From patchwork Fri Feb 25 14:57:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1597727 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=HQzyvREY; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tFC01fdz9sFs for ; Sat, 26 Feb 2022 01:58:21 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 7CAD283C7F; Fri, 25 Feb 2022 15:58:06 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="HQzyvREY"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 11B7583C7A; Fri, 25 Feb 2022 15:58:04 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-PR2-obe.outbound.protection.outlook.com (mail-pr2fra01on0608.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e18::608]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id F25A3837F5 for ; Fri, 25 Feb 2022 15:57:59 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WmUiY5jdJWoHZAiRcUuk7iUfSDbX1uONdYE9NcgQEHZtkkGb56aP8olrS7fCbonSe2xjaprA/sK5dr+gbGS+Na/tEhUuY2jmKSdQo9VwkO9zV9+dqHnlfoARtzhZolcBxHaBYWZCccp39SzQHT4vzJLCAo6CML3cSZeP9m5axKVB1eGaTF7+SC2Lgfo1iM6jLUQ/uRb/+mpPdit5pyiRzKtSVaRvwKewHQZbqLWX4pI4oE5BTOI7LYV0KzGww8Cid7FOCIl3+grpZAtQosVVOBf+2UVh9wb0B5FY/un4imqEKWdzDUQANPxfw0o+iVmz0L40JdPT+VKyYa6CuASCnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pdHdyJalGd9owWERaoHC4BVdpS0edIpmO0EkZzOawHM=; b=Gu2fUWWv18UYsVdjacFEFVR6pzrHaKytwuj1t5f9vpZf+564VHLtpTAN5ygJ9Ou+2Ka9Eg7SLrsLytTmaMMPlfqN/jZ/IODgHbn4FmxVdmGca6Il5HTBIB1jeGHfYB9Gr76I931/fvObLU56ETpbEI9YW83Eh9Q0n0o7vxXZwXzBfFXFtvs4h4/oilUUtEkWrET8+r/6PgBEl1aXaR7lbrUzYAHPbUYj1ApTBkdHEWhC5nDRGFV0aqku8PAPuUOBEdgXJ0YiaCw1gCyOISSSKt2DNeRB/iqZ5MUr0qIVoSVGzuwdZu3yOCX5pbliFU8u1RRDrY/hvxScmAJj8BuawQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pdHdyJalGd9owWERaoHC4BVdpS0edIpmO0EkZzOawHM=; b=HQzyvREYCLh1+HBELJjwvZhRiWh5z28CRlu/pEKYjCld4BKqQUGnCKP8d2ukiiyfcu8eXi6eYZTBBuVYEUoRuW26+4YeowrxskMssuwEzp9OvGFCtPkCjZVj/7r4xwqbluCpgafE9LlXlStlc61MVJmRqv1E+KefjBngONU0SwpwVswrHgRh1Q/EUKzIgx9VihqJm04HsZPVg4xdPQlF5akNfCuG87CiD7YPhoNq+p/grNMZ4LcBi7qD8j5uYVnxLFM84N7xZwZRo8Hg8jkICselnWcqvGPkPNKiYes2dz1dnB7iKBEt2POKuGtaKeBDuz6DGh/MeT7D4ju32c4S0g== Received: from PR1P264CA0025.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:19f::12) by PR2P264MB0190.FRAP264.PROD.OUTLOOK.COM (2603:10a6:101:10::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.21; Fri, 25 Feb 2022 14:57:58 +0000 Received: from PR2FRA01FT013.eop-fra01.prod.protection.outlook.com (2603:10a6:102:19f:cafe::55) by PR1P264CA0025.outlook.office365.com (2603:10a6:102:19f::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.21 via Frontend Transport; Fri, 25 Feb 2022 14:57:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT013.mail.protection.outlook.com (10.152.48.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:58 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id DB54320032; Fri, 25 Feb 2022 15:57:57 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v6 01/16] arch: Kconfig: imply BINMAN for SANDBOX Date: Fri, 25 Feb 2022 15:57:39 +0100 Message-Id: <20220225145754.30217-2-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 15dcdba0-6c5e-491e-0496-08d9f86f3606 X-MS-TrafficTypeDiagnostic: PR2P264MB0190:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 4PnevLkDSRmKMT8/shjASPps4bOHiEVtCUKE/Bc+50EuCT9pLS8paab4vckLGcs5SQLss9bEykLvKKTuiOn7d1nogjbxwteUPNz3wTiELSSjS0TV5/Eypvu17iRHI76yVz0iISh6Si8fJJlHcZy16EKO0tp5CSYN7GEFqn9lcqyHX70rmuJb4CksI43s6TOiftZD9QnCcOPB9oa9MbaRUiRcf1+FKmIBQ923jQUq54L6BD8rCLRovKR5i2dRDcICnGmRsrDuSwu20G5dLWR/7Oy2vRJ4ecn9yQhmn/1GXce2rhTGi4Um5Ap0ntHigV/ITy1pt37FPYbwKb3E3qqhzR4hDr0MCipPIM/QBUilXE7xf7enV4EP1esf/dUhLL3eMmpXSgVNCUK18001OjxFPaMr7yAItp48hS4rzrC5bRBlgRzTbCz8IHjhw8tTuBJ4WuPui/OmPHEOFUXkRE3FooqmCjohWzab1hnKDa7KhyRGKENinkiZSw+ohnXFF5wh9UVQaPJbrYnklbiUcyrYIosl5qooevjZ0HPwN9xlr8kBciC3hSHsipsUcOKlqBOkGNRNiWGWaBBjJI/D7g0dDhRtxpM6kb5mK4ljjFU4DYngpyqdR+QfJwMUOnMdS5L3vNeGeNx9mbhlg7EHO5jOgwanmDmkJfjxORCrSCtj/ONueEZyoCqEEwl5NZfrOQ6xs2lgEwQEz4q8P6sUFW0eeg== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(40470700004)(46966006)(36840700001)(426003)(83380400001)(356005)(47076005)(2906002)(36860700001)(82310400004)(86362001)(81166007)(6966003)(186003)(70586007)(40460700003)(508600001)(36756003)(4326008)(316002)(44832011)(6666004)(107886003)(5660300002)(8676002)(8936002)(82960400001)(70206006)(1076003)(26005)(2616005)(336012)(6266002)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:57:58.0589 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 15dcdba0-6c5e-491e-0496-08d9f86f3606 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT013.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR2P264MB0190 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean To be able to use the tool binman on sandbox, the config SANDBOX should imply BINMAN. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- arch/Kconfig | 1 + arch/sandbox/dts/sandbox.dtsi | 3 +++ arch/sandbox/dts/test.dts | 3 +++ test/py/tests/test_fit.py | 3 +++ test/py/tests/vboot/sandbox-u-boot.dts | 3 +++ 5 files changed, 13 insertions(+) diff --git a/arch/Kconfig b/arch/Kconfig index e6191446a3..35624377ca 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -203,6 +203,7 @@ config SANDBOX imply KEYBOARD imply PHYSMEM imply GENERATE_ACPI_TABLE + imply BINMAN config SH bool "SuperH architecture" diff --git a/arch/sandbox/dts/sandbox.dtsi b/arch/sandbox/dts/sandbox.dtsi index 66b813faad..826db26fc2 100644 --- a/arch/sandbox/dts/sandbox.dtsi +++ b/arch/sandbox/dts/sandbox.dtsi @@ -7,6 +7,9 @@ #define USB_CLASS_HUB 9 / { + binman { + }; + chosen { stdout-path = "/serial"; }; diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts index 48ca3e1e47..c11ad8cb9f 100644 --- a/arch/sandbox/dts/test.dts +++ b/arch/sandbox/dts/test.dts @@ -61,6 +61,9 @@ osd0 = "/osd"; }; + binman { + }; + config { testing-bool; testing-int = <123>; diff --git a/test/py/tests/test_fit.py b/test/py/tests/test_fit.py index 6d5b43c3ba..5856960be2 100755 --- a/test/py/tests/test_fit.py +++ b/test/py/tests/test_fit.py @@ -89,6 +89,9 @@ base_fdt = ''' model = "Sandbox Verified Boot Test"; compatible = "sandbox"; + binman { + }; + reset@0 { compatible = "sandbox,reset"; reg = <0>; diff --git a/test/py/tests/vboot/sandbox-u-boot.dts b/test/py/tests/vboot/sandbox-u-boot.dts index 63f8f401de..5809c62fc1 100644 --- a/test/py/tests/vboot/sandbox-u-boot.dts +++ b/test/py/tests/vboot/sandbox-u-boot.dts @@ -4,6 +4,9 @@ model = "Sandbox Verified Boot Test"; compatible = "sandbox"; + binman { + }; + reset@0 { compatible = "sandbox,reset"; }; From patchwork Fri Feb 25 14:57:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1597734 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=Y+Lg6l2k; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tGY4Vzlz9sFs for ; Sat, 26 Feb 2022 01:59:33 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 15F5683CEE; Fri, 25 Feb 2022 15:58:46 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="Y+Lg6l2k"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 91C7283A66; Fri, 25 Feb 2022 15:58:11 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on061e.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::61e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 76EC783A66 for ; Fri, 25 Feb 2022 15:58:00 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IzqFxPNGGc0ii/vmv1nSmIugVA7HuEBpuHkmD6OeWUonlp6eDS52KI3TQRBv4YUB2B4fTSP+bExr5krucjtta3o+CvbXtHDlWCH/Hou9OxUNKPz7rdexEQscXCfuC0Ny6U07rQtAAYz+WsRyA4BSABFZFUQhwiZg6a0250D7ChfJdM9BKwNGiystR68mKh8Y39jd2jtrjdcSSUQ+G6TkLxq6DxjCCRwVuz9450DB3O2+46RE/CJ8frVC39xrB3+HjoTDCVtliwHN7bKzdjVuVYKvYjWF9w472z2NeriDJ9JwOKN7TIQVxCpVR9/EkkDO5KEMkUBwGASdPwMq5AgwLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ccVURO/rg7CUfWIg2mHQ5HzMNeeBoPUnwbxLi4ECB6c=; b=Ws25kcy80EGeuJE3H6129Lom9cEVUvJGyTK13GRjcbfSgkzVfnkzHdUN36h6Mee3wrFXBcMD3SG6ewPFJR4UfktPS8KhTGWkhJKiTkUNo9HOqfck7rd+DWjOFrB3kszRPSpOKXSoHdrpAO1Dv3rjPXwcZ83wCkKM5UeZYzDruRtIKHs9E1PkS92XJ01ly3Zr88gr7k4kESUPXwpF6A/rORoXQxoqKqRGNLoaC86BXJjczXJ0hdPoJkOjqXdNGWbdTrBtoUWhPdvdMavMoZp/4UmGy1Bo0XA5zkWAwJeK/GRhG9y4KE+agpOz3ZIj/OzbI/ebVpbIK41CwUAn9t0Vng== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ccVURO/rg7CUfWIg2mHQ5HzMNeeBoPUnwbxLi4ECB6c=; b=Y+Lg6l2kx5MSdqp5wOgd4vHkbAiG5ZKy6CHLnImLIjBh13Ipon03iH4EUDzMURy0XTfbA6PJ3eimSJ+aaIX7qzqzwW66P2Jzs4SpqtW+e/sczia7lknVTHFGleA7lTVQebA78fei8iM93pNlmfo87AdzmZhmNK2f90Eo2gI93Xh8pRTXgaK6QxiShzAlF//+x38BqjZf7MB7WNqxsnfi0bckCYVDGfo1IjbtLDeSmjIwsX9pA7wT45igrUaCbTQW7rrEYfQg/Ao/AopPgOfvgkEltvSjwvouP/jjQ0w5aG++pgVjkT093pQZZHeQRa8lrwo/gQsI0rlwK9Gz/YNHSw== Received: from MR1P264CA0095.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:3f::34) by MRZP264MB1750.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:a::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22; Fri, 25 Feb 2022 14:57:58 +0000 Received: from MR2FRA01FT010.eop-fra01.prod.protection.outlook.com (2603:10a6:501:3f:cafe::e1) by MR1P264CA0095.outlook.office365.com (2603:10a6:501:3f::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.23 via Frontend Transport; Fri, 25 Feb 2022 14:57:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by MR2FRA01FT010.mail.protection.outlook.com (10.152.50.176) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:58 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id 04F7720037; Fri, 25 Feb 2022 15:57:57 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v6 02/16] lib: Kconfig: enhance help for ASN1 Date: Fri, 25 Feb 2022 15:57:40 +0100 Message-Id: <20220225145754.30217-3-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: a65ff713-7356-468d-a751-08d9f86f362d X-MS-TrafficTypeDiagnostic: MRZP264MB1750:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0MpDs1a0jGwtd6XBQD3RphVJnisqB4cCIUJMiwfIKCUPPXOeyQ4D1EnjzqjKmNq6SoL7JfbbPxYEwJAlm2l7UpYcEyKz1yPi1Gs48caKf4WqBcgTPlOODQ4DLWPzMQ98/6twS5rHGNoBXp/8U9rxTOBA6HNvSLppxDHiqtwAjIENuExAZAmZ2tiQ2ZbzSBdlLbtZ7AkoFihE7OqlaHL7bZhNq+g7kJDEFzmFV1VXId7zHYOP5QTPeuSuIM3fsll+zdqBKmzF2WPIfk52Arpy4jsOjaDu/HU+WFOOC7vvt2BdwwOnMi2lYT+a8eBrqlUBGVrvoag6HNOfJsgpTP9g/PZjnTtByS8LM1CN5DFUEg+H3D0vegL45CD9cgkCl2HnEbzWILomwp7h7cYAqD9pdEYPxhQbqxjDU2VX70QNKJH5+vigUSkNwgRLu+4Qnpb92OMfzzlNel+gnbaBtkAW4GU9WV/37Pafs1ayYgjAuNHKcSogDm/NacKKXqfwA9GUY75Swme6+Z16cIrvGW7zO7ZRB48CR2Uc34uscWBTep79sIl9lz5VM/P/doR10npCz7vKPmBtFJWiSqAx7ChHzUCn2VNbR70A/RoUUAQ2UshFPDskLH6CAsA4YAbJIS2NJMcSctb5lVGaedHlO0BUgtiVohGdPG1I+HWMV6WGJo6Bl8zs5l5VK3Di83StReaSLhOlTqR/oawFt36TeT4z3Vr7HuOrsMLwB6WuplnzisP9XVie7bzyKKvQjAi2W5whEbFncHMpa94aTDJnBCJkVHCmk8wp10+gX9zZ4tLF4OI= X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(40470700004)(46966006)(36840700001)(508600001)(4326008)(2906002)(36860700001)(36756003)(86362001)(82960400001)(316002)(356005)(82310400004)(81166007)(6266002)(6666004)(107886003)(2616005)(47076005)(336012)(426003)(26005)(1076003)(5660300002)(186003)(44832011)(6966003)(40460700003)(83380400001)(8936002)(70206006)(70586007)(8676002)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:57:58.3030 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a65ff713-7356-468d-a751-08d9f86f362d X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: MR2FRA01FT010.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MRZP264MB1750 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Enhance the help for configs ASN1_COMPILER and ASN1_decoder. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- lib/Kconfig | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/Kconfig b/lib/Kconfig index 3c6fa99b1a..b0e5d60b3d 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -791,11 +791,23 @@ endmenu config ASN1_COMPILER bool + help + ASN.1 (Abstract Syntax Notation One) is a standard interface + description language for defining data structures that can be + serialized and deserialized in a cross-platform way. It is + broadly used in telecommunications and computer networking, + and especially in cryptography (https://en.wikipedia.org/wiki/ASN.1). + This option enables the support of the asn1 compiler. config ASN1_DECODER bool help - Enable asn1 decoder library. + ASN.1 (Abstract Syntax Notation One) is a standard interface + description language for defining data structures that can be + serialized and deserialized in a cross-platform way. It is + broadly used in telecommunications and computer networking, + and especially in cryptography (https://en.wikipedia.org/wiki/ASN.1). + This option enables the support of the asn1 decoder. config OID_REGISTRY bool From patchwork Fri Feb 25 14:57:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1597735 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=brgW0ybP; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tGm0nkcz9sFs for ; Sat, 26 Feb 2022 01:59:44 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4089583D21; Fri, 25 Feb 2022 15:58:50 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="brgW0ybP"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 100ED83381; Fri, 25 Feb 2022 15:58:13 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on060f.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::60f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id DA4A483A86 for ; Fri, 25 Feb 2022 15:58:00 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CDkf4mm3u9dr146pWrdHd9tDc134kwVELXRud+sC0W5jEvVIsfIccp8yTQPdibYISvmuSrJLm1eJoJz5cR/pCjNMptD+CSxHASSQt0oJTsFc0Qlh36lpzN7FWZDs8BZ7gfNdpvH6l9qV9dK02tzMsw2wekRvm6QGOo60oFjo4vQ3LtsY0teeyPDCFVjaQe8IinHwxPaT1i1b5snm8rB+6BfS6AnI1eJgbJ9tsaBIk61ahbCiJkfsLtN7Cz7lPszbxs1CfStDlCmEX9G7qLHpIIUI9VjxLr8Xto+R/mCrki7bxUVZgCb4h8s9izjKdfod7VI5PpTyO9IbDWe+GRfVFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DFt67kSbODXkjqhZMcl25SOHH+vM5oRCOXxGnRA9TUY=; b=aqK5QrgF3qMlAI5Jn11UG6ZPXEcRlyTHhfCHpRWiotlXLbbLKVWc5wea37tDFEJ/bUI9FZJ2DGH2WKsLOSS+L48siqMr2xV2E4u66PxwaWV8Q1TmqqpHVg5bOsY4sJ6HwsmlfrMXUgOhUXRV5FiyNNLaAONRhwGTq8yeyMZRFuXF1tdWPa7gD4ELYSWSU490/De2toUTm+E9adupD11nu2YWQDkb40g4mBF3i9VAIqx7PViD72oGv8F+jC0Uvybcp8kMwZ2mUJjekek6nKoB7IItHQn7vnPgv2vhka7hG3WQXuHXXDQzntcufWGEZSkSwjdmudvBV7jghujfZr6TTQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DFt67kSbODXkjqhZMcl25SOHH+vM5oRCOXxGnRA9TUY=; b=brgW0ybPUU/IL9RywdSDT+SCFMdPI3elqgeySSSw5VtcEa9kE2pSkv2ZiheSHMUxaCrbrphCEs86JPxqOrLI1y5PUE8DRL/uuIM96UX6cye5RqSuJv0chT4BeXtPOrqChhTUfhiqqcrhcJbUvVJS/1L7tJMoRZ5qC3R96jLTX7Qc+x5Hn2QRD/eW4ak164KDzXPdqRMlRZkciI6JAg7c+Oqr9z9TZhZv0LTwtuUHPZXxUmIvgcxlRq0EpVpKvw2Zn6yqRAAOuSLqOApnW3n0aGmRRBw50sNsjiVa0vMXPcqK73FzVmYOWG9d6U+UCRkLT3cLY2Aup73W9DftLH+Z+w== Received: from PR3P251CA0004.EURP251.PROD.OUTLOOK.COM (2603:10a6:102:b5::16) by MRXP264MB0902.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:26::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22; Fri, 25 Feb 2022 14:57:58 +0000 Received: from PR2FRA01FT016.eop-fra01.prod.protection.outlook.com (2603:10a6:102:b5:cafe::23) by PR3P251CA0004.outlook.office365.com (2603:10a6:102:b5::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.25 via Frontend Transport; Fri, 25 Feb 2022 14:57:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT016.mail.protection.outlook.com (10.152.48.109) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:58 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id 235BE2003C; Fri, 25 Feb 2022 15:57:58 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v6 03/16] lib: Kconfig: enhance the help of OID_REGISTRY Date: Fri, 25 Feb 2022 15:57:41 +0100 Message-Id: <20220225145754.30217-4-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: cae3774d-c1b7-42a9-5fb6-08d9f86f3636 X-MS-TrafficTypeDiagnostic: MRXP264MB0902:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: QbZtUFEjdRoXMFOojLEo2cakKQxN77uRIcRdUnG+fujxqlx8Iu1cEioRRKlVbCtWIj+KD00KImd2l9lajNymmYLxBDE2S1vxoFAPa+JsVO+kZPLq8xrlxIQF6UXez6auTu8diUZFjRNwUaDydTBngNYcHPv93qpb7eYJ0SK5+/wF+MHzLu94LV5tKHU9SM84Z5lY8CPDMsbQk4uTjAV6lPrjpk2c8BmgG+2X8nHtlm+ntj4ud8jQxZqA25LWwu/TQ+b2TcneU8BeQUgWcuZPTAw7GQm33y+HDKvtqXqTVuAQlFMR3jYev/V2sDCHxXj0nvFHlzqQImXEmDrKt3azjN5sxFll/e4VKWwI29lptJwtxLChjrZyUqXYJzMUFJzs9jkr8ETogLTmmfmrBEEwGdZKoeHsXaxWu6P1acuwYSz/XOeuVi3BFxF1DsXLilGPJXekSDKLV0YByDfujLbpPkVNHr61BMM7dvy95Dnh8foqYgigQrXN2Jmh0DygYD4ILA2TG9q/sZqNWfJxB2YtjBL//9puu9jMH1tY5UriTI8Hl2+bb20IcT39wBpDfcj2eb6Pp4DNp0DBtg626HK6KOKSBemTsXrsbTrLqjdkiBkt53BHYogB3Q2knfn2OvlhLZEmxABsDmdAMYYV319WqFg1IqbcbROmdQWAqjPc1sJkQkhhGXDC7/BV20rM1gjb7AMuQCJedK10yQZ95T/SpjZd8EPPUYUtvFcUGvsvfx0m6ruWOB4tiwKDXyC/IkYFZvAqWrRGRAJs9Ysf1XPze8vAQWovt/72fBt3MLUiP1c= X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(6666004)(70586007)(107886003)(4744005)(82960400001)(70206006)(26005)(186003)(8676002)(4326008)(44832011)(81166007)(356005)(2906002)(47076005)(6966003)(5660300002)(508600001)(36756003)(316002)(1076003)(40460700003)(86362001)(2616005)(8936002)(82310400004)(36860700001)(6266002)(336012)(426003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:57:58.3758 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: cae3774d-c1b7-42a9-5fb6-08d9f86f3636 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT016.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MRXP264MB0902 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Enhance the help for the config OID_REGISTRY. