQOxg2Lz1BXc3OfQQgFB+YSlkao+jKR8L/lxUpW1xDnsqXvJia3M5GusAxioAfCaahsVFE0stUtrDuz1r08NkXxbdTYoN1ya8p8zH/IEUp4QkGYp9nRL66cen0eyvTuV56nGlqWXuUEadlchES2sKJArNQpUgg6uQOUOWDg7PdLn80KU6k7fHA3yxHe08M6wjIhNhKqLiJt7WEmESFOdQR3NbRNMjkgp3iP+YAooVjE4Qc7WVT1jngloMogsA== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(40470700004)(46966006)(47076005)(26005)(70586007)(8936002)(508600001)(6966003)(70206006)(316002)(2906002)(36756003)(40460700003)(2616005)(426003)(4326008)(1076003)(107886003)(336012)(6266002)(186003)(8676002)(86362001)(82310400004)(82960400001)(5660300002)(36860700001)(44832011)(4744005)(6666004)(7696005)(356005)(83380400001)(81166007)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2022 18:01:45.5410 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fee445cd-d8e6-480b-a368-08d9ebf63c50 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: MR2FRA01FT013.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAZP264MB3088 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Enable the command verify on sandbox. Signed-off-by: Philippe Reynes --- configs/sandbox_defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 2732b05ca7..483f01ef79 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -44,6 +44,7 @@ CONFIG_CMD_BOOTZ=y CONFIG_CMD_BOOTEFI_HELLO=y CONFIG_CMD_ABOOTIMG=y # CONFIG_CMD_ELF is not set +CONFIG_CMD_VERIFY=y CONFIG_CMD_ASKENV=y CONFIG_CMD_GREPENV=y CONFIG_CMD_ERASEENV=y