Message ID | 1540459776-1935-6-git-send-email-philippe.reynes@softathome.com |
---|---|
State | Superseded |
Delegated to: | Tom Rini |
Headers | show |
Series | [U-Boot,V2,1/6] rsa: use new openssl API to create signature | expand |
On 25 October 2018 at 03:29, Philippe Reynes <philippe.reynes@softathome.com> wrote: > The padding pss is now supported for rsa signature. > This add test with padding pss on vboot test. > > Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> > --- > test/py/tests/test_vboot.py | 10 +++--- > test/py/tests/vboot/sign-configs-sha1-pss.its | 46 +++++++++++++++++++++++++ > test/py/tests/vboot/sign-configs-sha256-pss.its | 46 +++++++++++++++++++++++++ > test/py/tests/vboot/sign-images-sha1-pss.its | 44 +++++++++++++++++++++++ > test/py/tests/vboot/sign-images-sha256-pss.its | 44 +++++++++++++++++++++++ > 5 files changed, 186 insertions(+), 4 deletions(-) > create mode 100644 test/py/tests/vboot/sign-configs-sha1-pss.its > create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss.its > create mode 100644 test/py/tests/vboot/sign-images-sha1-pss.its > create mode 100644 test/py/tests/vboot/sign-images-sha256-pss.its > > Changelog: > v2: > - new patch in the serie > - add vboot for pss padding (thanks Simon Glass) Reviewed-by: Simon Glass <sjg@chromium.org>
Hi, I'm not an expert but regarding commit b8790ebeec13c882979dc986947397738d9f38aa I think you should drop the unit-address in its files. " The DT spec demands a unit-address of a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the FIT image example files where this was not observed, to not give bad examples to the reader. " Regards, Clement On Sat, 3 Nov 2018 at 07:08, Simon Glass <sjg@chromium.org> wrote: > > On 25 October 2018 at 03:29, Philippe Reynes > <philippe.reynes@softathome.com> wrote: > > The padding pss is now supported for rsa signature. > > This add test with padding pss on vboot test. > > > > Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> > > --- > > test/py/tests/test_vboot.py | 10 +++--- > > test/py/tests/vboot/sign-configs-sha1-pss.its | 46 +++++++++++++++++++++++++ > > test/py/tests/vboot/sign-configs-sha256-pss.its | 46 +++++++++++++++++++++++++ > > test/py/tests/vboot/sign-images-sha1-pss.its | 44 +++++++++++++++++++++++ > > test/py/tests/vboot/sign-images-sha256-pss.its | 44 +++++++++++++++++++++++ > > 5 files changed, 186 insertions(+), 4 deletions(-) > > create mode 100644 test/py/tests/vboot/sign-configs-sha1-pss.its > > create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss.its > > create mode 100644 test/py/tests/vboot/sign-images-sha1-pss.its > > create mode 100644 test/py/tests/vboot/sign-images-sha256-pss.its > > > > Changelog: > > v2: > > - new patch in the serie > > - add vboot for pss padding (thanks Simon Glass) > > Reviewed-by: Simon Glass <sjg@chromium.org>
Hi Clément, You're right, those its are in an old-format style. I can add a patch in this serie or send a separate patch to clean the style. What solution do you prefer ? Regards, Philippe ----- Mail original ----- De: "Clément Péron" <peron.clem@gmail.com> À: sjg@chromium.org Cc: "philippe reynes" <philippe.reynes@softathome.com>, "michal simek" <michal.simek@xilinx.com>, "joe hershberger" <joe.hershberger@ni.com>, "Marek Vasut" <marex@denx.de>, "yamada masahiro" <yamada.masahiro@socionext.com>, aford173@gmail.com, "woods technical" <woods.technical@gmail.com>, "teddy reed" <teddy.reed@gmail.com>, "jun nie" <jun.nie@linaro.org>, "peng fan" <peng.fan@nxp.com>, "keguang zhang" <keguang.zhang@gmail.com>, "andre przywara" <andre.przywara@arm.com>, "philipp tomsich" <philipp.tomsich@theobroma-systems.com>, "bin chen" <bin.chen@linaro.org>, jsg@jsg.id.au, nomble@palism.com, swarren@nvidia.com, "paul burton" <paul.burton@mips.com>, "alex kiernan" <alex.kiernan@gmail.com>, "u-boot" <u-boot@lists.denx.de> Envoyé: Samedi 3 Novembre 2018 18:11:57 Objet: Re: [PATCH V2 6/6] test: vboot: add padding pss for rsa signature Hi, I'm not an expert but regarding commit b8790ebeec13c882979dc986947397738d9f38aa I think you should drop the unit-address in its files. " The DT spec demands a unit-address of a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the FIT