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- lib/Kconfig | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/Kconfig b/lib/Kconfig index b0e5d60b3d..e749826f22 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -812,6 +812,10 @@ config ASN1_DECODER config OID_REGISTRY bool help + In computing, object identifiers or OIDs are an identifier mechanism + standardized by the International Telecommunication Union (ITU) and + ISO/IEC for naming any object, concept, or "thing" with a globally + unambiguous persistent name (https://en.wikipedia.org/wiki/Object_identifier). Enable fast lookup object identifier registry. config SMBIOS_PARSER From patchwork Fri Feb 25 14:57:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1597731 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=otLZ5ZsU; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tFt6mL6z9sFs for ; Sat, 26 Feb 2022 01:58:58 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E79D083CF1; Fri, 25 Feb 2022 15:58:29 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="otLZ5ZsU"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 2D60A83CDD; Fri, 25 Feb 2022 15:58:09 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-PR2-obe.outbound.protection.outlook.com (mail-pr2fra01on0602.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e18::602]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2F56A834A3 for ; Fri, 25 Feb 2022 15:58:00 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZlcAI1jZ7vxU42jJr7kQBGtnBz9XAiuu7m7JG6OzMsBQxsmq2M9yb1AafTM92o3ARaW/0VpqEk8jCmGudErfwlXmzG6EJ77tbsxccVv9D4BomqW85dTWVrSvTHsBHLRc1GphtsneemAxpDxqwopcvgnsiTTZlUMZYBNZL9fqCNp1kPjkWCPJdjLawpunhOhuWNm3/PUgTr7su7t4TNzM1yyRBcV2fiYUeXq+GDksniq7ddG9HyawgJS0XMkXkwOBAXjD2HMkJq31iUn19HDuylwX5dsTW+Ifej2uZQ05pdhWWbbWEtkKlGbSB9R7jH50B8HWPK1tNhhsHMyVs7pyag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nQ4tGUy0Yu6TMS/4a0kvWhg3+chTLAgLr7HGNFbS5OE=; b=ZGijyPrLkIZQQbJZjUPzR9tp59go0s0NARVsSRNG9YWGb4Cb4QGDJGMRYsFXHV6krOU1BBo9S+XLb/MwOjT/UfOACym/SOBvlmfy4368GPrX7b3n3Iw6PBNmPMAS+F/xcbTAo0ET4qUOIuf9kRP3lJOJgxr5Dx/2bP/CSQLtqkds125qO9pyJY0KXSj33K3ohrzZBvXZH5QzcwcyNw4XQGqbYr0FnWYXB4+5huUNNZTfkpggKaZQ+QBVQ7xfbDX8GGBhfAOdVePT5BWEXbW2WH8xA3POyk1jIwNUHEU+t9jI6OXfbCwBM5A/CtomaPCHp9shGXkuClLU8KSEQuucEQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nQ4tGUy0Yu6TMS/4a0kvWhg3+chTLAgLr7HGNFbS5OE=; b=otLZ5ZsUyf25Ezkffo1GQMZzraBa4kfwkWUDqYX7NQDxxD9XDpG9iTASXP8OYbA6vCnw9yzcIItWB1laMhkLdkL/3pzfCLKICQHHqIWrINTu5MsMVzpjETGzFxZe9+ax0OufAKXdCIO021Rf3KkqBfjaib+LNLPivXx2J/fKBD9cfOt4KBuRSfX8b6MoPZLRutU9sm3rbBxCZryYlmf382+Jl8Vdvbz8olgkxGodNLhjLS/AQq0PAXrd70q+mkwUipahJZu7iyWjJjCb0M8o5J5eVfHTuZbM4UWoc9NXGG75gfOoTWL1vshgrvyBMVMXdXgvHEyDfw0QYJiLV+VHEQ== Received: from MR2P264CA0074.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:32::14) by PR0P264MB2218.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:16c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.23; Fri, 25 Feb 2022 14:57:58 +0000 Received: from MR2FRA01FT007.eop-fra01.prod.protection.outlook.com (2603:10a6:500:32:cafe::52) by MR2P264CA0074.outlook.office365.com (2603:10a6:500:32::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.21 via Frontend Transport; Fri, 25 Feb 2022 14:57:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by MR2FRA01FT007.mail.protection.outlook.com (10.152.50.174) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:58 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id 422C220040; Fri, 25 Feb 2022 15:57:58 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v6 04/16] lib: allow to build asn1 decoder and oid registry in SPL Date: Fri, 25 Feb 2022 15:57:42 +0100 Message-Id: <20220225145754.30217-5-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 885bda79-b790-4005-cf88-08d9f86f364e X-MS-TrafficTypeDiagnostic: PR0P264MB2218:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rTfdmFyJ3ZagL4D7dsXv1pEfrZYTWUFtHVdNAmRyxrkHpCM3tt6YXZtejWz93Rva4dcLOxa+inZOJqa58QL2Qx14AGBjPjEah767ePzTY49WLwUDvyG2f1mFekJDNi+6eho7hWSNSteiSJxKGDKsMuwVQyqkcWcYggHjU960ZRV+2UdDN1LQDiVvLfULPvgUdpr2myvYUqzsbGh+2JJet70W95YftJH01GYM2ps2ayilaBIHNMc7JVy0chWNgIVXPI2C97E/Cfu5rfG3JxhMKxzCPgy6W/UOpgrDXIiI323xsiNbpaxPWpGp/2wfvaeJolLqa6POrrqkvCwFteuKdZtu1Nhj7UXw3vU9vY5ExM3YhTeFu+CzCPpZgHaJ67zpqYfhb8vP4UILr2JlvZnF2YdJGXZeMMw3Q4s0XdhfYJbjE27fIeAdMfsOJ8fBKDkntOxX+CtGEQSLscNNyaM8kzHmEEKAN+CoGbtE+vTA0VmB01+fJXZipqOeirYYbJ1xVfUjMPpPRnIALLfKlRt5M0F/jTXa+osLWZFjbhLZxbu1njcYhMO7NX2nfSWep1c+GaetbMCN8CIoVqZ5rfHBoD8xAZ9epnzk2lonvBPMHaGlD8Hw4OdLUl+zLfKuHXdVWKlSEUaoUhQy2ps7KBJ92yo1HuFh4+PYCO1HWtpx+dJh9bQxUZzgipze+0LT2NTqeS7mIFZfADI5BnUyL+4kYsylKqC6dmDO9ihO0JfXAPQR9E05HDrWDzRhqW8coFavMjUpygNDdcXBmWY8J4OaHASao7H4xp4uT/0buhzBjxf4f0ISrOIUtKav+kzOTyUjxcX4sRkyGPxR2YXtVcNm1g== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(40470700004)(36840700001)(46966006)(36860700001)(6966003)(82310400004)(6266002)(83380400001)(186003)(426003)(336012)(1076003)(2616005)(107886003)(26005)(86362001)(47076005)(508600001)(316002)(6666004)(5660300002)(81166007)(8676002)(8936002)(2906002)(82960400001)(44832011)(36756003)(356005)(40460700003)(70586007)(4326008)(70206006)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:57:58.5203 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 885bda79-b790-4005-cf88-08d9f86f364e X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: MR2FRA01FT007.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR0P264MB2218 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean This commit adds the options: - SPL_ASN1_DECODER - SPL_OID_REGISTRY Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- lib/Kconfig | 19 +++++++++++++++++++ lib/Makefile | 4 ++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/lib/Kconfig b/lib/Kconfig index e749826f22..effe735365 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -809,6 +809,16 @@ config ASN1_DECODER and especially in cryptography (https://en.wikipedia.org/wiki/ASN.1). This option enables the support of the asn1 decoder. +config SPL_ASN1_DECODER + bool + help + ASN.1 (Abstract Syntax Notation One) is a standard interface + description language for defining data structures that can be + serialized and deserialized in a cross-platform way. It is + broadly used in telecommunications and computer networking, + and especially in cryptography (https://en.wikipedia.org/wiki/ASN.1). + This option enables the support of the asn1 decoder in the SPL. + config OID_REGISTRY bool help @@ -818,6 +828,15 @@ config OID_REGISTRY unambiguous persistent name (https://en.wikipedia.org/wiki/Object_identifier). Enable fast lookup object identifier registry. +config SPL_OID_REGISTRY + bool + help + In computing, object identifiers or OIDs are an identifier mechanism + standardized by the International Telecommunication Union (ITU) and + ISO/IEC for naming any object, concept, or "thing" with a globally + unambiguous persistent name (https://en.wikipedia.org/wiki/Object_identifier). + Enable fast lookup object identifier registry in the SPL. + config SMBIOS_PARSER bool "SMBIOS parser" help diff --git a/lib/Makefile b/lib/Makefile index 11b03d1cbe..13e5d8f7a6 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -17,7 +17,6 @@ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ obj-$(CONFIG_OPTEE_LIB) += optee/ -obj-$(CONFIG_ASN1_DECODER) += asn1_decoder.o obj-y += crypto/ obj-$(CONFIG_AES) += aes.o @@ -74,6 +73,7 @@ obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SHA256) += sha256.o obj-$(CONFIG_SHA512) += sha512.o obj-$(CONFIG_CRYPT_PW) += crypt/ +obj-$(CONFIG_$(SPL_)ASN1_DECODER) += asn1_decoder.o obj-$(CONFIG_$(SPL_)ZLIB) += zlib/ obj-$(CONFIG_$(SPL_)ZSTD) += zstd/ @@ -135,9 +135,9 @@ obj-$(CONFIG_$(SPL_TPL_)STRTO) += strto.o else # Main U-Boot always uses the full printf support obj-y += vsprintf.o strto.o -obj-$(CONFIG_OID_REGISTRY) += oid_registry.o obj-$(CONFIG_SSCANF) += sscanf.o endif +obj-$(CONFIG_$(SPL_)OID_REGISTRY) += oid_registry.o obj-y += abuf.o obj-y += date.o From patchwork Fri Feb 25 14:57:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1597730 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=sjx25PdV; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tFg4GSKz9sFs for ; Sat, 26 Feb 2022 01:58:47 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 680E183CF3; Fri, 25 Feb 2022 15:58:24 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="sjx25PdV"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4601E83CE3; Fri, 25 Feb 2022 15:58:10 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0624.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::624]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 8C28F83B7C for ; Fri, 25 Feb 2022 15:58:00 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GCNj9o7r5VKXGRmRMNfkSnDp8LU835KjhCfhu1Pop96Ukjx/+pGo3T0A2YPAJlwTWl2jYFRx9EyFi96G5TgRQe6yar3CR18UpKoBhXh0hTmQvhKjAvY1sjnSxTXSwIEokEJJPhj0U29WXWk5xHJL8MztJLbBbZ5irDAvy6pxecrbeLx4rPmjRt35v6XrbD9R9PCSBJs2fb+emXQuxBiZFAuNEdts8jquEfG7kWN/PV7U1As5sfkCTvvgn3cBEZGBuuCrbD/zNSjTobAEwpUg2l/JglPvjcyrQ/aQ68U1x3r+prWQkruNqXqZGqlnJg4Qr3IOL304xKLSid/BJ2KNVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SNhHO5qQ9HRgfFd9JRll2T6YRtlDXnbqibbc/m6rV7Y=; b=TQOh2Y+f1asqSz2hhAgDYwg64izOKsBucL1yM3yaZRILx8ykM/gVpfNJcYviMIgSQjI3FtlnjmPxoU0pfVa8PzMj3gJ9B7n21FcV9StWJDOMXR8oun0OVuJOgBERY8+RXgZUPsb2WKSUMI/0tv0TZZvw9JrV9Ftl3QKqop+NaiMlG/IKlT7VBslhRaUFfyjhDmUP/45QHJcN/92ocZqMuc/2IW3CjiCERFBnNStcGeHJ0AThgMPeyz5kIw9BUBXwsfMzuhf5F/jHGdMXPwLwaHPE81ZmhzvyQNIXXaPu0cGQK5iOgpl8n0susCu2NuNQvUogsHHUXmrizsxAqrGC/A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SNhHO5qQ9HRgfFd9JRll2T6YRtlDXnbqibbc/m6rV7Y=; b=sjx25PdVUrZt1klxz0BP1UdJUqg+SeV8lzFXmh9qOU4bIOMe+O8v1SIDfGRzJMAuNQ7nOBJ76mzMW4LPSQYv7kORnJowhY2OmR951isj7txkFxT5fi3CT1qSUGRQfnNu4ScujP7SdWRqQJ/Ufuzx6fBhZ56coEu0o6ofb6Mh/r51fW7k35HxqjTNyLGZ1Osh+5/ET8UL2c2pwMUtyKQUHiaW8xIA59kzlZLft2Z6ETV8wfqHWggQu2LQuAAsVe8EUSRGKCRwIq0ph5HY3yHol/kgjPg8oBBS+pzu6xul+/Tdhcnc1iNAw6s/c+r0sX/cEkJCJjN3G+XwgeGwrRmIqg== Received: from MRXP264CA0044.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:14::32) by MRZP264MB2874.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:1f::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22; Fri, 25 Feb 2022 14:57:59 +0000 Received: from MR2FRA01FT003.eop-fra01.prod.protection.outlook.com (2603:10a6:500:14:cafe::3d) by MRXP264CA0044.outlook.office365.com (2603:10a6:500:14::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.23 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by MR2FRA01FT003.mail.protection.outlook.com (10.152.50.177) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:58 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id 5ABD020042; Fri, 25 Feb 2022 15:57:58 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v6 05/16] lib: crypto: allow to build crypyo in SPL Date: Fri, 25 Feb 2022 15:57:43 +0100 Message-Id: <20220225145754.30217-6-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 8d104f08-88cd-49bd-4a66-08d9f86f3664 X-MS-TrafficTypeDiagnostic: MRZP264MB2874:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0LJZQPVyDScyleFhvVywi5RGnSDa1mpaxyiCgPsXwFjfXFS2BTj5wsQpBG93y8jzheHe9JwKET4egF/Zzw/tu71BE7cD8btv+XLKeZh5clxW815dVPUpabP4pmHbGHWPessbiD0Jc/d+3imKV2PCmiuPaodLuakt4SnGgFuyNE19fOG3Wg+SQ50ngzzbzjPVwwANT/BCok+7StGRxCAnE3IDpXx/kbU5x/GSCGBiDuMshhM/o1kQunFFkctlfp+QQudlCdnFby5XG7mFdG9pA8d/2UPxtmHmUZb+dE1uR0KzYBtF2MCbtmUpZSkfriSzqKGBTb4StxQdd6JWbqdckn84eKKN2+SbE822p9ZHPwX3eBE/t48FZgO2L335aXkksyfXAlFtMXq2Yk8cSbp+lJwHLIRBII7YFhkwrTJ1eEFZBTmGqRdCy7+wy4biXc1eadpkzAzSxKI+3BXbj9ry0o90PAHXZ7F75WUKaY5bWhl5gCVenqs+8B0dSvS9mDQkr0Q98OQBcv2vO/rb0DSWOu06BYlvbRwL6E6fjJ8543+OmsQsKvvbQGWhYt5MA777SiC2iZGJCyCLqt8GhbiRkDd0zCo6FxvdOK44jbGdTQtbgE9ALoxnC40hXXVsMIed8TGR0J5Iw+77Fa25t2iwt3n74ZBMf2u26ORzuUyb5XFGjVCOW1WWm9q3CfljkC9r+uB4247EHGmHc5vF/C89LQ== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(40470700004)(36840700001)(46966006)(4326008)(36860700001)(6666004)(70586007)(40460700003)(6966003)(47076005)(83380400001)(508600001)(81166007)(82960400001)(356005)(36756003)(5660300002)(70206006)(8936002)(44832011)(316002)(2906002)(2616005)(107886003)(1076003)(26005)(186003)(336012)(86362001)(426003)(6266002)(82310400004)(8676002)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:57:58.6611 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8d104f08-88cd-49bd-4a66-08d9f86f3664 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: MR2FRA01FT003.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MRZP264MB2874 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean This commit adds the options: - SPL_ASYMMETRIC_KEY_TYPE - SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE - SPL_RSA_PUBLIC_KEY_PARSER Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- lib/Makefile | 3 ++- lib/crypto/Kconfig | 29 +++++++++++++++++++++++++++++ lib/crypto/Makefile | 19 +++++++++++++------ 3 files changed, 44 insertions(+), 7 deletions(-) diff --git a/lib/Makefile b/lib/Makefile index 13e5d8f7a6..13fe5fb7a4 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -17,7 +17,6 @@ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ obj-$(CONFIG_OPTEE_LIB) += optee/ -obj-y += crypto/ obj-$(CONFIG_AES) += aes.o obj-$(CONFIG_AES) += aes/ @@ -63,6 +62,8 @@ obj-$(CONFIG_TPM_V1) += tpm-v1.o obj-$(CONFIG_TPM_V2) += tpm-v2.o endif +obj-y += crypto/ + obj-$(CONFIG_$(SPL_TPL_)GENERATE_ACPI_TABLE) += acpi/ obj-$(CONFIG_$(SPL_)MD5) += md5.o obj-$(CONFIG_ECDSA) += ecdsa/ diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig index 6369bafac0..509bc28311 100644 --- a/lib/crypto/Kconfig +++ b/lib/crypto/Kconfig @@ -8,6 +8,15 @@ menuconfig ASYMMETRIC_KEY_TYPE if ASYMMETRIC_KEY_TYPE +config SPL_ASYMMETRIC_KEY_TYPE + bool "Asymmetric (public-key cryptographic) key Support within SPL" + depends on SPL + help + This option provides support for a key type that holds the data for + the asymmetric keys used for public key cryptographic operations such + as encryption, decryption, signature generation and signature + verification in the SPL. + config ASYMMETRIC_PUBLIC_KEY_SUBTYPE bool "Asymmetric public-key crypto algorithm subtype" help @@ -16,6 +25,15 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE appropriate hash algorithms (such as SHA-1) must be available. ENOPKG will be reported if the requisite algorithm is unavailable. +config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + bool "Asymmetric public-key crypto algorithm subtype within SPL" + depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE + help + This option provides support for asymmetric public key type handling in the SPL. + If signature generation and/or verification are to be used, + appropriate hash algorithms (such as SHA-1) must be available. + ENOPKG will be reported if the requisite algorithm is unavailable. + config RSA_PUBLIC_KEY_PARSER bool "RSA public key parser" depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE @@ -27,6 +45,17 @@ config RSA_PUBLIC_KEY_PARSER public key data and provides the ability to instantiate a public key. +config SPL_RSA_PUBLIC_KEY_PARSER + bool "RSA public key parser within SPL" + depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_ASN1_DECODER + select ASN1_COMPILER + select SPL_OID_REGISTRY + help + This option provides support for parsing a blob containing RSA + public key data and provides the ability to instantiate a public + key in the SPL. + config X509_CERTIFICATE_PARSER bool "X.509 certificate parser" depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index f3a414525d..6792b1d4f0 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -3,27 +3,34 @@ # Makefile for asymmetric cryptographic keys # -obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o +obj-$(CONFIG_$(SPL_)ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o asymmetric_keys-y := asymmetric_type.o -obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o +obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o # # RSA public key parser # -obj-$(CONFIG_RSA_PUBLIC_KEY_PARSER) += rsa_public_key.o +obj-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER) += rsa_public_key.o rsa_public_key-y := \ rsapubkey.asn1.o \ rsa_helper.o $(obj)/rsapubkey.asn1.o: $(obj)/rsapubkey.asn1.c $(obj)/rsapubkey.asn1.h +ifdef CONFIG_SPL_BUILD +CFLAGS_rsapubkey.asn1.o += -I$(obj) +endif + $(obj)/rsa_helper.o: $(obj)/rsapubkey.asn1.h +ifdef CONFIG_SPL_BUILD +CFLAGS_rsa_helper.o += -I$(obj) +endif # # X.509 Certificate handling # -obj-$(CONFIG_X509_CERTIFICATE_PARSER) += x509_key_parser.o +obj-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER) += x509_key_parser.o x509_key_parser-y := \ x509.asn1.o \ x509_akid.asn1.o \ @@ -40,11 +47,11 @@ $(obj)/x509_akid.asn1.o: $(obj)/x509_akid.asn1.c $(obj)/x509_akid.asn1.h # # PKCS#7 message handling # -obj-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o +obj-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER) += pkcs7_message.o pkcs7_message-y := \ pkcs7.asn1.o \ pkcs7_parser.o -obj-$(CONFIG_PKCS7_VERIFY) += pkcs7_verify.o +obj-$(CONFIG_$(SPL_)PKCS7_VERIFY) += pkcs7_verify.o $(obj)/pkcs7_parser.o: $(obj)/pkcs7.asn1.h $(obj)/pkcs7.asn1.o: $(obj)/pkcs7.asn1.c $(obj)/pkcs7.asn1.h From patchwork Fri Feb 25 14:57:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1597732 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=Ib3EGQb4; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tG6497Vz9sFs for ; Sat, 26 Feb 2022 01:59:10 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A70AB83CEC; Fri, 25 Feb 2022 15:58:36 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="Ib3EGQb4"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 456F983CD8; Fri, 25 Feb 2022 15:58:08 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0620.