From patchwork Thu Nov 1 03:45:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 991801 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42lrhz5Dn4z9sPl for ; Thu, 1 Nov 2018 14:46:11 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="OVH70YlG"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="u0QmDKjf"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 42lrhz3d11zF3M2 for ; Thu, 1 Nov 2018 14:46:11 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="OVH70YlG"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="u0QmDKjf"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.27; helo=out3-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="OVH70YlG"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="u0QmDKjf"; dkim-atps=neutral Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 42lrhj1P2KzF3HY for ; Thu, 1 Nov 2018 14:45:56 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id E6D472244C; Wed, 31 Oct 2018 23:45:50 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Wed, 31 Oct 2018 23:45:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :mime-version:content-transfer-encoding; s=fm1; bh=5tHnLqcqNythl E/6YAFExPCroezY1P+cmeQxj77debI=; b=OVH70YlGVkguVBvilOElP+0oXXHFb pGjbsRWsmlFOgLx86cqEXLXJeHYrH2MlEKPV+8B4Q5rUUyYnOGMazWKFm3+JC1/J 0EZzJRp7Tjc4owckVlH93iIsm5XyHGhSR9MBgN5BCf0T6AHYTK8BL3FwfVIo3OHV jaG7uk+DyKYBx2A34OgSnvVyvwR6PC+INk0uVStFRuf/RsW6FAmUoNApOulIuvk1 Wklyvth3jaXM1AJz+zshXMHINItR4hfsEr3Ih/w5eKH3DKMAbduhA4fNNK1THeYt w00uxX5GRLbmQo2BsBQJZGWWvddIXDZ1OaSIqsA0pAk+HR5KsOQIxXhkg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=5tHnLqcqNythlE/6Y AFExPCroezY1P+cmeQxj77debI=; b=u0QmDKjfD0hIvbfHK0rskrVIGlXRs2QHL Rc2Zhv2NbTR0OkMSTR62wANzaMsF0KkrhKMHSPlKpHgan5XYUtfGrOIUVed+6RJu CPVCLWw1Lg27NMAM+HgGoXNvnTm6tl155GadRHne5wtAcU6Jzvd1ZEyXItFarIjX jjSO1XkA4FBZdhS06HrwNBIITmohgvbHDaW6GxyDNPFBjjeMv0xlmp1VoqxTnHfg Mtk2EcFWphMQsAxZx+CI5c2gokrcjhjhwXEpPe14ici3ZWMdD+EbkfYBWbNRWnN2 Rlh+bZn0i+MxqjWj6M1CRczG29xaBN564Pwrr0VtwDZGJzvyGHsTg== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 1F4F8E4624; Wed, 31 Oct 2018 23:45:48 -0400 (EDT) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH] lib/flash: Check if the partition is signed Date: Thu, 1 Nov 2018 14:45:44 +1100 Message-Id: <20181101034544.10194-1-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" In more recent firmware images built by op-build the VERSION partition is signed, and includes a 'secure header'. Check for this and skip it if found so we parse the version strings properly. Signed-off-by: Samuel Mendoza-Jonas --- lib/flash/flash.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/lib/flash/flash.c b/lib/flash/flash.c index b7e5b88b..804d9d2c 100644 --- a/lib/flash/flash.c +++ b/lib/flash/flash.c @@ -31,6 +31,8 @@ #include #include +#define SECURE_BOOT_HEADERS_SIZE 4096 +#define ROM_MAGIC_NUMBER 0x17082011 struct flash_info { /* Device information */ @@ -148,6 +150,16 @@ out: return NULL; } +/* See stb_is_container() in Skiboot */ +static bool is_signed(char *buffer, uint32_t len) +{ + if (!buffer || len <= SECURE_BOOT_HEADERS_SIZE) + return false; + if (be32_to_cpu((uint32_t *)buffer) != ROM_MAGIC_NUMBER) + return false; + return true; +} + int flash_parse_version(void *ctx, char ***versions, bool current) { char *saveptr, *tok, **tmp, *buffer; @@ -182,6 +194,10 @@ int flash_parse_version(void *ctx, char ***versions, bool current) goto out; } + /* Check if this partition is signed */ + if (is_signed(buffer, len)) + buffer += SECURE_BOOT_HEADERS_SIZE; + /* open-power-platform */ tok = strtok_r(buffer, delim, &saveptr); if (tok) {