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::620]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 94C4283874 for ; Fri, 25 Feb 2022 15:58:00 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VOp5FOS1dXiL+gP/bgxwWuaOLrVDtL7W+YbqejGlRuR1y0a+GXrVPHv0G6875vllsHO3VmZjbqjOSQLfnv/1YwJL7Ct7XurhQRLDlvd3VnbMIm8D5hhdGkQRmKJegc3XuRWQoYlUKWd/Uf+9ZndCFBm94fmcdB1isPBSBDOKUrbNUPfJd9nuBKEJxfiW8XycSgjNo5lLoW2ijDuZfF7HulZnVrsCRtjowddlCCwUaFSdjtnv0pTZoZQ3QZRDQxjR5Eb7fwVZbttWSl7KlbNJXcTVgHxvkIGcPpryT6Wlkh6dIJ3jptTLMIF2f/oN7hAtHJSk/dlMRwokj5hmwmOWXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2XX9uGJxISX4g15uIoK1y3UwiBNdXEwoH0CesGQYOJ4=; b=K0MAvuFhUQ7CmLPUc/llJUC7n74ALnUyb6L/Mome8J/WM2oiX4dQdbR1zTY0MqRqkL3lDs0y2B52Kgf7P/ZmW8jVsAuGMNrFED65cxSLCIsIaNjH9zsYM3Qy1mBmZ4UzoZn5az4lkBvg3kND80YXRGwAGHGaBOw+ZdSqUUCrQOHHZ3Yg4Ax4+MbChOGz3lEX3xvfmvbOrLTNIWkK/Ow0VeZa4FX36VCwvTM4rZoYiSdI6JlS2XMq0vjV6o9mBfiiNNXvOR4m+jXtx2sIPTb8UoNGbMC4oZQK2WyTN8hvIbpwQCwpYi2XIskRrNEaawcYFbEhPMr+XxAX8mABOiDhsA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2XX9uGJxISX4g15uIoK1y3UwiBNdXEwoH0CesGQYOJ4=; b=Ib3EGQb4em2Qfo36jGD6gHk9ktcTYvhhG/zkl5BmJ1TdwOu3Qj88UyFCN0gPT5tzqwgBETcVIMD1RpHNdTko0qrJrmPR2tI/co7+1V4XR7bxZMuXCaudX33kTPATeVnIjNbhVC1nj640iEj5nIK3sNz2VShJMrsrlIzjhUNjwVmUMrX1JOX3i4RIqkT1Z7la6k8cA3r6w1jphTi6NM7wZfmOs49+oYHqC4ZsiyIuMvzI2w9VfyFcsYEBsQaPKZxYAb6O7bFBDSZi/The9lhsUYRSgA8EJGb6YgxW1ocXRpb6Lzz21Ika17Ku9Q6RTjUNg2ENM0fJkGCyeunWcdeyjg== Received: from PR3P193CA0051.EURP193.PROD.OUTLOOK.COM (2603:10a6:102:51::26) by MRZP264MB1591.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:17::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22; Fri, 25 Feb 2022 14:57:58 +0000 Received: from PR2FRA01FT011.eop-fra01.prod.protection.outlook.com (2603:10a6:102:51:cafe::2) by PR3P193CA0051.outlook.office365.com (2603:10a6:102:51::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT011.mail.protection.outlook.com (10.152.48.104) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:58 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id 7803520043; Fri, 25 Feb 2022 15:57:58 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v6 06/16] lib: rsa: allow rsa verify with pkey in SPL Date: Fri, 25 Feb 2022 15:57:44 +0100 Message-Id: <20220225145754.30217-7-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 19ad6bf4-049a-402f-4748-08d9f86f365b X-MS-TrafficTypeDiagnostic: MRZP264MB1591:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +PERozI+eMSuBMjd8RA7wHHGoXWxO66x9pteikVa9K2Uv3jI//GmdAKE6OnvK9bHkhIPnFIRMBxtBcnKTLhQmRN/+ggsEsWEJuAKiDvxAXxKRGbBsCdX4GSLHRdTG3w414dB3nAy3KgU/Km8ySzR2Z7yEoQ2byBP3xyAABPWI6JzIF2QIXGoduGLnMA1+80144mkebramQKWKfAkgpXtv0qIfZvF9NTNBS1hiwPfM4XzKpQ3wEd4zmR5U/WQI2zHI9mnd0pbhPG4cVTar+RQOqQ1n16g6j3/Q9VFcNxziv7G4rfST9u+BkDP0UlC5n1rXvWocbrKEyI98bYs1dIJzPZ2N291HJNWse7OpP7c609Xh4ql4+kiCK7orlWRnAXVUkQF8xP4M5Q2+kHJxDTS2fKKh6sPtRK+TSIw1ck/Cq+5SLZACNeIVt2WTzwiTopOpnCX5yj91Uus0uZvjpoHCb2gAIPRfEvhjruFBoqZ1IyZaW6eR0irgs6iGITXbEV4eGhde0DR9/ZDXJyfQxcr/XGstsEVgLqF+sUtH8ftiX/IgYAcjBjNJPZ3LxesepcvvepdZkIRhh76D0FC1zkNc+IPgdi5FL0ooMqVZmL5jH3RImQIn5nPOPlUtTqiGXcHnvNTlOmQ+caE+zDiyKG5y7jzSlZKeNFjhRfKM9HPwsUugOgrtpH5AHQe7EAYF6ztTBwp5IWDbiihJxrwd26ynw== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(82310400004)(6666004)(1076003)(15650500001)(40460700003)(86362001)(4326008)(6966003)(26005)(83380400001)(186003)(336012)(5660300002)(6266002)(426003)(8676002)(81166007)(70206006)(508600001)(44832011)(356005)(47076005)(2616005)(316002)(82960400001)(70586007)(36756003)(36860700001)(2906002)(8936002)(107886003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:57:58.6333 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 19ad6bf4-049a-402f-4748-08d9f86f365b X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT011.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MRZP264MB1591 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean This commit adds the option SPL_RSA_VERIFY_WITH_PKEY. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- lib/rsa/Kconfig | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index be9775bcce..b773f17c26 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -47,6 +47,25 @@ config RSA_VERIFY_WITH_PKEY directly specified in image_sign_info, where all the necessary key properties will be calculated on the fly in verification code. +config SPL_RSA_VERIFY_WITH_PKEY + bool "Execute RSA verification without key parameters from FDT within SPL" + depends on SPL + select SPL_RSA_VERIFY + select SPL_ASYMMETRIC_KEY_TYPE + select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_RSA_PUBLIC_KEY_PARSER + help + The standard RSA-signature verification code (FIT_SIGNATURE) uses + pre-calculated key properties, that are stored in fdt blob, in + decrypting a signature. + This does not suit the use case where there is no way defined to + provide such additional key properties in standardized form, + particularly UEFI secure boot. + This options enables RSA signature verification with a public key + directly specified in image_sign_info, where all the necessary + key properties will be calculated on the fly in verification code + in the SPL. + config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" depends on DM From patchwork Fri Feb 25 14:57:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1597738 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=sbNR76R5; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tHW2BYxz9sFs for ; Sat, 26 Feb 2022 02:00:23 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 7746883C58; Fri, 25 Feb 2022 15:59:32 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="sbNR76R5"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 5678C83B6D; Fri, 25 Feb 2022 15:58:18 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0628.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::628]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 0F38183B6D for ; Fri, 25 Feb 2022 15:58:01 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LFbfhbXz830YxEolU4zEsqFtlE/p77OzTR04FgEyOlC0edgUh1f3tfU0pkas2kh0HoJeJ51ciyvxso9VDscR8mVVtyAwxKhht41xB+CR8JmHK5JuhmuEl50OkDna9z0VFtVXyGQ7+fyldHhNz5jm181pCkI4gxFfXqr2Vq428yMNNYo6gMqLzfUtukvRFeuAl6pIY1d6Z+JSY5AA4D4tg/z1qMd71Gd8dPg673c3NENDkSQq343xj4Es3uJEE+Iw3zXrAQ3FO1WLj7nMVTSbcOBOAoza+R7EGhdFV8X403BiMbgfgiWtfFe+Y4kPKkyaLllXaGTxulLIn9i4/LNrOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=c4ZuVGfhPNf2vwESW8gIOIVLVGUaDA185MLvxKC9TNQ=; b=DgQx0q6Q1pm2JJ2GGOC31/ScXPzfYSgugnJ4VOHwsKFif32AmLvSm4sQnn1MOCT0iPPGNyO5EUYrwkTJow9dnMAX2IR6F1Gp1vqFY7eqTqwWDENHppK7F040YGfCbxqV+P6xL2pE+1EQqXTq0t2ZH2g10WkpaKaVZmPXcjPlhbTqaMc2QihiZ3uhEqCRcu4TvZrpuEu6+drOx3AQE/uth0ZnRwITJ/aRAK5uHweQ5mUC9/Vf6WB5803bKCAKAECuImvlNTQzQUJQ4AueDKgpOdvtdanUnV7ACgzYjbB9wKvNFnUUQfFeF+APFkeslw/CSSfTyBBMChvqDGqwN57hvQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c4ZuVGfhPNf2vwESW8gIOIVLVGUaDA185MLvxKC9TNQ=; b=sbNR76R5F9RAqixQ/Jk7sMQC/ZQPeLGeq9iP1sRyLbiRuCAu1dNRkXZ0rhV/3+RaFsYTq83M2EK78/cER499Bnsl2tgh+nP+xsvIE180XU/4tTy+w5+Yr2tmULLlq9fZyrrbU6crZ4kwkdMqnmQPEoE2gJqgwttxI7ZgHSBXfGsynEX6hj456uoY0Xhph/HaMuV9vKQhwDOI11KC/6R4Op4l/tp93h7GueWiFhgICuQhZ/9TxZJjJd+RNoPVdYXGhjGuXwowjF/t7QU6j7bCVa7WdWWZ20kEPmQS5YuEeg7b5obXbRXPGOsaaFOC9PX1xK+DEUJ80DJYo7aDoRVOCA== Received: from PR3P189CA0077.EURP189.PROD.OUTLOOK.COM (2603:10a6:102:b4::22) by PR1P264MB3447.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:182::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22; Fri, 25 Feb 2022 14:57:59 +0000 Received: from MR2FRA01FT013.eop-fra01.prod.protection.outlook.com (2603:10a6:102:b4:cafe::f1) by PR3P189CA0077.outlook.office365.com (2603:10a6:102:b4::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.21 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by MR2FRA01FT013.mail.protection.outlook.com (10.152.50.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:58 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id 95F891FF30; Fri, 25 Feb 2022 15:57:58 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v6 07/16] boot: image: add a stage pre-load Date: Fri, 25 Feb 2022 15:57:45 +0100 Message-Id: <20220225145754.30217-8-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: e5f47d43-d487-4f36-4c2a-08d9f86f3686 X-MS-TrafficTypeDiagnostic: PR1P264MB3447:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ferDCgfqJ7dfveEExDq8/Z4Se/xoHCqmcXE5pTsfHGD/MzFzudRImX1BXtoWl7e7Z060nAjBuo5pDlUe8bJ45PgGnUYazfSKvLkquqCEnNFNJIDuDLCowxeMEqGc60nPsr80D+nM5yS4XnvVBYuscmQ4NkgFQxczq5Iic9TC2kp1cZKsjir2OdLbLdk2VzFm+623vqGlvCn5JUQpVIthPOSLyyVQM/wrdBwJSBGVn1CtQzjTQuuYPngXElr0jr4GkKUPNa7/T7C3sJXLdM0X2kZlvKHdVFbel9hcczUl4ufofFupV4VQuDroDbLsEKgudkpdVuC3iaTi/RLJ0H+Y0c6ovohs8lepQ9LdYwL87fUMEKBtcdnIj5e7xyGiy4z/AKOB1ncHduKVFGXjjLNXSHpb7EpdwoosNrcvzr6NT/u+iI4SmPYFfdq2Bh1p4leBleUTTKs93QeFW9VnajLbMJtsK3Eh9c1r7n5H03s6UVKcfADzMqHz6UsOa/mlhQJV3BouyvYXH9blGON11M1meK+IE9K7+6BJG3VHptteWImgbqnYcTTh7dzaDIlkhtqEQhv09X6hWhpyNaqxOEGZm/iKZL0gFsocivNRJ4XtalLQz/IoAxKSZOzEtU5bHbl4Y1rQooxQAa+VO7aGdz2lSTD+9PnknfEt4dpWjhkOQ98MFCG/q0PU1DSr1syMkRPoglVc+B0h065iFcy8Ou0jgQ== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(81166007)(36860700001)(6966003)(508600001)(2906002)(4326008)(8676002)(2616005)(8936002)(82960400001)(316002)(356005)(36756003)(83380400001)(47076005)(107886003)(186003)(70206006)(40460700003)(82310400004)(44832011)(70586007)(26005)(30864003)(5660300002)(1076003)(6666004)(426003)(6266002)(336012)(86362001)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:57:58.8840 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e5f47d43-d487-4f36-4c2a-08d9f86f3686 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: MR2FRA01FT013.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR1P264MB3447 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Add a stage pre-load that could check or modify an image. For the moment, only a header with a signature is supported. This header has the following format: - magic : 4 bytes - version : 4 bytes - header size : 4 bytes - image size : 4 bytes - offset image signature : 4 bytes - flags : 4 bytes - reserved0 : 4 bytes - reserved1 : 4 bytes - sha256 of the image signature : 32 bytes - signature of the first 64 bytes : n bytes - image signature : n bytes - padding : up to header size The stage uses a node /image/pre-load/sig to get some informations: - algo-name (mandatory) : name of the algo used to sign - padding-name : name of padding used to sign - signature-size : size of the signature (in the header) - mandatory : set to yes if this sig is mandatory - public-key (madatory) : value of the public key Before running the image, the stage pre-load checks the signature provided in the header. This is an initial support, later we could add the support of: - ciphering - uncompressing - ... Signed-off-by: Philippe Reynes --- boot/Kconfig | 55 ++++++ boot/Makefile | 1 + boot/image-pre-load.c | 416 ++++++++++++++++++++++++++++++++++++++++++ include/image.h | 14 ++ 4 files changed, 486 insertions(+) create mode 100644 boot/image-pre-load.c diff --git a/boot/Kconfig b/boot/Kconfig index b83a4e8400..cb5f48dcf9 100644 --- a/boot/Kconfig +++ b/boot/Kconfig @@ -993,6 +993,61 @@ config AUTOBOOT_MENU_SHOW endmenu +menu "Image support" + +config IMAGE_PRE_LOAD + bool "Image pre-load support" + help + Enable an image pre-load stage in the SPL. + This pre-load stage allows to do some manipulation + or check (for example signature check) on an image + before launching it. + +config SPL_IMAGE_PRE_LOAD + bool "Image pre-load support within SPL" + depends on SPL && IMAGE_PRE_LOAD + help + Enable an image pre-load stage in the SPL. + This pre-load stage allows to do some manipulation + or check (for example signature check) on an image + before launching it. + +config IMAGE_PRE_LOAD_SIG + bool "Image pre-load signature support" + depends on IMAGE_PRE_LOAD + select FIT_SIGNATURE + select RSA + select RSA_VERIFY_WITH_PKEY + help + Enable signature check support in the pre-load stage. + For this feature a very simple header is added before + the image with few fields: + - a magic + - the image size + - the signature + All other information (header size, type of signature, + ...) are provided in the node /image/pre-load/sig of + u-boot. + +config SPL_IMAGE_PRE_LOAD_SIG + bool "Image pre-load signature support witin SPL" + depends on SPL_IMAGE_PRE_LOAD && IMAGE_PRE_LOAD_SIG + select SPL_FIT_SIGNATURE + select SPL_RSA + select SPL_RSA_VERIFY_WITH_PKEY + help + Enable signature check support in the pre-load stage in the SPL. + For this feature a very simple header is added before + the image with few fields: + - a magic + - the image size + - the signature + All other information (header size, type of signature, + ...) are provided in the node /image/pre-load/sig of + u-boot. + +endmenu + config USE_BOOTARGS bool "Enable boot arguments" help diff --git a/boot/Makefile b/boot/Makefile index 2938c3f145..59752c65ca 100644 --- a/boot/Makefile +++ b/boot/Makefile @@ -26,6 +26,7 @@ obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += image-fdt.o obj-$(CONFIG_$(SPL_TPL_)FIT_SIGNATURE) += fdt_region.o obj-$(CONFIG_$(SPL_TPL_)FIT) += image-fit.o obj-$(CONFIG_$(SPL_)MULTI_DTB_FIT) += boot_fit.o common_fit.o +obj-$(CONFIG_$(SPL_TPL_)IMAGE_PRE_LOAD) += image-pre-load.o obj-$(CONFIG_$(SPL_TPL_)IMAGE_SIGN_INFO) += image-sig.o obj-$(CONFIG_$(SPL_TPL_)FIT_SIGNATURE) += image-fit-sig.o obj-$(CONFIG_$(SPL_TPL_)FIT_CIPHER) += image-cipher.o diff --git a/boot/image-pre-load.c b/boot/image-pre-load.c new file mode 100644 index 0000000000..78d89069a9 --- /dev/null +++ b/boot/image-pre-load.c @@ -0,0 +1,416 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (C) 2021 Philippe Reynes + */ + +#include +#include +DECLARE_GLOBAL_DATA_PTR; +#include +#include + +#include + +#define IMAGE_PRE_LOAD_SIG_MAGIC 0x55425348 +#define IMAGE_PRE_LOAD_SIG_OFFSET_MAGIC 0 +#define IMAGE_PRE_LOAD_SIG_OFFSET_IMG_LEN 4 +#define IMAGE_PRE_LOAD_SIG_OFFSET_SIG 8 + +#define IMAGE_PRE_LOAD_PATH "/image/pre-load/sig" +#define IMAGE_PRE_LOAD_PROP_ALGO_NAME "algo-name" +#define IMAGE_PRE_LOAD_PROP_PADDING_NAME "padding-name" +#define IMAGE_PRE_LOAD_PROP_SIG_SIZE "signature-size" +#define IMAGE_PRE_LOAD_PROP_PUBLIC_KEY "public-key" +#define IMAGE_PRE_LOAD_PROP_MANDATORY "mandatory" + +#ifndef CONFIG_SYS_BOOTM_LEN +/* use 8MByte as default max gunzip size */ +#define CONFIG_SYS_BOOTM_LEN 0x800000 +#endif + +/* + * Information in the device-tree about the signature in the header + */ +struct image_sig_info { + char *algo_name; /* Name of the algo (eg: sha256,rsa2048) */ + char *padding_name; /* Name of the padding */ + u8 *key; /* Public signature key */ + int key_len; /* Length of the public key */ + u32 sig_size; /* size of the signature (in the header) */ + int mandatory; /* Set if the signature is mandatory */ + + struct image_sign_info sig_info; /* Signature info */ +}; + +/* + * Header of the signature header + */ +struct sig_header_s { + u32 magic; + u32 version; + u32 header_size; + u32 image_size; + u32 offset_img_sig; + u32 flags; + u32 reserved0; + u32 reserved1; + u8 sha256_img_sig[SHA256_SUM_LEN]; +}; + +#define SIG_HEADER_LEN (sizeof(struct sig_header_s)) + +/* + * Offset of the image + * + * This value is used to skip the header before really launching the image + */ +ulong image_load_offset; + +/* + * This function gathers information about the signature check + * that could be done before launching the image. + * + * return: + * < 0 => an error has occurred + * 0 => OK + * 1 => no setup + */ +static int image_pre_load_sig_setup(struct image_sig_info *info) +{ + const void *algo_name, *padding_name, *key, *mandatory; + const u32 *sig_size; + int key_len; + int node, ret = 0; + + if (!info) { + log_err("ERROR: info is NULL for image pre-load sig check\n"); + ret = -EINVAL; + goto out; + } + + memset(info, 0, sizeof(*info)); + + node = fdt_path_offset(gd_fdt_blob(), IMAGE_PRE_LOAD_PATH); + if (node < 0) { + log_info("INFO: no info for image pre-load sig check\n"); + ret = 1; + goto out; + } + + algo_name = fdt_getprop(gd_fdt_blob(), node, + IMAGE_PRE_LOAD_PROP_ALGO_NAME, NULL); + if (!algo_name) { + printf("ERROR: no algo_name for image pre-load sig check\n"); + ret = -EINVAL; + goto out; + } + + padding_name = fdt_getprop(gd_fdt_blob(), node, + IMAGE_PRE_LOAD_PROP_PADDING_NAME, NULL); + if (!padding_name) { + log_info("INFO: no padding_name provided, so using pkcs-1.5\n"); + padding_name = "pkcs-1.5"; + } + + sig_size = fdt_getprop(gd_fdt_blob(), node, + IMAGE_PRE_LOAD_PROP_SIG_SIZE, NULL); + if (!sig_size) { + log_err("ERROR: no signature-size for image pre-load sig check\n"); + ret = -EINVAL; + goto out; + } + + key = fdt_getprop(gd_fdt_blob(), node, + IMAGE_PRE_LOAD_PROP_PUBLIC_KEY, &key_len); + if (!key) { + log_err("ERROR: no key for image pre-load sig check\n"); + ret = -EINVAL; + goto out; + } + + info->algo_name = (char *)algo_name; + info->padding_name = (char *)padding_name; + info->key = (uint8_t *)key; + info->key_len = key_len; + info->sig_size = fdt32_to_cpu(*sig_size); + + mandatory = fdt_getprop(gd_fdt_blob(), node, + IMAGE_PRE_LOAD_PROP_MANDATORY, NULL); + if (mandatory && !strcmp((char *)mandatory, "yes")) + info->mandatory = 1; + + /* Compute signature information */ + info->sig_info.name = info->algo_name; + info->sig_info.padding = image_get_padding_algo(info->padding_name); + info->sig_info.checksum = image_get_checksum_algo(info->sig_info.name); + info->sig_info.crypto = image_get_crypto_algo(info->sig_info.name); + info->sig_info.key = info->key; + info->sig_info.keylen = info->key_len; + + out: + return ret; +} + +static int image_pre_load_sig_get_magic(ulong addr, u32 *magic) +{ + struct sig_header_s *sig_header; + int ret = 0; + + sig_header = (struct sig_header_s *)map_sysmem(addr, SIG_HEADER_LEN); + if (!sig_header) { + log_err("ERROR: can't map first header\n"); + ret = -EFAULT; + goto out; + } + + *magic = fdt32_to_cpu(sig_header->magic); + + unmap_sysmem(sig_header); + + out: + return ret; +} + +static int image_pre_load_sig_get_header_size(ulong addr, u32 *header_size) +{ + struct sig_header_s *sig_header; + int ret = 0; + + sig_header = (struct sig_header_s *)map_sysmem(addr, SIG_HEADER_LEN); + if (!sig_header) { + log_err("ERROR: can't map first header\n"); + ret = -EFAULT; + goto out; + } + + *header_size = fdt32_to_cpu(sig_header->header_size); + + unmap_sysmem(sig_header); + + out: + return ret; +} + +/* + * return: + * < 0 => no magic and magic mandatory (or error when reading magic) + * 0 => magic found + * 1 => magic NOT found + */ +static int image_pre_load_sig_check_magic(struct image_sig_info *info, ulong addr) +{ + u32 magic; + int ret = 1; + + ret = image_pre_load_sig_get_magic(addr, &magic); + if (ret < 0) + goto out; + + if (magic != IMAGE_PRE_LOAD_SIG_MAGIC) { + if (info->mandatory) { + log_err("ERROR: signature is mandatory\n"); + ret = -EINVAL; + goto out; + } + ret = 1; + goto out; + } + + ret = 0; /* magic found */ + + out: + return ret; +} + +static int image_pre_load_sig_check_header_sig(struct image_sig_info *info, ulong addr) +{ + void *header; + struct image_region reg; + u32 sig_len; + u8 *sig; + int ret = 0; + + /* Only map header of the header and its signature */ + header = (void *)map_sysmem(addr, SIG_HEADER_LEN + info->sig_size); + if (!header) { + log_err("ERROR: can't map header\n"); + ret = -EFAULT; + goto out; + } + + reg.data = header; + reg.size = SIG_HEADER_LEN; + + sig = (uint8_t *)header + SIG_HEADER_LEN; + sig_len = info->sig_size; + + ret = info->sig_info.crypto->verify(&info->sig_info, ®, 1, sig, sig_len); + if (ret) { + log_err("ERROR: header signature check has failed (err=%d)\n", ret); + ret = -EINVAL; + goto out_unmap; + } + + out_unmap: + unmap_sysmem(header); + + out: + return ret; +} + +static int image_pre_load_sig_check_img_sig_sha256(struct image_sig_info *info, ulong addr) +{ + struct sig_header_s *sig_header; + u32 header_size, offset_img_sig; + void *header; + u8 sha256_img_sig[SHA256_SUM_LEN]; + int ret = 0; + + sig_header = (struct sig_header_s *)map_sysmem(addr, SIG_HEADER_LEN); + if (!sig_header) { + log_err("ERROR: can't map first header\n"); + ret = -EFAULT; + goto out; + } + + header_size = fdt32_to_cpu(sig_header->header_size); + offset_img_sig = fdt32_to_cpu(sig_header->offset_img_sig); + + header = (void *)map_sysmem(addr, header_size); + if (!header) { + log_err("ERROR: can't map header\n"); + ret = -EFAULT; + goto out_sig_header; + } + + sha256_csum_wd(header + offset_img_sig, info->sig_size, + sha256_img_sig, CHUNKSZ_SHA256); + + ret = memcmp(sig_header->sha256_img_sig, sha256_img_sig, SHA256_SUM_LEN); + if (ret) { + log_err("ERROR: sha256 of image signature is invalid\n"); + ret = -EFAULT; + goto out_header; + } + + out_header: + unmap_sysmem(header); + out_sig_header: + unmap_sysmem(sig_header); + out: + return ret; +} + +static int image_pre_load_sig_check_img_sig(struct image_sig_info *info, ulong addr) +{ + struct sig_header_s *sig_header; + u32 header_size, image_size, offset_img_sig; + void *image; + struct image_region reg; + u32 sig_len; + u8 *sig; + int ret = 0; + + sig_header = (struct sig_header_s *)map_sysmem(addr, SIG_HEADER_LEN); + if (!sig_header) { + log_err("ERROR: can't map first header\n"); + ret = -EFAULT; + goto out; + } + + header_size = fdt32_to_cpu(sig_header->header_size); + image_size = fdt32_to_cpu(sig_header->image_size); + offset_img_sig = fdt32_to_cpu(sig_header->offset_img_sig); + + unmap_sysmem(sig_header); + + image = (void *)map_sysmem(addr, header_size + image_size); + if (!image) { + log_err("ERROR: can't map full image\n"); + ret = -EFAULT; + goto out; + } + + reg.data = image + header_size; + reg.size = image_size; + + sig = (uint8_t *)image + offset_img_sig; + sig_len = info->sig_size; + + ret = info->sig_info.crypto->verify(&info->sig_info, ®, 1, sig, sig_len); + if (ret) { + log_err("ERROR: signature check has failed (err=%d)\n", ret); + ret = -EINVAL; + goto out_unmap_image; + } + + log_info("INFO: signature check has succeed\n"); + + out_unmap_image: + unmap_sysmem(image); + + out: + return ret; +} + +int image_pre_load_sig(ulong addr) +{ + struct image_sig_info info; + int ret; + + ret = image_pre_load_sig_setup(&info); + if (ret < 0) + goto out; + if (ret > 0) { + ret = 0; + goto out; + } + + ret = image_pre_load_sig_check_magic(&info, addr); + if (ret < 0) + goto out; + if (ret > 0) { + ret = 0; + goto out; + } + + /* Check the signature of the signature header */ + ret = image_pre_load_sig_check_header_sig(&info, addr); + if (ret < 0) + goto out; + + /* Check sha256 of the image signature */ + ret = image_pre_load_sig_check_img_sig_sha256(&info, addr); + if (ret < 0) + goto out; + + /* Check the image signature */ + ret = image_pre_load_sig_check_img_sig(&info, addr); + if (!ret) { + u32 header_size; + + ret = image_pre_load_sig_get_header_size(addr, &header_size); + if (ret) { + log_err("%s: can't get header size\n", __func__); + ret = -EINVAL; + goto out; + } + + image_load_offset += header_size; + } + + out: + return ret; +} + +int image_pre_load(ulong addr) +{ + int ret = 0; + + image_load_offset = 0; + + if (CONFIG_IS_ENABLED(IMAGE_PRE_LOAD_SIG)) + ret = image_pre_load_sig(addr); + + return ret; +} diff --git a/include/image.h b/include/image.h index 97e5f2eb24..fbcf70f5e4 100644 --- a/include/image.h +++ b/include/image.h @@ -48,6 +48,7 @@ struct fdt_region; extern ulong image_load_addr; /* Default Load Address */ extern ulong image_save_addr; /* Default Save Address */ extern ulong image_save_size; /* Default Save Size */ +extern ulong image_load_offset; /* Default Load Address Offset */ /* An invalid size, meaning that the image size is not known */ #define IMAGE_SIZE_INVAL (-1UL) @@ -1323,6 +1324,19 @@ struct crypto_algo *image_get_crypto_algo(const char *full_name); */ struct padding_algo *image_get_padding_algo(const char *name); +/** + * image_pre_load() - Manage pre load header + * + * Manage the pre-load header before launching the image. + * It checks the signature of the image. It also set the + * variable image_load_offset to skip this header before + * launching the image. + * + * @param addr Address of the image + * @return: 0 on success, -ve on error + */ +int image_pre_load(ulong addr); + /** * fit_image_verify_required_sigs() - Verify signatures marked as 'required' * From patchwork Fri Feb 25 14:57:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1597729 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=lm25tJ+1; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tFT4tMZz9sFs for ; Sat, 26 Feb 2022 01:58:37 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C4D2283B6D; Fri, 25 Feb 2022 15:58:19 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="lm25tJ+1"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8319B837F6; Fri, 25 Feb 2022 15:58:08 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-PR2-obe.outbound.protection.outlook.com (mail-pr2fra01on062b.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e18::62b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 5BA29837F6 for ; Fri, 25 Feb 2022 15:58:00 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mFXK5JkSsyFhwD2a68Zpi7jQ2Gc+hp5V+qgsu7OEgq+NLU1kB5K9sfpsqv7FVUZgfVRJ/tZRHPLswWSoUNMrj81qxwtSmrA6yiznZ858ms3rRnSPg1PRF1lbk7V40Lw1y0efGZHbPwNAAIvOHh+xvt2G2wbhZP666z7KzCipWE1/kuqbieEyy9b7/T+/r8ayHbguSLDJeU2o/a4p/BzoU4VypqLAp7S/OzP1/Saj7XtT8DHyOCLHQnJzXF+WCDQE5RspBmFi+S4w8Wz59Q4ac6bl/azYAFjOOnIyxDHCV8hneSPmoZJzhUDd08DEkk3LBvMmjxEXo2rGbdoYYlPbtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ju+dTXHCzQooHwcbiAdS2U9QZQ8pwu8wOZw1KOIa7qs=; b=oa+OOmlf1h4gA1iiKxf5CA0dy0JVLgxywhokmn4ZaK9yyM+04/kFLinfLabgugt5TdmgPYJ2IvNuHvllAy2//kq3N0eejPl/y44ZnBpTM6hagI+O4FuakzltnxHTfV6aOKi5tWucVzIp/xnlXTyNFOtS3+tFS4lSfJX+MdMipxmwg1mvIfR/ovEoqX541J7jkOjesH1t8AcbML7t/1cCZRCSSz7vD2kekOeqEtyqQ0dJlv6HUNUszV6dLkA8cSVasJEIeF+QlCyy6Uclok73AfRhXtS5gNuSbFXC1rPLWpN0s1kBSC5EFid1QI+Fj1D4qCY7T2ctIzogIwdAo1rbLg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ju+dTXHCzQooHwcbiAdS2U9QZQ8pwu8wOZw1KOIa7qs=; b=lm25tJ+1gxfNevi9+B+F+mlvUKxwLLqJopUTeDqAyzI+UmKXj7wARu5EOhZ35uP7o/fHbYoYqRK6gNkAnXy9KiLr9ig35friRjVPG4i6qwQfW75XRwXrHOs54cBd6M4tmt4SWPslqVlymyNwh2j/iMe/1EGorRTYmja7nCWkCjjzlf99NWP50JdgvUBdFZ4RpyPTABRhCwDsnLuSFVa+LXWcyxZ6CuBvf64WFe4YcIuG/0529Usy6W7mHpn81qq4ndBBXH+STRjfPRVCYF1z89fpuqWXh7crVGSk3cIytr8l3pH8LEJnjShk+HoLt7wnXRtcko6sTghsYJ30bshW2w== Received: from PR0P264CA0212.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:1f::32) by PAZP264MB2589.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:1e4::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22; Fri, 25 Feb 2022 14:57:59 +0000 Received: from PR2FRA01FT001.eop-fra01.prod.protection.outlook.com (2603:10a6:100:1f:cafe::40) by PR0P264CA0212.outlook.office365.com (2603:10a6:100:1f::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.21 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT001.mail.protection.outlook.com (10.152.48.94) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:58 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id B9A3C20032; Fri, 25 Feb 2022 15:57:58 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v6 08/16] cmd: bootm: add a stage pre-load Date: Fri, 25 Feb 2022 15:57:46 +0100 Message-Id: <20220225145754.30217-9-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 6fea1aeb-9c8e-419a-53bb-08d9f86f368f X-MS-TrafficTypeDiagnostic: PAZP264MB2589:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 5dYIdR2n6iFYi1E3gbDKEGIorzFoDtCEsT743gx+1FQddkfW4xWmFH8ZH82YtvpOqlTqJ14bSKFon88nGJuRKGZpoGrMPeIfnlZCi+cUsA9hgeGU9bmRQuQopiX088kJxFWCr3B5S+yE3CKFiNTQ9qqUshRyNsTInexPLzYrWiIz15jCDRubOmtWM5EWXEzEbCsQsH3Ce466Rke58/NeH6mZ+lcdtmT1QEZpscKuGR0wbj13n2dEMIE+apJZkm8tLmRR5fgBAZTfNi6sCWBzEq9sEIbrqMDfLo+OkK+alcOdB/yQQ4JivQPPgU8qUvW2iEFPxPOmVGj4hQLz3KfeOuyX0+sqKWqDJna9pQzXnpVyQF9CucE4RM5EBnNxC+QZyrzAykzT5Vi0peR/xHNMA41wLcy2PHS85BkUxEXnOgFIS/zaB14SIcHleq6M39BKWbSpJt1L1HS2W7encxX3NPhQ873HdmXe9FOIWg4UeD5HJLRocqkkX0jXBwz3lS6dpfIeoC8EhH12wizVQPk0Zw9Kl5QqgvErMmXvRwpWTkphhY6hAPQA7Ao39b/2Kf30SySll0DFfwJm3YkJyO8ktMpFsbJvz+hO889ewX/xM2LpbLd3PsLUrj/D+2exY4yA1w6zNGv21w5eIMo+t+1smnVlJdoIuEQZX8l1vV58mrjdTRCuTgMOhNBNnuD2PfHwhGiQEx1GS6F9Qxg8a2cvuw== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(8936002)(70206006)(1076003)(8676002)(70586007)(107886003)(4326008)(47076005)(316002)(6966003)(86362001)(36756003)(2616005)(36860700001)(82310400004)(2906002)(44832011)(6266002)(26005)(186003)(356005)(6666004)(81166007)(336012)(426003)(508600001)(82960400001)(40460700003)(5660300002)(83380400001)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:57:58.9744 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6fea1aeb-9c8e-419a-53bb-08d9f86f368f X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT001.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAZP264MB2589 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Add a stage pre-load to the command bootm. Right now, this stage may be used to read a header and check the signature of the full image. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- boot/bootm.c | 33 +++++++++++++++++++++++++++++++++ cmd/Kconfig | 10 ++++++++++ cmd/bootm.c | 2 +- include/image.h | 1 + 4 files changed, 45 insertions(+), 1 deletion(-) diff --git a/boot/bootm.c b/boot/bootm.c index 00c00aef84..714406ab66 100644 --- a/boot/bootm.c +++ b/boot/bootm.c @@ -87,6 +87,33 @@ static int bootm_start(struct cmd_tbl *cmdtp, int flag, int argc, return 0; } +static ulong bootm_data_addr(int argc, char *const argv[]) +{ + ulong addr; + + if (argc > 0) + addr = simple_strtoul(argv[0], NULL, 16); + else + addr = image_load_addr; + + return addr; +} + +static int bootm_pre_load(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + ulong data_addr = bootm_data_addr(argc, argv); + int ret = 0; + + if (CONFIG_IS_ENABLED(CMD_BOOTM_PRE_LOAD)) + ret = image_pre_load(data_addr); + + if (ret) + ret = CMD_RET_FAILURE; + + return ret; +} + static int bootm_find_os(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { @@ -677,6 +704,9 @@ int do_bootm_states(struct cmd_tbl *cmdtp, int flag, int argc, if (states & BOOTM_STATE_START) ret = bootm_start(cmdtp, flag, argc, argv); + if (!ret && (states & BOOTM_STATE_PRE_LOAD)) + ret = bootm_pre_load(cmdtp, flag, argc, argv); + if (!ret && (states & BOOTM_STATE_FINDOS)) ret = bootm_find_os(cmdtp, flag, argc, argv); @@ -866,6 +896,9 @@ static const void *boot_get_kernel(struct cmd_tbl *cmdtp, int flag, int argc, &fit_uname_config, &fit_uname_kernel); + if (CONFIG_IS_ENABLED(CMD_BOOTM_PRE_LOAD)) + img_addr += image_load_offset; + bootstage_mark(BOOTSTAGE_ID_CHECK_MAGIC); /* check image type, for FIT images get FIT kernel node */ diff --git a/cmd/Kconfig b/cmd/Kconfig index 5e25e45fd2..87aa3fb11a 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -194,6 +194,16 @@ config CMD_BOOTM help Boot an application image from the memory. +config CMD_BOOTM_PRE_LOAD + bool "enable pre-load on bootm" + depends on CMD_BOOTM + depends on IMAGE_PRE_LOAD + default n + help + Enable support of stage pre-load for the bootm command. + This stage allow to check or modify the image provided + to the bootm command. + config BOOTM_EFI bool "Support booting UEFI FIT images" depends on CMD_BOOTEFI && CMD_BOOTM && FIT diff --git a/cmd/bootm.c b/cmd/bootm.c index e8b7066888..c5de339fba 100644 --- a/cmd/bootm.c +++ b/cmd/bootm.c @@ -126,7 +126,7 @@ int do_bootm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) } return do_bootm_states(cmdtp, flag, argc, argv, BOOTM_STATE_START | - BOOTM_STATE_FINDOS | BOOTM_STATE_FINDOTHER | + BOOTM_STATE_FINDOS | BOOTM_STATE_PRE_LOAD | BOOTM_STATE_FINDOTHER | BOOTM_STATE_LOADOS | #ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH BOOTM_STATE_RAMDISK | diff --git a/include/image.h b/include/image.h index fbcf70f5e4..496b7af3f3 100644 --- a/include/image.h +++ b/include/image.h @@ -351,6 +351,7 @@ typedef struct bootm_headers { #define BOOTM_STATE_OS_PREP (0x00000100) #define BOOTM_STATE_OS_FAKE_GO (0x00000200) /* 'Almost' run the OS */ #define BOOTM_STATE_OS_GO (0x00000400) +#define BOOTM_STATE_PRE_LOAD 0x00000800 int state; #if defined(CONFIG_LMB) && !defined(USE_HOSTCC) From patchwork Fri Feb 25 14:57:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1597736 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=IHn8/LcG; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tGz18mbz9sFs for ; Sat, 26 Feb 2022 01:59:55 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C5E9583D00; Fri, 25 Feb 2022 15:58:53 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="IHn8/LcG"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 50B9883A66; Fri, 25 Feb 2022 15:58:15 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0628.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::628]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 0A71283B62 for ; Fri, 25 Feb 2022 15:58:01 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LorbS49o53Az6nZiu1/aVfmZqPK84Cg/CC+o/IHxzGhwEUNCw3YeWi+wrl8wkLQBS0Zruk+geF7sGKO7IkYTdSV2+DJME60kUHKkewkrQOM09UmLAOSGBKnrip9nHBFJOcKP7VGmAzJqiv1dB+yuxfgofL662xprgItQj2hws7Ocay+NgJga5d9F5vluWJfWwxIXIcV969ZhTbAch0jiim1fzcvGnmnOnERNqqmA5p5TorV4NkfPGV72lJ67RnzvR8cwwuToRDvbJV/hNBPgH187G6gZBZ6hv1fQQ+267Uu9KH5v9PBc3r2LulnduS6C60l3NsWQBVBC5mFBqh6YlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2pEEYn7nnzZOZl+jy0l51f0ICxwClBxOskAf3YPTKbM=; b=KnX1uZ9siLRchxlD16xIb9RKHJwRUxm1mZHc+klO+CeuSQAOhmDgl/EyK6qYfixp/SOyg34VdwNJJ0QVns/xwPK7KKSNiPPg+fRtITmOVV3VXtp43opWxQaZ9AJYE286z++uH0kdoWmCV8CRTFyo1bxms15FrRGgEJMtmTnfaxLXEUA0Q9aE9M80J6qXF4Mn7NUCY84HBjD5hl4AGmQyYcOj++o9dZ3CcbRZpZzsWiSMm40rtC/91a2jCoqknm4TqBULVDc82jKV3tvA82daJK0k+iVitHOhtE+xORegFBmgr2KIA9Eo/tUqW1FvlFRD35Nct+0XJwmBefNVhNvvOw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2pEEYn7nnzZOZl+jy0l51f0ICxwClBxOskAf3YPTKbM=; b=IHn8/LcG/5b3LlM31w46JqcVS0XMeEx3M5eeNA4lhk+OuxljFD2joVCix3x6guQ68WV8SBzTz14CFyOayo+lHlWTFeLvkDT8TnJJ2+tujqXyRNazsQ66T5IRWShYwVumcdP4l8BwVhQLGSvLvAUVg3jAkyRxzxBuWgK4rf3D59BSvrIUN/8rJ6DJ4oiz7YnlVCACk//M7scI47rjvGFKgkkMYz9zhKEXvsR+UQa5q4cyeebHhfQQDqVCa1ste8D4/vbKRPNlrp7pGBUF6ux5Y94izi8OuD9RuDHjq2axc1DtnOuOEMvp3VXprEofk0UV9hTHwK+duAvY9+9WElQRWg== Received: from PR3P193CA0034.EURP193.PROD.OUTLOOK.COM (2603:10a6:102:51::9) by MR2P264MB0083.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:11::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.25; Fri, 25 Feb 2022 14:57:59 +0000 Received: from PR2FRA01FT011.eop-fra01.prod.protection.outlook.com (2603:10a6:102:51:cafe::ef) by PR3P193CA0034.outlook.office365.com (2603:10a6:102:51::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.21 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT011.mail.protection.outlook.com (10.152.48.104) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id D31EF20070; Fri, 25 Feb 2022 15:57:58 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v6 09/16] common: spl: fit_ram: allow to use image pre load Date: Fri, 25 Feb 2022 15:57:47 +0100 Message-Id: <20220225145754.30217-10-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 0c4bf459-84a9-4467-4357-08d9f86f3699 X-MS-TrafficTypeDiagnostic: MR2P264MB0083:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: w7Fk85esMLenoKlAIxGfyitpcPn96hOEja+2xrKBnJYbubl4FvsxeDxnNuvGflTEebEQ9TK3VxuOlQYriUM0IyuuVQOxN5eLJsYySvoZioJViNqAmpZNuS7fiyEhNkwCqEc2rDMdqgt0zEggXmql61wB3JumvZRdTRYMBh+fN5gsqKzfD1AM9feibC/ttfbfspY2Z8cx0ocw9YGq1BhlLVfQ+oTczgFM50VhpQEHXVb1aIlgwn6X4uzmeVVekSXcqiMtjuoHHdP4iz14yH3zQ5ejl3py1Le1+39YOIPsnKfl5seH8NjCD5bCe+fHTH2iBkOGPwdFh9WaL8VUQ3hpirh4/ygWgorySzcHyMOsPaqGQ/YfgjH3FKO1IFdW6IvXqMLmRzUi1LsYyYX5vpSrO2BaGxANCCJEv+9A9iGAs55jjCp8/HV0e8s1B4CQXtPbZQixzzIK4u9tA+lF98mbstoqRL9Kjrr0XoaJIZ7GUsIEhAoGOJY6D1XwF0IT5CXKTHLs3ff47VjfS8gOLEryn21H+gPVw15wDBo/GowtrWFdbHZNVCrOyvFD6hoaNFLY4IipcMkpP0kxsjziCt0f7pBOZkXBdNxNqVGH645Vmm3DbtJ2v7fO/d6D8jVoXVW8JkOm6Rz8Y+FcQE6U8SIFrQPZ9+CzkXlq7g3Dzae8MaLAPQRjSaq/1iaf0G567ramdvXj0w4pZNvWEsATq0M1FA== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(70206006)(70586007)(6266002)(5660300002)(36756003)(2906002)(186003)(426003)(1076003)(508600001)(2616005)(26005)(336012)(82960400001)(107886003)(40460700003)(44832011)(8676002)(4326008)(8936002)(81166007)(47076005)(6966003)(356005)(36860700001)(83380400001)(86362001)(6666004)(82310400004)(316002)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:57:59.0239 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0c4bf459-84a9-4467-4357-08d9f86f3699 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT011.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MR2P264MB0083 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Add the support of image pre load in spl or tpl when loading an image from ram. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- common/spl/spl_ram.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/common/spl/spl_ram.c b/common/spl/spl_ram.c index 3f7f7accc1..8296459257 100644 --- a/common/spl/spl_ram.c +++ b/common/spl/spl_ram.c @@ -24,9 +24,17 @@ static ulong spl_ram_load_read(struct spl_load_info *load, ulong sector, ulong count, void *buf) { + ulong addr; + debug("%s: sector %lx, count %lx, buf %lx\n", __func__, sector, count, (ulong)buf); - memcpy(buf, (void *)(CONFIG_SPL_LOAD_FIT_ADDRESS + sector), count); + + addr = (ulong)CONFIG_SPL_LOAD_FIT_ADDRESS + sector; + if (CONFIG_IS_ENABLED(IMAGE_PRE_LOAD)) + addr += image_load_offset; + + memcpy(buf, (void *)addr, count); + return count; } @@ -37,6 +45,17 @@ static int spl_ram_load_image(struct spl_image_info *spl_image, header = (struct image_header *)CONFIG_SPL_LOAD_FIT_ADDRESS; + if (CONFIG_IS_ENABLED(IMAGE_PRE_LOAD)) { + unsigned long addr = (unsigned long)header; + int ret = image_pre_load(addr); + + if (ret) + return ret; + + addr += image_load_offset; + header = (struct image_header *)addr; + } + #if CONFIG_IS_ENABLED(DFU) if (bootdev->boot_device == BOOT_DEVICE_DFU) spl_dfu_cmd(0, "dfu_alt_info_ram", "ram", "0"); From patchwork Fri Feb 25 14:57:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1597733 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=bRRcceV4; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tGL2bJdz9sFs for ; Sat, 26 Feb 2022 01:59:22 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 449D783D08; Fri, 25 Feb 2022 15:58:40 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="bRRcceV4"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 552B783CD8; Fri, 25 Feb 2022 15:58:12 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-PR2-obe.outbound.protection.outlook.com (mail-pr2fra01on0619.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e18::619]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E8AF583C71 for ; Fri, 25 Feb 2022 15:58:00 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YpkiJzPgQEQemUNbvrW9vvCV1qs5B679VnXdQ4CsOGpB9iQcyrStpla/CqAj1gDGnYVDeVgpYtSh5Zo/2o3ZbVSZ2jVZVavWWC9OLA3YdVFyBQZuVXvSwam0EqI+idlzo+4IsiFu9nmZh8a3mpJ58kBI9CFCQ9uTZigvo9z4vrrBTIZxgazLP5b+b62wcPWYftVW9VPDs9YrBCpEsUbswpK8E+jsV3ehmBZKvQDwt226EWZ+1i0cye7FODflKlKi16A0Js8R28QE2FMhLNMjLF1pgKYnbJBQ1rhopbtyAdxtYEs7w+12I249qw0RUmuciNep88MjWWRqTl2LFCMuew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3117ocJD8AohAUBL8QiIptkwjBvTS/BYiXUa9+8yrLo=; b=GBUa8pY8Nyi9Lhqd1d0HYTXA7c0zQyOvvNuxFIvABuJFQ03JUCvnJ0KSIjr8ZEYbv8b0nTUu+9C8XFtMqWHb0e26aRMizlJNCXu/AQT2HHSPZMBy91BSihL6m8QCs572177sIItVTacleJn7uFBpkAuF9D/zvrHtI+MVuVct4b4c5CZf14KO3+c2XVLbKzzKGYMoznNRBOCGhqBoWxvS3nItj558fL0hWThQEDaXwHc9xPIXiB1VrLTiUaWVjo9Z7MP+yk7m47/Li0EPOPtq9pKTyB0fw98KCRGK/JB36EMwKb8qHy3cvz4uQCDk6S7CoHlRDI2PcKFLlduOSVV0jQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3117ocJD8AohAUBL8QiIptkwjBvTS/BYiXUa9+8yrLo=; b=bRRcceV4Wot15U/Iwf+oE4EUEIo+JOW/wrIo8pv4H0fiqUI0W6bZSt+BMD9aO0arGqYvJkIMMg/ipS1FqRxDwyO3Uh2yXAV2CQYYu4JGgDBslJQzNl2YRBEIgvDMc3CgHUtV1l9Ysj4Rx5bU+mFqZViigs6qrY07gawHbRVK7T7gb2lip9993ZHnk+Z4fNaHtIbpA2CjfQKoGEvxbwMhZu8wYQzko1tOaFTdc0L4viwqUr5/eckmVt/cN/C119MgSWOoMNhgICpI9EVWcZ37oINATTFyG+Lv5XJSfUcO7+flOuvsUdPQ/hXTBgVGYD0EldB9sf0b7Cp6ZsLQdRI8bQ== Received: from PR0P264CA0238.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:1e::34) by PR1P264MB4135.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:253::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.24; Fri, 25 Feb 2022 14:57:59 +0000 Received: from PR2FRA01FT005.eop-fra01.prod.protection.outlook.com (2603:10a6:100:1e:cafe::b4) by PR0P264CA0238.outlook.office365.com (2603:10a6:100:1e::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT005.mail.protection.outlook.com (10.152.48.98) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id F295720037; Fri, 25 Feb 2022 15:57:58 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v6 10/16] mkimage: add public key for image pre-load stage Date: Fri, 25 Feb 2022 15:57:48 +0100 Message-Id: <20220225145754.30217-11-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 42a3a127-cf2d-42be-118b-08d9f86f36ac X-MS-TrafficTypeDiagnostic: PR1P264MB4135:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: qVpn0c10+BZOxwGPduSivGjDLkTVjWcrTRd213Wc29bR56jpPmTr1fz8p+s13PKxrJ5q21HV0AgSKgsI7/Z9iwGDB45p2QIHFBU/qhD1pVUZnZhZxThF6NWoPqzqHs8Urslx3se1jUNbngdAjufIBlzP0X7taXegLhtDIQ6Yx0KO6Y6DitOK6AcS5AF4t/D1SsbOQV4hJ+Miw7U3gv9pd0wVwd/PsQOvBmOAPiiBIlKt/5wG1pZVpF5TKeZPLnR4nHFPE5e4J5T9ZtHi+5d8Q52bd5MHVraGDRCtIE/80wvaGwDOBJ8tgQwv1QhT8XMfXl3IA5JBGuLMZtFjHZ94YPquukTYMgksh4akidjYIyAQ22nIbuzl+mVrYQLKu9PH1L6WUPXJyDXp/nit+5QpEwhKITml3llotl4+Dwm1j3CINoZKeu2QMt0ssGU/2TWphE62sHBlTOGGP0FLS/y7yjtaalqskf+MI3MByyEhVAUaD/uAb7FBl6isgEhJWYrfyyurYiicQ9yJe74pCGrBcdBzsVWw2SqySHuvwdbr4gilWywkEaE92XhB2C/+hevV5puOhBIjJvr3yZqNTYsEDDJnptko1Z785+xMiOXrGPjniwwXkSaZV4SyL0Sgwh+327BZxZPPesoP0U/Ewhqc2mY+PRBl3Sa+7BQIkb3k9XVs2kuktVLh9aUWAdiau9r11fB3L33SkOgxgs4jISW9Gw== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(40460700003)(1076003)(107886003)(2616005)(82310400004)(6666004)(508600001)(82960400001)(81166007)(356005)(426003)(83380400001)(86362001)(6266002)(36860700001)(47076005)(336012)(4326008)(8676002)(26005)(6966003)(316002)(70586007)(70206006)(36756003)(186003)(5660300002)(8936002)(44832011)(2906002)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:57:59.1472 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 42a3a127-cf2d-42be-118b-08d9f86f36ac X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT005.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR1P264MB4135 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- include/image.h | 15 ++++++ tools/fit_image.c | 3 ++ tools/image-host.c | 114 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 132 insertions(+) diff --git a/include/image.h b/include/image.h index 496b7af3f3..498eb7f2e3 100644 --- a/include/image.h +++ b/include/image.h @@ -1019,6 +1019,21 @@ int fit_image_hash_get_value(const void *fit, int noffset, uint8_t **value, int fit_set_timestamp(void *fit, int noffset, time_t timestamp); +/** + * fit_pre_load_data() - add public key to fdt blob + * + * Adds public key to the node pre load. + * + * @keydir: Directory containing keys + * @keydest: FDT blob to write public key + * @fit: Pointer to the FIT format image header + * + * returns: + * 0, on success + * < 0, on failure + */ +int fit_pre_load_data(const char *keydir, void *keydest, void *fit); + int fit_cipher_data(const char *keydir, void *keydest, void *fit, const char *comment, int require_keys, const char *engine_id, const char *cmdname); diff --git a/tools/fit_image.c b/tools/fit_image.c index 15f7c82d61..1884a2eb0b 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -59,6 +59,9 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc, ret = fit_set_timestamp(ptr, 0, time); } + if (!ret) + ret = fit_pre_load_data(params->keydir, dest_blob, ptr); + if (!ret) { ret = fit_cipher_data(params->keydir, dest_blob, ptr, params->comment, diff --git a/tools/image-host.c b/tools/image-host.c index eaeb76545c..ab6f756cf1 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -14,6 +14,11 @@ #include #include +#include +#include + +#define IMAGE_PRE_LOAD_PATH "/image/pre-load/sig" + /** * fit_set_hash_value - set hash value in requested has node * @fit: pointer to the FIT format image header @@ -1111,6 +1116,115 @@ static int fit_config_add_verification_data(const char *keydir, return 0; } +/* + * 0) open file (open) + * 1) read certificate (PEM_read_X509) + * 2) get public key (X509_get_pubkey) + * 3) provide der format (d2i_RSAPublicKey) + */ +static int read_pub_key(const char *keydir, const void *name, + unsigned char **pubkey, int *pubkey_len) +{ + char path[1024]; + EVP_PKEY *key = NULL; + X509 *cert; + FILE *f; + int ret; + + memset(path, 0, 1024); + snprintf(path, sizeof(path), "%s/%s.crt", keydir, (char *)name); + + /* Open certificate file */ + f = fopen(path, "r"); + if (!f) { + fprintf(stderr, "Couldn't open RSA certificate: '%s': %s\n", + path, strerror(errno)); + return -EACCES; + } + + /* Read the certificate */ + cert = NULL; + if (!PEM_read_X509(f, &cert, NULL, NULL)) { + printf("Couldn't read certificate"); + ret = -EINVAL; + goto err_cert; + } + + /* Get the public key from the certificate. */ + key = X509_get_pubkey(cert); + if (!key) { + printf("Couldn't read public key\n"); + ret = -EINVAL; + goto err_pubkey; + } + + /* Get DER form */ + ret = i2d_PublicKey(key, pubkey); + if (ret < 0) { + printf("Couldn't get DER form\n"); + ret = -EINVAL; + goto err_pubkey; + } + + *pubkey_len = ret; + ret = 0; + +err_pubkey: + X509_free(cert); +err_cert: + fclose(f); + return ret; +} + +int fit_pre_load_data(const char *keydir, void *keydest, void *fit) +{ + int pre_load_noffset; + const void *algo_name; + const void *key_name; + unsigned char *pubkey = NULL; + int ret, pubkey_len; + + if (!keydir || !keydest || !fit) + return 0; + + /* Search node pre-load sig */ + pre_load_noffset = fdt_path_offset(keydest, IMAGE_PRE_LOAD_PATH); + if (pre_load_noffset < 0) { + ret = 0; + goto out; + } + + algo_name = fdt_getprop(keydest, pre_load_noffset, "algo-name", NULL); + key_name = fdt_getprop(keydest, pre_load_noffset, "key-name", NULL); + + /* Check that all mandatory properties are present */ + if (!algo_name || !key_name) { + if (!algo_name) + printf("The property algo-name is missing in the node %s\n", + IMAGE_PRE_LOAD_PATH); + if (!key_name) + printf("The property key-name is missing in the node %s\n", + IMAGE_PRE_LOAD_PATH); + ret = -ENODATA; + goto out; + } + + /* Read public key */ + ret = read_pub_key(keydir, key_name, &pubkey, &pubkey_len); + if (ret < 0) + goto out; + + /* Add the public key to the device tree */ + ret = fdt_setprop(keydest, pre_load_noffset, "public-key", + pubkey, pubkey_len); + if (ret) + printf("Can't set public-key in node %s (ret = %d)\n", + IMAGE_PRE_LOAD_PATH, ret); + + out: + return ret; +} + int fit_cipher_data(const char *keydir, void *keydest, void *fit, const char *comment, int require_keys, const char *engine_id, const char *cmdname) From patchwork Fri Feb 25 14:57:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1597737 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=mRciUovU; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tHG6dVYz9sFs for ; Sat, 26 Feb 2022 02:00:10 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id F07AA83D20; Fri, 25 Feb 2022 15:58:56 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="mRciUovU"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id B28A583CB1; Fri, 25 Feb 2022 15:58:16 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0620.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::620]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 4491C83CB1 for ; Fri, 25 Feb 2022 15:58:01 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SgYxp4DsKG+HRdXIciNfGKW7a7nRGfKv1f976JWbjzndjV/Sq/Ogg3l1ectmgzpU1QycZKEK7Vo7dVIp+VJxm1twVptVSpl+rgVwPf8/kybrSK0tY+xCY/9To+MrBj+ik3SNXXdW6aaix5TLsBIdBIJoORcR6Qk1jvAV+KdcRoWvl+BHOnoO4YQti3turXguP1+R8FF+DMyRlf75dMOxHNNdHH6rbGIUxdTIpLMliPP+KkZa3F42cO1jtM2UajLPzZe6u2XMUhu8yNtHYAds8w6ZRbd1Vf8a7WU8QKFagxIeAeMZvwR9sXuRwN5j2BPaExvEMOz6oUxdm2LGeWhN6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=glr/R8cUufFMyC4i4R4mgeMz5XzU8yvhrKHAZ87Yr4c=; b=Yy34fI68u4Yavz13O9K/kKt/zhIhvOIfAHZd92+7bDZBsMEClIgZdUusOt6eo5p0iOYRJ+a8KtOLnlBpc8gMx6p2s5PDAVQi5ipQFjWadP5q8rh9b/kPrNa/ErnPV4vCgvARBRnf3vgB9ntoYorXrOIzjBtj9VmeC9voJ2rAu8YTgysWTuZg+NNOxcWgpc2sPGhQ11gdlhY/h0wF8J1PuwyHXPM/GWn8P+SlkWN+8uXWGRm7+brnoYugOUVtJj4AI0R+4u7YzA7vXZQE/bUC9myS2O9NpdZwn2QmxnYNcwEhljsW6/9i/Ui/RmX+iq1LVzLw/gJVy6Rn3Ze/1x5y9w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=glr/R8cUufFMyC4i4R4mgeMz5XzU8yvhrKHAZ87Yr4c=; b=mRciUovUegjGa94GUTQSCXqlWdM1y5jtRrPFga2MrhcJWmRn79nnRONUeRf/izA5oQQXds9O/1augkCAfqgwGSPH2aEZ+StvHl4upxWa86kp6zr/noQ9ojQeyVJ8dhviIQLsawkJkQB5JW1t4ZkrWn+hepBh/wkQtWY51oSOoV9NnyLW6/eExizEr2ata1EJoPaqyTTDOPu4YvhFH4/xFrJXq+zZB6pE9phW75u//0A/32uOIRUkfGYAMwsTH86zKWLyvbpQ+mTj/doYdUOtVzAAit2/4voMf8zOl1CxY2oqNcM5dWYjteq6A66DoMXcDdDUyz9CXyHLIZasy5FwOA== Received: from PAZP264CA0133.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:1f8::19) by MR1P264MB4146.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:27::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.21; Fri, 25 Feb 2022 14:57:59 +0000 Received: from PR2FRA01FT008.eop-fra01.prod.protection.outlook.com (2603:10a6:102:1f8:cafe::3) by PAZP264CA0133.outlook.office365.com (2603:10a6:102:1f8::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.23 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT008.mail.protection.outlook.com (10.152.48.101) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id 1A2E020040; Fri, 25 Feb 2022 15:57:59 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v6 11/16] Makefile: provide sah-key to binman Date: Fri, 25 Feb 2022 15:57:49 +0100 Message-Id: <20220225145754.30217-12-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: f71bf068-d683-4970-244a-08d9f86f36c5 X-MS-TrafficTypeDiagnostic: MR1P264MB4146:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: IqG9S8hivbA6c721A2tzxw8zMiDlHeXmY2g1H7qsShmtoZ19/W5pGr1bviyl2qeVerhwu55u0KBCJK8KhQZ6+bD2LhWziSNYb4D89ZUjOj2UCwA1aZjVc2J132tJQmGXykJSIX0IAEygQgBhfUyk5AulT0JxuYYl5U3G85lzxbBUF127y50tsxfhFvHlNgCextE+zDLLgfah7cme7HgjYUsNiCdKkR2HjBJu9sl0Zei4iBTHHiZ4wqjTqcWEfsELeCc3lasXB5DlTi3denGTQALKAsfRUDwpYF0eoDfQz+/3ATsJtivui1W6ocmR1UMAau5PorXjmyQh0of878AlnVoI9wTbprdpF1SXL/Obf3wuezqPuBk70DKs/phSYktCgHQ361Eoct3iACtNVHb8kt4yuhkagGW+LYTEFTeINwgdHuCSN/kGiKajaxVYZj9uYCe9KU/nnk139auRa/ktORFM/GbiKe/CucMuMWPODqTp/Yq7P3L/VSIbZPl6L6zDM+G+0CZUJSw8MVmN0F4hriY44HbR3qRUSEyTSfWP0fKxAXK6Mh7/aoV8rXAyxfNBbL5/EgGf1RAPrMruCs5myhpuO8xMcLJcXfCZH+pYUOp4AbmHXpCiti7g7nyapS0nqRu+MX1Nu+Em+76YGyOHxSBt7VqZi6NS2x1GPSqhffiS1hxqeqszrrhj+9lO1+z5w+h8UEE21jTrEKuOr7kRBA== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(40470700004)(46966006)(36840700001)(316002)(82960400001)(8936002)(2616005)(5660300002)(81166007)(107886003)(44832011)(4744005)(1076003)(70586007)(508600001)(86362001)(4326008)(356005)(70206006)(8676002)(6666004)(6966003)(82310400004)(426003)(2906002)(36756003)(6266002)(47076005)(336012)(186003)(26005)(36860700001)(40460700003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:57:59.3114 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f71bf068-d683-4970-244a-08d9f86f36c5 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT008.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MR1P264MB4146 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Set the variable key-path with the shell variable KEY_PATH that contain the keys path (used for signature). This variable key-path is provided to binman. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 697cc51d67..c6da6cdba0 100644 --- a/Makefile +++ b/Makefile @@ -1335,6 +1335,7 @@ cmd_binman = $(srctree)/tools/binman/binman $(if $(BINMAN_DEBUG),-D) \ -a tpl-bss-pad=$(if $(CONFIG_TPL_SEPARATE_BSS),,1) \ -a spl-dtb=$(CONFIG_SPL_OF_REAL) \ -a tpl-dtb=$(CONFIG_TPL_OF_REAL) \ + -a key-path=${KEY_PATH} \ $(BINMAN_$(@F)) OBJCOPYFLAGS_u-boot.ldr.hex := -I binary -O ihex From patchwork Fri Feb 25 14:57:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1597742 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=P1f1zLAN; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tJX6Tn8z9sG0 for ; Sat, 26 Feb 2022 02:01:16 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4B79283CE9; Fri, 25 Feb 2022 15:59:55 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="P1f1zLAN"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id AAC3783CEA; Fri, 25 Feb 2022 15:58:24 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0608.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::608]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C411C83C78 for ; Fri, 25 Feb 2022 15:58:01 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T2IgjtsT5wE+7lr6teAfgw+y+AqUydz55MaOW11G5/oRMKQXdbgt5Mnjchom4jqnNQLbBdwdI82ktKlai2ZaBqbGIQmfKbVEvIDQA4zqrJuzpRSUYaK/hs9g19aZJ8iEfb4u7PvCZCpYeuywjFLHYioeOlzFBZHSER3zGraCV06H3/756g9AOqfhmGDJfqmDUgXl65w3z0p8ikKsN5bUSCoycK4gtvWmpsc/8zgG1QweW1E8HOhDpHdNT3bpSzRvishTYSMUdAmMvvIfqb1CBVZhYW5lnMAiELWvxR1sjSZo6QjPW0Q1OeWtD4JzRfnPChzXpU1mr7Cfb3ATv+dVvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PvYsXlOgkdp/wOc8Xw/7fyE/7EIryKJ6uWTum5goWLM=; b=leeo9k3e0kvN8hu2gEGNeDFyNojPKppMUhnnTzhCguDHHW3b1mXs04C1UhZOkHKN88ij+avH1gtIBzQZkpr3DKMgRKQ47tWojc3f6MWN4RPzeUV76lKNKcGliYOLhvFCECkukPcYJNgnrqIehHkdFVbYt0Oii2O36j2BUfIo1DZ3S5XfUOvWpNyEmJ5le9u5nX4bf9jg03mrZbF9iV4EaRp4JBO183sllhULbI9y67PUGhfU1D7mCkf3un9aZzNe6f6F4q3fTChlzWyTtlxHwVprn2ba++R3Fi3/lPve5GvLAVK5/3DLbMP9MKQBe9hPp3xYWDmu5kznI3wJlPyujQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PvYsXlOgkdp/wOc8Xw/7fyE/7EIryKJ6uWTum5goWLM=; b=P1f1zLAN8PqLC1t1p83BhDDfg3wVtp7ujkQ7HAtN/Uk8bHD6ChjJ/ypsYc1tmbDSiuojsUlPAWJmIGNdxJrXpf15dOcMT33CyyyhsYrcaARY1P6pIoQt949gK31O9OtZr0nMbXlMp+tzfKEYdKNFUjGcQ0V/Mz5kAMt7/DUjSXsf3ndagb0iGpWsKbRGGYCy2xV8QccUkA0GsKqE6Rt+0b7o+BPo6cYHkvJTidEHvojCyTg3bzou25dBWTpHY2O9UzZ0MBrdWkaaq4rPUiTKhpFwfBuDQlk1C1tQdt4RF9ZfYbTRnFqgcD7qQ96/+y/kP7QYimmuy9vFILyVrxSWhw== Received: from MR2P264CA0055.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:31::19) by PR2P264MB0173.FRAP264.PROD.OUTLOOK.COM (2603:10a6:101:7::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.23; Fri, 25 Feb 2022 14:57:59 +0000 Received: from MR2FRA01FT005.eop-fra01.prod.protection.outlook.com (2603:10a6:500:31:cafe::5d) by MR2P264CA0055.outlook.office365.com (2603:10a6:500:31::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by MR2FRA01FT005.mail.protection.outlook.com (10.152.50.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id 3C89A2003C; Fri, 25 Feb 2022 15:57:59 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v6 12/16] tools: binman: add support for pre-load header Date: Fri, 25 Feb 2022 15:57:50 +0100 Message-Id: <20220225145754.30217-13-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: d6f0116c-c641-467c-96e7-08d9f86f36e5 X-MS-TrafficTypeDiagnostic: PR2P264MB0173:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 4rNN8+tzhTxGhPmQrzLS8n34zSDqQUMqTqHTSn3yupCwYLO/ow/Mz2n45KkhI6SHOy4394EqISMF1wrENZC0KWhJ5T42G+RM3IULCso1SQRgCtaU1NCQOmmSB/ca3LTNzvAGAcj3mSCAcdU+tGrq3mCrPGbUUTm4K7AcuPrxOCbCocU/h2jBMGmG4WX1pe/v0b3wrn4TFxQvUt0dsegdWaoLWPUMsboFXEdWI2V8htLCl2XO5JdhBXNqjFHQz5R3d4a6QyjSa/+w8nQJuz0bMN3ukdHhdqn6GSHhG8V0tet4kRTu7PIdJpPTGTO73DBOiMjD7fY7+TXZqPuE8lQE3MMncvF9VHeK1SbCKZuN0CSC8mLsRKXUfv8ai71oNbb1S/AfrMD7go6Z3qz9OZvG4ucebuMnjirnM+KAwdoKo1WLL6DzqzSLgismuLCpC6WDcNF9eTG9q1Y0YJSbbiFpGAViIcTlYCUoeBJ6v98VW5y8z25iwgImFT8+zbsyZbnKjT5SqAP/I99laLXhCxJfdpnfTAbo1HK+Czgfs5ul5CEJfTcxpByskaCVTUTXger+B/8dDHw1RDkeGVwv8dQHeMjRirFkIzotn6oZ4sVPH9j4lQieP7yy42CvesDi2svvEvtIIREIm0dJYScshY01qYLtv/FVlW36kHyXuz5RUwiYLznLEgRgJPeJpGq5V+95ZxdLHZPWs0BZJ2CeiEWuxA== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(40470700004)(46966006)(8676002)(2906002)(6966003)(426003)(36756003)(316002)(336012)(36860700001)(47076005)(86362001)(30864003)(44832011)(6266002)(83380400001)(186003)(5660300002)(107886003)(26005)(6666004)(1076003)(70206006)(70586007)(81166007)(356005)(82310400004)(508600001)(82960400001)(8936002)(2616005)(4326008)(40460700003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:57:59.5085 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d6f0116c-c641-467c-96e7-08d9f86f36e5 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: MR2FRA01FT005.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR2P264MB0173 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Adds the support of the pre-load header with the image signature to binman. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- tools/binman/etype/pre_load.py | 165 ++++++++++++++++++ tools/binman/ftest.py | 45 +++++ tools/binman/test/225_dev.key | 28 +++ tools/binman/test/225_pre_load.dts | 22 +++ tools/binman/test/226_pre_load_pkcs.dts | 23 +++ tools/binman/test/227_pre_load_pss.dts | 23 +++ .../test/228_pre_load_invalid_padding.dts | 23 +++ .../binman/test/229_pre_load_invalid_sha.dts | 23 +++ .../binman/test/230_pre_load_invalid_algo.dts | 23 +++ .../binman/test/231_pre_load_invalid_key.dts | 23 +++ 10 files changed, 398 insertions(+) create mode 100644 tools/binman/etype/pre_load.py create mode 100644 tools/binman/test/225_dev.key create mode 100644 tools/binman/test/225_pre_load.dts create mode 100644 tools/binman/test/226_pre_load_pkcs.dts create mode 100644 tools/binman/test/227_pre_load_pss.dts create mode 100644 tools/binman/test/228_pre_load_invalid_padding.dts create mode 100644 tools/binman/test/229_pre_load_invalid_sha.dts create mode 100644 tools/binman/test/230_pre_load_invalid_algo.dts create mode 100644 tools/binman/test/231_pre_load_invalid_key.dts diff --git a/tools/binman/etype/pre_load.py b/tools/binman/etype/pre_load.py new file mode 100644 index 0000000000..2af2857404 --- /dev/null +++ b/tools/binman/etype/pre_load.py @@ -0,0 +1,165 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright (c) 2022 Softathome +# Written by Philippe Reynes +# +# Entry-type for the global header +# + +import struct +from dtoc import fdt_util +from patman import tools + +from binman.entry import Entry +from binman.etype.collection import Entry_collection +from binman.entry import EntryArg + +from Cryptodome.Hash import SHA256, SHA384, SHA512 +from Cryptodome.PublicKey import RSA +from Cryptodome.Signature import pkcs1_15 +from Cryptodome.Signature import pss + +PRE_LOAD_MAGIC = b'UBSH' + +RSAS = { + 'rsa1024': 1024 / 8, + 'rsa2048': 2048 / 8, + 'rsa4096': 4096 / 8 +} + +SHAS = { + 'sha256': SHA256, + 'sha384': SHA384, + 'sha512': SHA512 +} + +class Entry_pre_load(Entry_collection): + """Pre load image header + + Properties / Entry arguments: + - key-path: Path of the directory that store key (provided by the environment variable KEY_PATH) + - content: List of phandles to entries to sign + - algo-name: Hash and signature algo to use for the signature + - padding-name: Name of the padding (pkcs-1.5 or pss) + - key-name: Filename of the private key to sign + - header-size: Total size of the header + - version: Version of the header + + This entry create a pre-load header that contain a global + image signature. + + For example, this creates an image with a pre-load header and a binary:: + + binman { + image2 { + filename = "sandbox.bin"; + + pre-load { + content = <&image>; + algo-name = "sha256,rsa2048"; + padding-name = "pss"; + key-name = "private.pem"; + header-size = <4096>; + version = <1>; + }; + + image: blob-ext { + filename = "sandbox.itb"; + }; + }; + }; + """ + + def __init__(self, section, etype, node): + super().__init__(section, etype, node) + self.algo_name = fdt_util.GetString(self._node, 'algo-name') + self.padding_name = fdt_util.GetString(self._node, 'padding-name') + self.key_name = fdt_util.GetString(self._node, 'key-name') + self.header_size = fdt_util.GetInt(self._node, 'header-size') + self.version = fdt_util.GetInt(self._node, 'version') + + def _CreateHeader(self): + """Create a pre load header""" + hash_name, sign_name = self.algo_name.split(',') + padding_name=self.padding_name + key_path, = self.GetEntryArgsOrProps([EntryArg('key-path', str)]) + if key_path is None or key_path == "": + key_name = self.key_name + else: + key_name = key_path + "/" + self.key_name + + # Check hash and signature name/type + if hash_name not in SHAS: + raise ValueError(hash_name + " is not supported") + if sign_name not in RSAS: + raise ValueError(sign_name + "is not supported") + + # Read the key + with open(key_name, 'rb') as pem: + key = RSA.import_key(pem.read()) + + # Check if the key has the expected size + if key.size_in_bytes() != RSAS[sign_name]: + raise ValueError("The key " + self.key_name + " don't have the expected size") + + # Compute the hash + hash_image = SHAS[hash_name].new() + hash_image.update(self.image) + + # Compute the signature + if padding_name is None: + padding_name = "pkcs-1.5" + if padding_name == "pss": + salt_len = key.size_in_bytes() - hash_image.digest_size - 2 + padding = pss + padding_args = {'salt_bytes': salt_len} + elif padding_name == "pkcs-1.5": + padding = pkcs1_15 + padding_args = {} + else: + raise ValueError(padding_name + " is not supported") + + sig = padding.new(key, **padding_args).sign(hash_image) + + hash_sig = SHA256.new() + hash_sig.update(sig) + + version = self.version + header_size = self.header_size + image_size = len(self.image) + ofs_img_sig = 64 + len(sig) + flags = 0 + reserved0 = 0 + reserved1 = 0 + + first_header = bytearray(64) + struct.pack_into('4s', first_header, 0, PRE_LOAD_MAGIC) + struct.pack_into('>I', first_header, 4, version) + struct.pack_into('>I', first_header, 8, header_size) + struct.pack_into('>I', first_header, 12, image_size) + struct.pack_into('>I', first_header, 16, ofs_img_sig) + struct.pack_into('>I', first_header, 20, flags) + struct.pack_into('>I', first_header, 24, reserved0) + struct.pack_into('>I', first_header, 28, reserved1) + struct.pack_into('32s', first_header, 32, hash_sig.digest()) + + hash_first_header = SHAS[hash_name].new() + hash_first_header.update(first_header) + sig_first_header = padding.new(key, **padding_args).sign(hash_first_header) + + data = first_header + sig_first_header + sig + pad = bytearray(self.header_size - len(data)) + + return data + pad + + def ObtainContents(self): + """Obtain a placeholder for the header contents""" + # wait that the image is available + self.image = self.GetContents(False) + if self.image is None: + return False + self.SetContents(self._CreateHeader()) + return True + + def ProcessContents(self): + data = self._CreateHeader() + return self.ProcessContentsUpdate(data) diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py index 8f00db6945..06b8546354 100644 --- a/tools/binman/ftest.py +++ b/tools/binman/ftest.py @@ -91,6 +91,9 @@ SCP_DATA = b'scp' TEST_FDT1_DATA = b'fdt1' TEST_FDT2_DATA = b'test-fdt2' ENV_DATA = b'var1=1\nvar2="2"' +PRE_LOAD_MAGIC = b'UBSH' +PRE_LOAD_VERSION = 0x11223344.to_bytes(4, 'big') +PRE_LOAD_HDR_SIZE = 0x00001000.to_bytes(4, 'big') # Subdirectory of the input dir to use to put test FDTs TEST_FDT_SUBDIR = 'fdts' @@ -5321,6 +5324,48 @@ fdt fdtmap Extract the devicetree blob from the fdtmap self.assertIn("Node '/binman/fit': Unknown operation 'unknown'", str(exc.exception)) + def testPreLoad(self): + """Test an image with a pre-load header""" + entry_args = { + 'key-path': '.', + } + data, _, _, _ = self._DoReadFileDtb('225_pre_load.dts', + entry_args=entry_args) + self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)]) + self.assertEqual(PRE_LOAD_VERSION, data[4:4+len(PRE_LOAD_VERSION)]) + self.assertEqual(PRE_LOAD_HDR_SIZE, data[8:8+len(PRE_LOAD_HDR_SIZE)]) + data = self._DoReadFile('225_pre_load.dts') + self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)]) + self.assertEqual(PRE_LOAD_VERSION, data[4:4+len(PRE_LOAD_VERSION)]) + self.assertEqual(PRE_LOAD_HDR_SIZE, data[8:8+len(PRE_LOAD_HDR_SIZE)]) + data = self._DoReadFile('226_pre_load_pkcs.dts') + self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)]) + self.assertEqual(PRE_LOAD_VERSION, data[4:4+len(PRE_LOAD_VERSION)]) + self.assertEqual(PRE_LOAD_HDR_SIZE, data[8:8+len(PRE_LOAD_HDR_SIZE)]) + data = self._DoReadFile('227_pre_load_pss.dts') + self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)]) + self.assertEqual(PRE_LOAD_VERSION, data[4:4+len(PRE_LOAD_VERSION)]) + self.assertEqual(PRE_LOAD_HDR_SIZE, data[8:8+len(PRE_LOAD_HDR_SIZE)]) + + def testPreLoadInvalidPadding(self): + """Test an image with a pre-load header with an invalid padding""" + with self.assertRaises(ValueError) as e: + data = self._DoReadFile('228_pre_load_invalid_padding.dts') + + def testPreLoadInvalidSha(self): + """Test an image with a pre-load header with an invalid hash""" + with self.assertRaises(ValueError) as e: + data = self._DoReadFile('229_pre_load_invalid_sha.dts') + + def testPreLoadInvalidAlgo(self): + """Test an image with a pre-load header with an invalid algo""" + with self.assertRaises(ValueError) as e: + data = self._DoReadFile('230_pre_load_invalid_algo.dts') + + def testPreLoadInvalidKey(self): + """Test an image with a pre-load header with an invalid key""" + with self.assertRaises(ValueError) as e: + data = self._DoReadFile('231_pre_load_invalid_key.dts') if __name__ == "__main__": unittest.main() diff --git a/tools/binman/test/225_dev.key b/tools/binman/test/225_dev.key new file mode 100644 index 0000000000..b36bad2cfb --- /dev/null +++ b/tools/binman/test/225_dev.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDYngNWUvXYRXX/ +WEUI7k164fcpv1srXz+u+5Y3Yhouw3kPs+ffvYyHAPfjF7aUIAgezKk/4o7AvsxE +Rdih3T+0deAd/q/yuqN4Adzt6ImnsO/EqdtYl3Yh+Vck9xWhLd3SAw1++GfSmNMT +gxlcc/z6z+bIh2tJNtPtRSNNHMmvYYOkBmkfwcjbMXD+fe4vBwYjVrIize+l7Yuv +1qN2nFlq56pFi8Lj5vOvFyNhZHRvwcpWdUdkx39beNUfwrGhgewOeWngTcY75n7S +FY45TBR1G2PR90CQvyDinCi9Mm0u5s+1WASQWPblovfD6CPbHQu4GZm+FAs7yUvr +hA7VCyNxAgMBAAECggEAUbq0uaJNfc8faTtNuMPo2d9eGRNI+8FRTt0/3R+Xj2NT +TvhrGUD0P4++96Df012OkshXZ3I8uD6E5ZGQ3emTeqwq5kZM7oE64jGZwO3G2k1o ++cO4reFfwgvItHrBX3HlyrI6KljhG1Vr9mW1cOuWXK+KfMiTUylrpo86dYLSGeg3 +7ZlsOPArr4eof/A0iPryQZX6X5POf7k/e9qRFYsOkoRQO8pBL3J4rIKwBl3uBN3K ++FY40vCkd8JyTo2DNfHeIe1XYA9fG2ahjD2qMsw10TUsRRMd5yhonEcJ7VzGzy8m +MnuMDAr7CwbbLkKi4UfZUl6YDkojqerwLOrxikBqkQKBgQD6sS6asDgwiq5MtstE +4/PxMrVEsCdkrU+jjQN749qIt/41a6lbp0Pr6aUKKKGs0QbcnCtlpp7qmhvymBcW +hlqxk2wokKMChv4WLXjZS3DGcOdMglc81y2F+252bToN8vwUfm6DPp9/GKtejA0a +GP57GeHxoVO7vfDX1F/vZRogRQKBgQDdNCLWOlGWvnKjfgNZHgX+Ou6ZgTSAzy+/ +hRsZPlY5nwO5iD7YkIKvqBdOmfyjlUpHWk2uAcT9pfgzYygvyBRaoQhAYBGkHItt +slaMxnLd+09wWufoCbgJvFn+wVQxBLcA5PXB98ws0Dq8ZYuo6AOuoRivsSO4lblK +MW0guBJXPQKBgQDGjf0ukbH/aGfC5Oi8SJvWhuYhYC/jQo2YKUEAKCjXLnuOThZW +PHXEbUrFcAcVfH0l0B9jJIQrpiHKlAF9Wq6MhQoeWuhxQQAQCrXzzRemZJgd9gIo +cvlgbBNCgyJ/F9vmU3kuRDRJkv1wJhbee7tbPtXA7pkGUttl5pSRZI87zQKBgQC/ +0ZkwCox72xTQP9MpcYai6nnDta5Q0NnIC+Xu4wakmwcA2WweIlqhdnMXnyLcu/YY +n+9iqHgpuMXd0eukW62C1cexA13o4TPrYU36b5BmfKprdPlLVzo3fxTPfNjEVSFY +7jNLC9YLOlrkym3sf53Jzjr5B/RA+d0ewHOwfs6wxQKBgFSyfjx5wtdHK4fO+Z1+ +q3bxouZryM/4CiPCFuw4+aZmRHPmufuNCvfXdF+IH8dM0E9ObwKZAe/aMP/Y+Abx +Wz9Vm4CP6g7k3DU3INEygyjmIQQDKQ9lFdDnsP9ESzrPbaGxZhc4x2lo7qmeW1BR +/RuiAofleFkT4s+EhLrfE/v5 +-----END PRIVATE KEY----- diff --git a/tools/binman/test/225_pre_load.dts b/tools/binman/test/225_pre_load.dts new file mode 100644 index 0000000000..c1ffe1a2ff --- /dev/null +++ b/tools/binman/test/225_pre_load.dts @@ -0,0 +1,22 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + pre-load { + content = <&image>; + algo-name = "sha256,rsa2048"; + key-name = "tools/binman/test/225_dev.key"; + header-size = <4096>; + version = <0x11223344>; + }; + + image: blob-ext { + filename = "refcode.bin"; + }; + }; +}; diff --git a/tools/binman/test/226_pre_load_pkcs.dts b/tools/binman/test/226_pre_load_pkcs.dts new file mode 100644 index 0000000000..3db0a37f77 --- /dev/null +++ b/tools/binman/test/226_pre_load_pkcs.dts @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + pre-load { + content = <&image>; + algo-name = "sha256,rsa2048"; + padding-name = "pkcs-1.5"; + key-name = "tools/binman/test/225_dev.key"; + header-size = <4096>; + version = <0x11223344>; + }; + + image: blob-ext { + filename = "refcode.bin"; + }; + }; +}; diff --git a/tools/binman/test/227_pre_load_pss.dts b/tools/binman/test/227_pre_load_pss.dts new file mode 100644 index 0000000000..b1b01d5ad5 --- /dev/null +++ b/tools/binman/test/227_pre_load_pss.dts @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + pre-load { + content = <&image>; + algo-name = "sha256,rsa2048"; + padding-name = "pss"; + key-name = "tools/binman/test/225_dev.key"; + header-size = <4096>; + version = <0x11223344>; + }; + + image: blob-ext { + filename = "refcode.bin"; + }; + }; +}; diff --git a/tools/binman/test/228_pre_load_invalid_padding.dts b/tools/binman/test/228_pre_load_invalid_padding.dts new file mode 100644 index 0000000000..84fe289183 --- /dev/null +++ b/tools/binman/test/228_pre_load_invalid_padding.dts @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + pre-load { + content = <&image>; + algo-name = "sha256,rsa2048"; + padding-name = "padding"; + key-name = "tools/binman/test/225_dev.key"; + header-size = <4096>; + version = <1>; + }; + + image: blob-ext { + filename = "refcode.bin"; + }; + }; +}; diff --git a/tools/binman/test/229_pre_load_invalid_sha.dts b/tools/binman/test/229_pre_load_invalid_sha.dts new file mode 100644 index 0000000000..a2b6725c89 --- /dev/null +++ b/tools/binman/test/229_pre_load_invalid_sha.dts @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + pre-load { + content = <&image>; + algo-name = "sha2560,rsa2048"; + padding-name = "pkcs-1.5"; + key-name = "tools/binman/test/225_dev.key"; + header-size = <4096>; + version = <1>; + }; + + image: blob-ext { + filename = "refcode.bin"; + }; + }; +}; diff --git a/tools/binman/test/230_pre_load_invalid_algo.dts b/tools/binman/test/230_pre_load_invalid_algo.dts new file mode 100644 index 0000000000..34c8d34f15 --- /dev/null +++ b/tools/binman/test/230_pre_load_invalid_algo.dts @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + pre-load { + content = <&image>; + algo-name = "sha256,rsa20480"; + padding-name = "pkcs-1.5"; + key-name = "tools/binman/test/225_dev.key"; + header-size = <4096>; + version = <1>; + }; + + image: blob-ext { + filename = "refcode.bin"; + }; + }; +}; diff --git a/tools/binman/test/231_pre_load_invalid_key.dts b/tools/binman/test/231_pre_load_invalid_key.dts new file mode 100644 index 0000000000..08d5a75ddf --- /dev/null +++ b/tools/binman/test/231_pre_load_invalid_key.dts @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + pre-load { + content = <&image>; + algo-name = "sha256,rsa4096"; + padding-name = "pkcs-1.5"; + key-name = "tools/binman/test/225_dev.key"; + header-size = <4096>; + version = <1>; + }; + + image: blob-ext { + filename = "refcode.bin"; + }; + }; +}; From patchwork Fri Feb 25 14:57:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1597741 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=KNffvPCe; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tJH21cyz9sG0 for ; Sat, 26 Feb 2022 02:01:03 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 9DD1D83D0C; Fri, 25 Feb 2022 15:59:50 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="KNffvPCe"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id F282083C55; Fri, 25 Feb 2022 15:58:22 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0613.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::613]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 15DC483CCE for ; Fri, 25 Feb 2022 15:58:02 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CO0P0rIwadh12DqGPE1sszkGRwnNYMb2m1dAizyUfftl+TSs4ri5WZ/5btkko013MCJ+W4DIiv8W5Zeuzcx6vvuejcOGXeZcfpgtWT0Zc0taH6tKDIi7Bbin0+PoLEcjPi3Rsfmo6/wLWjM6uVGLiL0vgPAvwVEJbX7u4J/94BUiK7ZtHOvvw4MctfLY7JX3OLYnbmWrhg/zPx0M4skgZjrwE2OO+ZQLXdKnn3u380AhZe1/i/3nSGa6KzjK7+De+/pxheApHy2EdqZ0Fcyh5WGvCLZHUh9rXGnSxpKLMzivVRMAMP6zy7YSzCFbbjXFas7GP0Qj3dgoMc7QRrcJHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TE3ZZ4UQWgZv0ZId5cj8P9Ag4AjiOTcfzQT8Z3HEXQI=; b=JY+B1EQXHvHdYIRaTm31+KNo+0mOX5L2F+BBmdnfxvTXi4pb/FyC4THJPVhCWLNEKCK0Zy8b3AyM5VtxakRPtOm7MeJ1jNxgOlrHv1d03hkDKQu+H6Rj7MWaido90BmVA/TVD9kkKymGLgNmfm+HjC55hK49EPEV0PcIJl4IQ7I8xQw1tJVQpmVUjL4FRG6pPlcDhiXnX4dXwmWdNHmVsOTh85//+sMW8Zu5PSh4Wk34dQoqkqPhHvDZ1GCxFPtwjdn6tXZ5rZzp2dCiG6CDMYXKo+fdIuHwjbsfyC6AiR2xnC0FI4+6Bvs9v69EcabhWD4E16F28temPMxjE/b7hA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TE3ZZ4UQWgZv0ZId5cj8P9Ag4AjiOTcfzQT8Z3HEXQI=; b=KNffvPCeo/3RwQz14Ip7QoPURt+RXVY8kEXW8qZK62n4dZEU6dmYPaf0rq73E/GOmjLCXZqazhMGOX2DjLn8wmUszdOGKKUCGr+rghTTG0lDqBnvTEnwd5SEXnsUwBVtDqN81JGpUm3y1I23IjxkheQtJNdcuM7XEqwvifn7mZfbxCfOwCU7m/xSMusPfJuJo5aEPDWdoXa6F1cDBJmo6CFozifpeD6gU6gP+wR6ISuVl2zUrbBD3PudTbtyoEmvQtm5hKXjHpLc+hnh8yyU4LPbPfYyUPrRTuWNZqj9sZx5PMHocKnoKNsPYCQrsYbXq6ObYMdSTCq3YxVAxsB6+A== Received: from PR1PR01CA0010.eurprd01.prod.exchangelabs.com (2603:10a6:102::23) by MR2P264MB0899.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:7::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.24; Fri, 25 Feb 2022 14:58:00 +0000 Received: from MR2FRA01FT011.eop-fra01.prod.protection.outlook.com (2603:10a6:102:0:cafe::4c) by PR1PR01CA0010.outlook.office365.com (2603:10a6:102::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.25 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by MR2FRA01FT011.mail.protection.outlook.com (10.152.50.189) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id 5E0D820032; Fri, 25 Feb 2022 15:57:59 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v6 13/16] configs: sandbox_defconfig: enable stage pre-load in bootm Date: Fri, 25 Feb 2022 15:57:51 +0100 Message-Id: <20220225145754.30217-14-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: de1240b8-aace-4a19-bfaa-08d9f86f36f9 X-MS-TrafficTypeDiagnostic: MR2P264MB0899:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mFtYsafQTdsUcFoJgCuPJgJBDZOvBCluAJ68T6AJbzctG7GY1Br6LoRHNHkzCa4INxg1076YrhY2dUjSi+XnhbiNHLtKBTLQPTL/yrvBC6fl4+bbHJX6FPuEp9ZdvP/bVvuexKkYlVshMtBLPSz91BBvO8w3CdkWPlJdgUL9wYxbbqMv6Tl74btkiCfR6u7xD1vM1zCQyEJS69cdgBeNeXIb6vDsM3FFTFVsFaznIpcZ/LTujk8DmsrrtUeJtGTp69ZWigjXerD85jJ14CA0WX9xT9vS0gGBMf6xQC+ez6k8yDXlIjhz1V7dYtTdroLvrRY0OR7EZHaA4udwUSOuOHaEBZLvtSMowddbmN+ZhVgyw7QW68BVU5y5Op94oSz3MR+8En2OgRxYFygZtkkWhcKnBwFe8jbp+fmP5aSQjbC/FgSqYdeNbKlehgHPRHt0tW4qbhBZrWjzER92xSLy0zSACGugLJ3A4L/hIhTHoigMpSml9yK9RUiv8SaKzf3CLW2A5mEPnFMF9PGN/Z53cVFOK9D5FBmz4LLfPzQwXw3bgcmNrb48xLX8vdbnagfhuPfmhKeaoRl7BQ81ttt59OixyRnEu2oKah+a239rubkRDb06GKOJvHuegGGmhE2WR9Njnb4vUlQpWqza5N55L09QTlr4icObknqmQrPYRQeiLo+wwojDsSCrzHw2LdbjuCnu3FyVCtJjce6u9dnMtg== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(356005)(70586007)(336012)(70206006)(8676002)(4326008)(81166007)(83380400001)(426003)(316002)(6966003)(2616005)(82960400001)(8936002)(36860700001)(6666004)(5660300002)(47076005)(40460700003)(2906002)(44832011)(26005)(6266002)(186003)(36756003)(508600001)(82310400004)(86362001)(107886003)(1076003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:57:59.6406 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: de1240b8-aace-4a19-bfaa-08d9f86f36f9 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: MR2FRA01FT011.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MR2P264MB0899 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Enable the support of stage pre-load in bootm. For the moment, this stage allow to verify the signature of the full image with a header. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- configs/sandbox_defconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 7ebeb89264..46bf18bc98 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -27,6 +27,8 @@ CONFIG_AUTOBOOT_SHA256_FALLBACK=y CONFIG_AUTOBOOT_NEVER_TIMEOUT=y CONFIG_AUTOBOOT_STOP_STR_ENABLE=y CONFIG_AUTOBOOT_STOP_STR_CRYPT="$5$rounds=640000$HrpE65IkB8CM5nCL$BKT3QdF98Bo8fJpTr9tjZLZQyzqPASBY20xuK5Rent9" +CONFIG_IMAGE_PRE_LOAD=y +CONFIG_IMAGE_PRE_LOAD_SIG=y CONFIG_CONSOLE_RECORD=y CONFIG_CONSOLE_RECORD_OUT_SIZE=0x1000 CONFIG_PRE_CONSOLE_BUFFER=y @@ -37,6 +39,7 @@ CONFIG_STACKPROTECTOR=y CONFIG_ANDROID_AB=y CONFIG_CMD_CPU=y CONFIG_CMD_LICENSE=y +CONFIG_CMD_BOOTM_PRE_LOAD=y CONFIG_CMD_BOOTZ=y CONFIG_CMD_BOOTEFI_HELLO=y CONFIG_CMD_ABOOTIMG=y From patchwork Fri Feb 25 14:57:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1597740 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=SR+EkLRB; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tJ25G72z9sG0 for ; Sat, 26 Feb 2022 02:00:50 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A866583D01; Fri, 25 Feb 2022 15:59:37 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="SR+EkLRB"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id B13C383CF0; Fri, 25 Feb 2022 15:58:25 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0606.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::606]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id EF6AD83C81 for ; Fri, 25 Feb 2022 15:58:01 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VCdD7PZznZGvRXobGCZDL6zZO7hdJIVQMwQiQIHsxTAa8t07U49UoKewuelBvzOxxFivPzT8NHJto99ALsBflwi9G6sAtOlr6DlWJwN0rVVrfef15U3pX6qZdk9pchHxfEUkjBPzF1dUVC4Ygj9dQ0pVgLpGpStxD+J+t4KmvYwSRujkrFiWbGoK0AMtKOzolltlIHoAsCP4Ga3Y+OJaor5DuYNZI+WnhwmN4mHaWmLs+Kk9quQxqoi2MEij9EgH4Il6Nxh+hAb8TePnI2sUimeVSvDyhpRFpLtKfM82Ruq+6GNi7aLUMtl0Gyg7Er2AqeE2YsD1/SvZvDCrc6DWSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZAgQgOND1moHsgIjcObX91onJFuc8kAVB+qn3/rLuQ8=; b=jmXHa2ycHv7aDrP/isOOz0bPtqYly7cVk4S+7EjiYNOAxFUIEwu7e657o7O2BIBgOmLmZGp9ODwJnrNjIgc+iXoXJIAUVKoehZcX6qTOes6qFLop1kk946CIJr55gUL52mbalkWmUqm6FCTLgRLY17IyZYzd7qPfkGelKpXLKnQnDGNEoV1Jtr8rB+VqSssRMN2HLTh/qzvfJTYoWQjwnRyXiV8azFYBrj4MJfiE56mCtShcwjdA5Oqm+rvz4RIVxcRHUWfF5y2nUM6hneupHutWy6hjkMWQR/L2oi6/H5zKseOT6MqydqzUhBPpqEExqYWM/FEG7ytVeaXcQkeSqw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZAgQgOND1moHsgIjcObX91onJFuc8kAVB+qn3/rLuQ8=; b=SR+EkLRB5Cl5MPBol35aGoLJSpm39VYyYztbiVpeMLI2xPvk2V3qSf1Zdbd78Sqyq1xMtBdI4KnHN9AFjsgexJzvfc8K1oosTE1g1zlhNASOrkyJ20pfEWvFcO5JpdsRLgd8BYuMiSILHjhg/m5pJ51geihjgTUAoC3tkinf8DujsHocqOOz1s7ffyRkob3geigIlEXrVHQSWa6X73GpphWpatKc6A7DIQOYi79SRHJA0AuSvxb+YfKfhLF8NVbBY6AEnrpN1c+uIyILveEVmTS7fKvAuMR2yKnXhxTnYxFm3NV2K6p9o7fRikPE/dMYVkzDNw+FvwUN41iCLdTegg== Received: from PR0P264CA0223.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:1e::19) by MR2P264MB0465.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:10::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.24; Fri, 25 Feb 2022 14:57:59 +0000 Received: from PR2FRA01FT005.eop-fra01.prod.protection.outlook.com (2603:10a6:100:1e:cafe::37) by PR0P264CA0223.outlook.office365.com (2603:10a6:100:1e::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.21 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT005.mail.protection.outlook.com (10.152.48.98) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id 79F9720042; Fri, 25 Feb 2022 15:57:59 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v6 14/16] test: py: vboot: add test for global image signature Date: Fri, 25 Feb 2022 15:57:52 +0100 Message-Id: <20220225145754.30217-15-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 3e1a7a98-c3d6-42dd-5df4-08d9f86f36f8 X-MS-TrafficTypeDiagnostic: MR2P264MB0465:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: WrGJse4lahUfX55yhCfJUnp0CopGLRkx2arqaOBQmslVEMsmoWqQbewadDlEXLUU6FwBUu+4/5fxCdOZJNvmyvLVf27vsfZLC16y0WjjpUXrKuLxMwWnr34Jp0F315wHY5m0/PZ/fzS8D8T7VEKehqsWxaMZyquMhwr1/ygqWyxUJqkjDCV4N3EmhpJ34/GW6FwscXefCH8PK0vvPDlSZfcCnQzfrHpyRMgkysR4LF/M0QiV/aMIZLOdU5ZmF8lbWO/7s9FOMNR4LNqlSRVflA35u7pu5xOQM6x9PazN2mwjCy46/dLCCeVgqhpi/qHu1M29nCFaylG9z3bVs6M4dB9DyXFQgc2rkcAOmxpZLnQg/IYQTuw8WY/T2W3jpRD2bkWDVcstJyXf7e/TcVb6HNhY1ck/IvA/BYehtrxmVoOBhW7yf1kikA8Zv83ccuYZ+xLIkiW1oF/rP0xsUVbiR8fCKj9tPwlMCbaBH5JgOHCJHh+DNevPcHBCeqQO7FI9hk05fkcrcpdQzvB0K5xTxIPW1sSycCaeXn7Q+bW0Gaf1iRBXgZEWDtyOlL5lr4d6k8xBPivNOIyJDSECQ3qftLBEcL/F42Ci/6JrKvgVrcY/Lv85Bx6CYdG7Zy5l4d+5TZA2uu2x/fFl0NHJbKS5GuYlQUI8m+YeR62s4zc3ub9wWXV/SDwoMi9oBuhiOYwuAgVq2D7LKBKvcWm55GEMdg== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(508600001)(5660300002)(1076003)(2616005)(44832011)(26005)(107886003)(6966003)(8936002)(186003)(82310400004)(6666004)(336012)(6266002)(426003)(8676002)(4326008)(70586007)(30864003)(70206006)(316002)(2906002)(36756003)(81166007)(356005)(82960400001)(40460700003)(36860700001)(83380400001)(47076005)(86362001)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:57:59.6472 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3e1a7a98-c3d6-42dd-5df4-08d9f86f36f8 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT005.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MR2P264MB0465 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Adds test units for the pre-load header signature. Signed-off-by: Philippe Reynes --- test/py/tests/test_vboot.py | 125 +++++++++++++++--- test/py/tests/vboot/sandbox-binman-pss.dts | 25 ++++ test/py/tests/vboot/sandbox-binman.dts | 24 ++++ .../tests/vboot/sandbox-u-boot-global-pss.dts | 28 ++++ test/py/tests/vboot/sandbox-u-boot-global.dts | 27 ++++ test/py/tests/vboot/simple-images.its | 36 +++++ 6 files changed, 249 insertions(+), 16 deletions(-) create mode 100644 test/py/tests/vboot/sandbox-binman-pss.dts create mode 100644 test/py/tests/vboot/sandbox-binman.dts create mode 100644 test/py/tests/vboot/sandbox-u-boot-global-pss.dts create mode 100644 test/py/tests/vboot/sandbox-u-boot-global.dts create mode 100644 test/py/tests/vboot/simple-images.its diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py index ac8ed9f114..a4a2bb2955 100644 --- a/test/py/tests/test_vboot.py +++ b/test/py/tests/test_vboot.py @@ -35,19 +35,21 @@ import vboot_evil # Only run the full suite on a few combinations, since it doesn't add any more # test coverage. TESTDATA = [ - ['sha1-basic', 'sha1', '', None, False, True, False], - ['sha1-pad', 'sha1', '', '-E -p 0x10000', False, False, False], - ['sha1-pss', 'sha1', '-pss', None, False, False, False], - ['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x10000', False, False, False], - ['sha256-basic', 'sha256', '', None, False, False, False], - ['sha256-pad', 'sha256', '', '-E -p 0x10000', False, False, False], - ['sha256-pss', 'sha256', '-pss', None, False, False, False], - ['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x10000', False, False, False], - ['sha256-pss-required', 'sha256', '-pss', None, True, False, False], - ['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x10000', True, True, False], - ['sha384-basic', 'sha384', '', None, False, False, False], - ['sha384-pad', 'sha384', '', '-E -p 0x10000', False, False, False], - ['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', False, False, True], + ['sha1-basic', 'sha1', '', None, False, True, False, False], + ['sha1-pad', 'sha1', '', '-E -p 0x10000', False, False, False, False], + ['sha1-pss', 'sha1', '-pss', None, False, False, False, False], + ['sha1-pss-pad', 'sha1', '-pss', '-E -p 0x10000', False, False, False, False], + ['sha256-basic', 'sha256', '', None, False, False, False, False], + ['sha256-pad', 'sha256', '', '-E -p 0x10000', False, False, False, False], + ['sha256-pss', 'sha256', '-pss', None, False, False, False, False], + ['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x10000', False, False, False, False], + ['sha256-pss-required', 'sha256', '-pss', None, True, False, False, False], + ['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x10000', True, True, False, False], + ['sha384-basic', 'sha384', '', None, False, False, False, False], + ['sha384-pad', 'sha384', '', '-E -p 0x10000', False, False, False, False], + ['algo-arg', 'algo-arg', '', '-o sha256,rsa2048', False, False, True, False], + ['sha256-global-sign', 'sha256', '', '', False, False, False, True], + ['sha256-global-sign-pss', 'sha256', '-pss', '', False, False, False, True], ] @pytest.mark.boardspec('sandbox') @@ -56,10 +58,10 @@ TESTDATA = [ @pytest.mark.requiredtool('fdtget') @pytest.mark.requiredtool('fdtput') @pytest.mark.requiredtool('openssl') -@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test,algo_arg", +@pytest.mark.parametrize("name,sha_algo,padding,sign_options,required,full_test,algo_arg,global_sign", TESTDATA) def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, - full_test, algo_arg): + full_test, algo_arg, global_sign): """Test verified boot signing with mkimage and verification with 'bootm'. This works using sandbox only as it needs to update the device tree used @@ -81,6 +83,29 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, util.run_and_log(cons, 'dtc %s %s%s -O dtb ' '-o %s%s' % (dtc_args, datadir, dts, tmpdir, dtb)) + def dtc_options(dts, options): + """Run the device tree compiler to compile a .dts file + + The output file will be the same as the input file but with a .dtb + extension. + + Args: + dts: Device tree file to compile. + options: Options provided to the compiler. + """ + dtb = dts.replace('.dts', '.dtb') + util.run_and_log(cons, 'dtc %s %s%s -O dtb ' + '-o %s%s %s' % (dtc_args, datadir, dts, tmpdir, dtb, options)) + + def run_binman(dtb): + """Run binman to build an image + + Args: + dtb: Device tree file used as input file. + """ + util.run_and_log(cons, [binman, 'build', '-d', "%s/%s" % (tmpdir,dtb), + '-a', "key-path=%s" % tmpdir, '-O', tmpdir, '-I', tmpdir]) + def run_bootm(sha_algo, test_type, expect_string, boots, fit=None): """Run a 'bootm' command U-Boot. @@ -139,6 +164,23 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, cons.log.action('%s: Sign images' % sha_algo) util.run_and_log(cons, args) + def sign_fit_dtb(sha_algo, options, dtb): + """Sign the FIT + + Signs the FIT and writes the signature into it. It also writes the + public key into the dtb. + + Args: + sha_algo: Either 'sha1' or 'sha256', to select the algorithm to + use. + options: Options to provide to mkimage. + """ + args = [mkimage, '-F', '-k', tmpdir, '-K', dtb, '-r', fit] + if options: + args += options.split(' ') + cons.log.action('%s: Sign images' % sha_algo) + util.run_and_log(cons, args) + def sign_fit_norequire(sha_algo, options): """Sign the FIT @@ -176,6 +218,11 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, handle.write(struct.pack(">I", size)) return struct.unpack(">I", total_size)[0] + def corrupt_file(fit,offset,value): + with open(fit, 'r+b') as handle: + handle.seek(offset) + handle.write(struct.pack(">I", value)) + def create_rsa_pair(name): """Generate a new RSA key paid and certificate @@ -374,6 +421,49 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, (dtb)) run_bootm(sha_algo, 'multi required key', '', False) + def test_global_sign(sha_algo, padding, sign_options): + """Test global image signature with the given hash algorithm and padding. + + Args: + sha_algo: Either 'sha1' or 'sha256', to select the algorithm to use + padding: Either '' or '-pss', to select the padding to use for the + rsa signature algorithm. + """ + + dtb = '%ssandbox-u-boot-global%s.dtb' % (tmpdir, padding) + cons.config.dtb = dtb + + # Compile our device tree files for kernel and U-Boot. These are + # regenerated here since mkimage will modify them (by adding a + # public key) below. + dtc('sandbox-kernel.dts') + dtc_options('sandbox-u-boot-global%s.dts' % padding, '-p 1024') + + # Build the FIT with dev key (keys NOT required). This adds the + # signature into sandbox-u-boot.dtb, NOT marked 'required'. + make_fit('simple-images.its') + sign_fit_dtb(sha_algo, '', dtb) + + # Build the dtb for binman that define the pre-load header + # with the global sigature. + dtc('sandbox-binman%s.dts' % padding) + + # Run binman to create the final image with the not signed fit + # and the pre-load header that contains the global signature. + run_binman('sandbox-binman%s.dtb' % padding) + + # Check that the signature is correctly verified by u-boot + run_bootm(sha_algo, 'global image signature', 'signature check has succeed', True, "%ssandbox.img" % tmpdir) + + # Corrupt the image (just one byte after the pre-load header) + corrupt_file("%ssandbox.img" % tmpdir, 4096, 255); + + # Check that the signature verification fails + run_bootm(sha_algo, 'global image signature', 'signature check has failed', False, "%ssandbox.img" % tmpdir) + + # Check that the boot fails if the global signature is not provided + run_bootm(sha_algo, 'global image signature', 'signature is mandatory', False) + cons = u_boot_console tmpdir = os.path.join(cons.config.result_dir, name) + '/' if not os.path.exists(tmpdir): @@ -381,6 +471,7 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, datadir = cons.config.source_dir + '/test/py/tests/vboot/' fit = '%stest.fit' % tmpdir mkimage = cons.config.build_dir + '/tools/mkimage' + binman = cons.config.source_dir + '/tools/binman/binman' fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign' dtc_args = '-I dts -O dtb -i %s' % tmpdir dtb = '%ssandbox-u-boot.dtb' % tmpdir @@ -403,7 +494,9 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required, # afterwards. old_dtb = cons.config.dtb cons.config.dtb = dtb - if required: + if global_sign: + test_global_sign(sha_algo, padding, sign_options) + elif required: test_required_key(sha_algo, padding, sign_options) else: test_with_algo(sha_algo, padding, sign_options) diff --git a/test/py/tests/vboot/sandbox-binman-pss.dts b/test/py/tests/vboot/sandbox-binman-pss.dts new file mode 100644 index 0000000000..56e3a42fa6 --- /dev/null +++ b/test/py/tests/vboot/sandbox-binman-pss.dts @@ -0,0 +1,25 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + filename = "sandbox.img"; + + pre-load { + content = <&image>; + algo-name = "sha256,rsa2048"; + padding-name = "pss"; + key-name = "dev.key"; + header-size = <4096>; + version = <1>; + }; + + image: blob-ext { + filename = "test.fit"; + }; + }; +}; diff --git a/test/py/tests/vboot/sandbox-binman.dts b/test/py/tests/vboot/sandbox-binman.dts new file mode 100644 index 0000000000..b24aeba0fa --- /dev/null +++ b/test/py/tests/vboot/sandbox-binman.dts @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + filename = "sandbox.img"; + + pre-load { + content = <&image>; + algo-name = "sha256,rsa2048"; + key-name = "dev.key"; + header-size = <4096>; + version = <1>; + }; + + image: blob-ext { + filename = "test.fit"; + }; + }; +}; diff --git a/test/py/tests/vboot/sandbox-u-boot-global-pss.dts b/test/py/tests/vboot/sandbox-u-boot-global-pss.dts new file mode 100644 index 0000000000..c59a68221b --- /dev/null +++ b/test/py/tests/vboot/sandbox-u-boot-global-pss.dts @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + model = "Sandbox Verified Boot Test"; + compatible = "sandbox"; + + binman { + }; + + reset@0 { + compatible = "sandbox,reset"; + }; + + image { + pre-load { + sig { + algo-name = "sha256,rsa2048"; + padding-name = "pss"; + signature-size = <256>; + mandatory = "yes"; + + key-name = "dev"; + }; + }; + }; +}; diff --git a/test/py/tests/vboot/sandbox-u-boot-global.dts b/test/py/tests/vboot/sandbox-u-boot-global.dts new file mode 100644 index 0000000000..1409f9e1a1 --- /dev/null +++ b/test/py/tests/vboot/sandbox-u-boot-global.dts @@ -0,0 +1,27 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + model = "Sandbox Verified Boot Test"; + compatible = "sandbox"; + + binman { + }; + + reset@0 { + compatible = "sandbox,reset"; + }; + + image { + pre-load { + sig { + algo-name = "sha256,rsa2048"; + signature-size = <256>; + mandatory = "yes"; + + key-name = "dev"; + }; + }; + }; +}; diff --git a/test/py/tests/vboot/simple-images.its b/test/py/tests/vboot/simple-images.its new file mode 100644 index 0000000000..f62786456b --- /dev/null +++ b/test/py/tests/vboot/simple-images.its @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + }; + fdt-1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + }; + }; + configurations { + default = "conf-1"; + conf-1 { + kernel = "kernel"; + fdt = "fdt-1"; + }; + }; +}; From patchwork Fri Feb 25 14:57:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1597739 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=dyytXXUA; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tHn0hSfz9sFs for ; Sat, 26 Feb 2022 02:00:37 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 7870883CF3; Fri, 25 Feb 2022 15:59:35 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="dyytXXUA"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id DC52483C55; Fri, 25 Feb 2022 15:58:19 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-PR2-obe.outbound.protection.outlook.com (mail-pr2fra01on0623.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e18::623]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3371B83C55 for ; Fri, 25 Feb 2022 15:58:01 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G29UVTFfHYwF2pT4N2fCRo2tgDQCXKsdrQFKorNloKiXkQlnCP0vmigkf9VRCgwaYaOx6iNU8a4p5WGvsuaJSwLsPjTfC/DPvkMsbkfNKJol1N7SQGpuuKsPezGFwmUo+R7LFcndtzl8iVnjFdapJFZG47c/o87KFiy0XHd1IYAWgl1Y5kFcc8f2Yqhi8Q3er25cB3Utr14iswmKFGfqej0M3/wUwDYV4YRpr43Z7RvYpjfPG2p1W0sPiOp+CbtQ5Xv1LryD4gvxfjBYuG/uQhIDAVK9txBO26LJJg0w2mBpA3w4GBydyCE0zf+omppBJBMmWQ924MZfYiS4OClRFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=px6x9OCM03yjhg5xzmpcfBwg10D+CEqOZb7O/IK88ZQ=; b=eZoSwCHW4axMYrWGPWOulT6U9zlJ8ABmrXuNa1AEfUArk8pM1OspbNdqsWO6ZXRPxL4NtWlwKkH5LlADqs/h4uzMT9vQmySSGyh9ougsOZ0d2luTP6ICgx+pz+n1cy1JYfBpHQSA0FrTHduQXPlo05RLAUoJVFx/Uca3W7XkWwvXA3VpHWnG5f41aHd6z0QJFo6eFUaXLdodJUoJ5/0JI+sA8NZ/kxscHw5nnlcbg6aB+m3luts/BOwqwnl0rqinilBax7/Q7uPqxOG+kPJh824zLuq2Ae2BG23BOJ8QGqQFVz0GA4oZeAFbDea3x+yr4JMbdez3sIvs+9azSv7iZQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=px6x9OCM03yjhg5xzmpcfBwg10D+CEqOZb7O/IK88ZQ=; b=dyytXXUAobMdlviZEOzZQXGyWR6B523r9fdQ/sGat7jzhhKhF28dFAwO77l12xAm1zUVJfHouyFqCpacccJ6lmC/X95NZJjoaZWH5MIFSKNYxgfP3SP3rPdYIrR84Yzwp7krJuxPPrWcR1e1O2gQA+li7nURSl4TYE4BVje+/NEJYFH+AvDRhFvAwx+ygLcpts3CMibFteTQcq36zGaC+8VGl75EbaKNsVivo1Q/jEYOtmGD/0BJ4ikHZGU9VuonGRV2uQko+tD0S/hbsGRAeSA4CQz7vGsKYEnM35YRDOt+HxpzBjSYjLZkSZJHoCLSLQqewXh72IJ5ds3CySDlSQ== Received: from PR0P264CA0228.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:1e::24) by PR1P264MB3712.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:142::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22; Fri, 25 Feb 2022 14:58:00 +0000 Received: from PR2FRA01FT007.eop-fra01.prod.protection.outlook.com (2603:10a6:100:1e::4) by PR0P264CA0228.outlook.office365.com (2603:10a6:100:1e::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT007.mail.protection.outlook.com (10.152.48.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:59 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id 97DDF1FF30; Fri, 25 Feb 2022 15:57:59 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v6 15/16] cmd: verify: initial import Date: Fri, 25 Feb 2022 15:57:53 +0100 Message-Id: <20220225145754.30217-16-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: b4e50cad-69bb-44d3-0898-08d9f86f3712 X-MS-TrafficTypeDiagnostic: PR1P264MB3712:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 97yuAp3rs4ari4oUKMOk8RZ1ZdCBeMSmp51WZdF6rTn59BLLvq+eMYwDFBv0CYGaC7oMQUSETpxH8aMFb0lqDxeo6bA8VRpKwdllV+CWiAnDhjuMInHfDnfzPCLDRAPJc9peoBlGYEJSpdmTz5NDNzO7dKzfcaVLRsOzZB3jgYE/9ImPDzcXY0UwS4U5h8z0X3EwIgIfRyTFn3SVMkis8J8neg1Fd9BUaVMikVPzrbdZb//SLIYgMgBDI2+s2Z2+vkITNhQEzzhj+xyvaqeVnjJaF5AGAN7v+EJtsRJGDC2fU8D4J8+Vv8VtJTmAJQsEDblPoy4bDUf3A6mzpuebqrs/wpzoOtjn5RIITyOwmtOzWKRI9VCkXaVse3a9mLygmSXlP1EWGTS1aRxFrRhngWV4HoEC34BooxiOv+8U3HOhWd5Y6JhvKFI7sepqnTqeCu3UkA3mG+9Wq6BT7sE/SbAdzoQYTHeGpVpkDnSZXLOvDl5C828G9/I/lj+T7bc71bbWCyByeLfsfzrp5F6AtYlQSwH6x0FKy1f5cMh0dpheqZmreTDAiRnKYpa/jTRCqBWL6iWhWLOvQux03shcjF6R/zlqwFUIBF4fl5NNdLx8CP+rl2es9v3USjUr6RLg15WKiu+IOOMVf4OSWs/8lQrMzW+Muq7ARE5otXtits6biMXbmErfIyMtZ0nhkKmTqc4duAMJ32s7Bdl5CmjGJg== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(82960400001)(426003)(1076003)(6266002)(336012)(107886003)(70206006)(82310400004)(4326008)(26005)(2906002)(2616005)(6966003)(186003)(316002)(86362001)(47076005)(36860700001)(70586007)(8676002)(81166007)(83380400001)(8936002)(44832011)(40460700003)(15650500001)(508600001)(356005)(5660300002)(36756003)(6666004)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:57:59.8153 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b4e50cad-69bb-44d3-0898-08d9f86f3712 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT007.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR1P264MB3712 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Add the command verify that check the signature of an image with the pre-load header. If the check succeed, the u-boot env variable 'loadaddr_verified' is set to the address of the image (without the header). It allows to run such commands: tftp script.img && verify $loadaddr && source $loadaddr_verified Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- cmd/Kconfig | 7 +++++++ cmd/Makefile | 1 + cmd/verify.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+) create mode 100644 cmd/verify.c diff --git a/cmd/Kconfig b/cmd/Kconfig index 87aa3fb11a..0460d5c3a0 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -428,6 +428,13 @@ config CMD_THOR_DOWNLOAD There is no documentation about this within the U-Boot source code but you should be able to find something on the interwebs. +config CMD_VERIFY + bool "verify the global signature" + depends on CMD_BOOTM_PRE_LOAD + help + Verify the signature provided in a pre-load header of + a full image. + config CMD_ZBOOT bool "zboot - x86 boot command" help diff --git a/cmd/Makefile b/cmd/Makefile index 166c652d98..80e054e806 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -177,6 +177,7 @@ obj-$(CONFIG_CMD_THOR_DOWNLOAD) += thordown.o obj-$(CONFIG_CMD_XIMG) += ximg.o obj-$(CONFIG_CMD_YAFFS2) += yaffs2.o obj-$(CONFIG_CMD_SPL) += spl.o +obj-$(CONFIG_CMD_VERIFY) += verify.o obj-$(CONFIG_CMD_W1) += w1.o obj-$(CONFIG_CMD_ZIP) += zip.o obj-$(CONFIG_CMD_ZFS) += zfs.o diff --git a/cmd/verify.c b/cmd/verify.c new file mode 100644 index 0000000000..4d055e0790 --- /dev/null +++ b/cmd/verify.c @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (C) 2022 Philippe Reynes + */ + +#include +#include +#include +#include + +static ulong verify_get_addr(int argc, char *const argv[]) +{ + ulong addr; + + if (argc > 0) + addr = simple_strtoul(argv[0], NULL, 16); + else + addr = image_load_addr; + + return addr; +} + +static int do_verify(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + ulong addr = verify_get_addr(argc, argv); + int ret = 0; + + argc--; argv++; + + addr = verify_get_addr(argc, argv); + + if (CONFIG_IS_ENABLED(CMD_BOOTM_PRE_LOAD)) { + ret = image_pre_load(addr); + + if (ret) { + ret = CMD_RET_FAILURE; + goto out; + } + + env_set_hex("loadaddr_verified", addr + image_load_offset); + } + + out: + return ret; +} + +U_BOOT_CMD(verify, 2, 1, do_verify, + "verify the global signature provided in the pre-load header,\n" + "\tif the check succeed, the u-boot env variable loadaddr_verified\n" + "\tis set to the address of the image (without the header)", + "" +); From patchwork Fri Feb 25 14:57:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1597743 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=naPSaO3r; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tJp2BFLz9sG0 for ; Sat, 26 Feb 2022 02:01:30 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id D766983D17; Fri, 25 Feb 2022 15:59:58 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="naPSaO3r"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 626B283CB1; Fri, 25 Feb 2022 15:58:19 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-PR2-obe.outbound.protection.outlook.com (mail-pr2fra01on0600.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e18::600]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 65AE083C58 for ; Fri, 25 Feb 2022 15:58:01 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ezmcWFACIRDwJFbDEW+dKixOnGSElq11SSDFjdK0ZFVd/txEGlnsZRL9Ytg+5I031684qaS6e2y/Q6YZJcyhQxDLILLKxUq3ISpqZr6WkLV2Z7GBRqqP5CMiMXaKUIn3sfO3l1xafH6C6lRzDx2Co95hoCC1NxX/NUuZMB6olATR1GSGrDys3N2NhqHPxLM5Go961QDn6nZx8S3xeCa3Yu0XwttFEzIN7dXUwj+6kATLmNl1+VgcmwCOHABaUFTUOMYJJMkqJKvxgLK4GR+6JAQESo3ao/c4Hw4w0EvlJBxOh6iIgA5kZion4cn076JoGdXjCCXukDxKinjHCYtmKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sdHSLpgK0tfOxno8VCHPJg57eA9urp35bf8BRZA22LA=; b=E8jcJeCTf3wynzOF45UZl8TPsHtTO811qZFZZbyu38C/aev8jAHzXaN/kMDZ1xg2XLWrQobgI+y8PkDD48ri7TZi/6x00EFg22YTkb4WWQnExSHMfF66FoJF2aoBOQGvjCI4QtbjxivczEK2yA0q8kftvULjHVZaU222KTheAlWliN0/bsaVzgJw0UBFZSB8uoI7xkg9IviU9mjexFiBAJMhaOmkgitIAXPhTKQ7jxjB6RfZEY+flE2QoXAjzfs+Woa54BVpWXZ/OeAzSlYWChZAodZ6ZzlPLF8FUt29URYykKXFsVgUTxcGdPIidJi38+9e0qsdovnG0s4ds0Q4Wg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sdHSLpgK0tfOxno8VCHPJg57eA9urp35bf8BRZA22LA=; b=naPSaO3r3qmXeBbMfjblENUDS5DDpfPIQoeSSOZlrcE0zjtnZtPpELhRGKLveZdQhIjW3QhaqwX4cj648/k6bGHl2ND/vgA8dXJucal9b+vK7N0JePsPtZ7mbSkW57YzBoWdXcQXDpFO67NomORVdw8WwPoCq/jyC5hpXDGV5e0EGVv+k1ds5U53QdTIulAjTOUOWzYmrCUgIk8Fn1q3YKDdSYwgUUAnWnSY9xAcu5RAi+oj5p1soPwwCYECeujWGcGUoUbaopNsU89fG1N4KEOr+SRn4wZN0693l26bc5s27c/CsHnCCB5ujcR7/fwSUk3dHtE6m85HEH1IIRHP2Q== Received: from PR0P264CA0213.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:1f::33) by MRZP264MB2184.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:9::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.24; Fri, 25 Feb 2022 14:58:00 +0000 Received: from PR2FRA01FT001.eop-fra01.prod.protection.outlook.com (2603:10a6:100:1f:cafe::ec) by PR0P264CA0213.outlook.office365.com (2603:10a6:100:1f::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.23 via Frontend Transport; Fri, 25 Feb 2022 14:58:00 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT001.mail.protection.outlook.com (10.152.48.94) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:58:00 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id B4F9E20037; Fri, 25 Feb 2022 15:57:59 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v6 16/16] configs: sandbox_defconfig: enable config CMD_VERIFY Date: Fri, 25 Feb 2022 15:57:54 +0100 Message-Id: <20220225145754.30217-17-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 5578d331-dd65-4da4-0d78-08d9f86f372f X-MS-TrafficTypeDiagnostic: MRZP264MB2184:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: w6mtaqrWurK1kz5DLXQzQ9yC55ILghkAvnIFBt4RU03OOZt9AKIHLvelLeayfboCrxXgzgDu/Cf3Qo/zmIDvgOdPD5On87WSMFfL/UGDLSVPB7Q7LCUC2azYUyGzp99X5lvRieZgNaXfLe8J4fIV9CuHUUH07iIY8vfj5tluLUSPy3EJThu7UKw2zNbtPeDnx5QLOLLlMqMEotziGGEUqrwMFkFX+RaCJt/7E85uzvTNpyx0+YpUD0l9kTlmwL50oVDHE0fmTY110/D7u+A9woXQlwFWeiW2PsRNhJvSuAAaC3IaUw4hHDSG34nK7gEUkMdyXBCaqf+iCDb85OQzwBxXEqtTRl0L92V+ZOML6rC6eM8D0ypsWAISlxh6GcyRxYHq/bcYIptUutkpeRNX1tZNwO6MxJ7hFFMAjzG9AQ+4wXAaX+U2unUmJpnoln7wDGcSouSWv6ouEYgZyiSiIO3dImI4zhY8ivjywsqs4Y+Q/+QH0cMnujdYMAQUaf1YkzXfYn0n20t14E2ewCSZdX/UyPFGbb2+DdU8vAKTgqad0GhWTGTlNxEWQirp4Y/ni1RXbhN3jqcpWPHsI04JNvK7Mx0vQO/8KYfGrt1ESxyndb+f4eAYkv7iOYkRBipNvLZYQPFRbLPFqepJTYGttJTcu1SRYxJKE+BunC8y6HSeAWl4WyTn7J8l3PVKc9IuSRaW3gOngp0mftWOWIYVoQ== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(4326008)(70206006)(82310400004)(70586007)(1076003)(8676002)(44832011)(40460700003)(336012)(426003)(8936002)(6266002)(4744005)(5660300002)(6666004)(83380400001)(86362001)(107886003)(47076005)(316002)(26005)(81166007)(2616005)(508600001)(6966003)(82960400001)(2906002)(36860700001)(186003)(356005)(36756003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:58:00.0055 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5578d331-dd65-4da4-0d78-08d9f86f372f X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT001.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MRZP264MB2184 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Enable the command verify on sandbox. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- configs/sandbox_defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 46bf18bc98..a56aa92f94 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -44,6 +44,7 @@ CONFIG_CMD_BOOTZ=y CONFIG_CMD_BOOTEFI_HELLO=y CONFIG_CMD_ABOOTIMG=y # CONFIG_CMD_ELF is not set +CONFIG_CMD_VERIFY=y CONFIG_CMD_ASKENV=y CONFIG_CMD_GREPENV=y CONFIG_CMD_ERASEENV=y