image example files where this was not observed, to not give bad examples to the reader. " Regards, Clement On Sat, 3 Nov 2018 at 07:08, Simon Glass <sjg@chromium.org> wrote: > > On 25 October 2018 at 03:29, Philippe Reynes > <philippe.reynes@softathome.com> wrote: > > The padding pss is now supported for rsa signature. > > This add test with padding pss on vboot test. > > > > Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> > > --- > > test/py/tests/test_vboot.py | 10 +++--- > > test/py/tests/vboot/sign-configs-sha1-pss.its | 46 +++++++++++++++++++++++++ > > test/py/tests/vboot/sign-configs-sha256-pss.its | 46 +++++++++++++++++++++++++ > > test/py/tests/vboot/sign-images-sha1-pss.its | 44 +++++++++++++++++++++++ > > test/py/tests/vboot/sign-images-sha256-pss.its | 44 +++++++++++++++++++++++ > > 5 files changed, 186 insertions(+), 4 deletions(-) > > create mode 100644 test/py/tests/vboot/sign-configs-sha1-pss.its > > create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss.its > > create mode 100644 test/py/tests/vboot/sign-images-sha1-pss.its > > create mode 100644 test/py/tests/vboot/sign-images-sha256-pss.its > > > > Changelog: > > v2: > > - new patch in the serie > > - add vboot for pss padding (thanks Simon Glass) > > Reviewed-by: Simon Glass <sjg@chromium.org>
Hi Philippe, On Mon, 12 Nov 2018 at 18:41, Philippe REYNES <philippe.reynes@softathome.com> wrote: > > Hi Clément, > > You're right, those its are in an old-format style. > I can add a patch in this serie or send a separate > patch to clean the style. > > What solution do you prefer ? I'm not a maintainer but in this case I would have send a V3 if it's not merged or send a separate patch if it's already merged. If you send a V3, don't forget to add the "Reviewed-by" tags. Regards, Clement > > Regards, > Philippe > > > ----- Mail original ----- > De: "Clément Péron" <peron.clem@gmail.com> > À: sjg@chromium.org > Cc: "philippe reynes" <philippe.reynes@softathome.com>, "michal simek" <michal.simek@xilinx.com>, "joe hershberger" <joe.hershberger@ni.com>, "Marek Vasut" <marex@denx.de>, "yamada masahiro" <yamada.masahiro@socionext.com>, aford173@gmail.com, "woods technical" <woods.technical@gmail.com>, "teddy reed" <teddy.reed@gmail.com>, "jun nie" <jun.nie@linaro.org>, "peng fan" <peng.fan@nxp.com>, "keguang zhang" <keguang.zhang@gmail.com>, "andre przywara" <andre.przywara@arm.com>, "philipp tomsich" <philipp.tomsich@theobroma-systems.com>, "bin chen" <bin.chen@linaro.org>, jsg@jsg.id.au, nomble@palism.com, swarren@nvidia.com, "paul burton" <paul.burton@mips.com>, "alex kiernan" <alex.kiernan@gmail.com>, "u-boot" <u-boot@lists.denx.de> > Envoyé: Samedi 3 Novembre 2018 18:11:57 > Objet: Re: [PATCH V2 6/6] test: vboot: add padding pss for rsa signature > > Hi, > > I'm not an expert but regarding commit > b8790ebeec13c882979dc986947397738d9f38aa I think you should drop the > unit-address in its files. > > " The DT spec demands a unit-address of a node name to match the "reg" > property in that node. Newer dtc versions will throw warnings if this is > not the case. > Fix all occurences in the FIT image example files where this was not > observed, to not give bad examples to the reader. > " > > Regards, > Clement > > On Sat, 3 Nov 2018 at 07:08, Simon Glass <sjg@chromium.org> wrote: > > > > On 25 October 2018 at 03:29, Philippe Reynes > > <philippe.reynes@softathome.com> wrote: > > > The padding pss is now supported for rsa signature. > > > This add test with padding pss on vboot test. > > > > > > Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> > > > --- > > > test/py/tests/test_vboot.py | 10 +++--- > > > test/py/tests/vboot/sign-configs-sha1-pss.its | 46 +++++++++++++++++++++++++ > > > test/py/tests/vboot/sign-configs-sha256-pss.its | 46 +++++++++++++++++++++++++ > > > test/py/tests/vboot/sign-images-sha1-pss.its | 44 +++++++++++++++++++++++ > > > test/py/tests/vboot/sign-images-sha256-pss.its | 44 +++++++++++++++++++++++ > > > 5 files changed, 186 insertions(+), 4 deletions(-) > > > create mode 100644 test/py/tests/vboot/sign-configs-sha1-pss.its > > > create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss.its > > > create mode 100644 test/py/tests/vboot/sign-images-sha1-pss.its > > > create mode 100644 test/py/tests/vboot/sign-images-sha256-pss.its > > > > > > Changelog: > > > v2: > > > - new patch in the serie > > > - add vboot for pss padding (thanks Simon Glass) > > > > Reviewed-by: Simon Glass <sjg@chromium.org>
diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py index e9cbd57..f427c69 100644 --- a/test/py/tests/test_vboot.py +++ b/test/py/tests/test_vboot.py @@ -126,7 +126,7 @@ def test_vboot(u_boot_console): handle.write(struct.pack(">I", size)) return struct.unpack(">I", total_size)[0] - def test_with_algo(sha_algo): + def test_with_algo(sha_algo, padding): """Test verified boot with the given hash algorithm. This is the main part of the test code. The same procedure is followed @@ -144,7 +144,7 @@ def test_vboot(u_boot_console): # Build the FIT, but don't sign anything yet cons.log.action('%s: Test FIT with signed images' % sha_algo) - make_fit('sign-images-%s.its' % sha_algo) + make_fit('sign-images-%s%s.its' % (sha_algo , padding)) run_bootm(sha_algo, 'unsigned images', 'dev-', True) # Sign images with our dev keys @@ -226,8 +226,10 @@ def test_vboot(u_boot_console): # afterwards. old_dtb = cons.config.dtb cons.config.dtb = dtb - test_with_algo('sha1') - test_with_algo('sha256') + test_with_algo('sha1','') + test_with_algo('sha1','-pss') + test_with_algo('sha256','') + test_with_algo('sha256','-pss') finally: # Go back to the original U-Boot with the correct dtb. cons.config.dtb = old_dtb diff --git a/test/py/tests/vboot/sign-configs-sha1-pss.its b/test/py/tests/vboot/sign-configs-sha1-pss.its new file mode 100644 index 0000000..3c3ab20 --- /dev/null +++ b/test/py/tests/vboot/sign-configs-sha1-pss.its @@ -0,0 +1,46 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel@1 { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + hash@1 { + algo = "sha1"; + }; + }; + fdt@1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + hash@1 { + algo = "sha1"; + }; + }; + }; + configurations { + default = "conf@1"; + conf@1 { + kernel = "kernel@1"; + fdt = "fdt@1"; + signature@1 { + algo = "sha1,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + sign-images = "fdt", "kernel"; + }; + }; + }; +}; diff --git a/test/py/tests/vboot/sign-configs-sha256-pss.its b/test/py/tests/vboot/sign-configs-sha256-pss.its new file mode 100644 index 0000000..8e33510 --- /dev/null +++ b/test/py/tests/vboot/sign-configs-sha256-pss.its @@ -0,0 +1,46 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel@1 { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + hash@1 { + algo = "sha256"; + }; + }; + fdt@1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + hash@1 { + algo = "sha256"; + }; + }; + }; + configurations { + default = "conf@1"; + conf@1 { + kernel = "kernel@1"; + fdt = "fdt@1"; + signature@1 { + algo = "sha256,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + sign-images = "fdt", "kernel"; + }; + }; + }; +}; diff --git a/test/py/tests/vboot/sign-images-sha1-pss.its b/test/py/tests/vboot/sign-images-sha1-pss.its new file mode 100644 index 0000000..d19c4d7 --- /dev/null +++ b/test/py/tests/vboot/sign-images-sha1-pss.its @@ -0,0 +1,44 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel@1 { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + signature@1 { + algo = "sha1,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + }; + }; + fdt@1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + signature@1 { + algo = "sha1,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + }; + }; + }; + configurations { + default = "conf@1"; + conf@1 { + kernel = "kernel@1"; + fdt = "fdt@1"; + }; + }; +}; diff --git a/test/py/tests/vboot/sign-images-sha256-pss.its b/test/py/tests/vboot/sign-images-sha256-pss.its new file mode 100644 index 0000000..43612f8 --- /dev/null +++ b/test/py/tests/vboot/sign-images-sha256-pss.its @@ -0,0 +1,44 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel@1 { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + signature@1 { + algo = "sha256,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + }; + }; + fdt@1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + signature@1 { + algo = "sha256,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + }; + }; + }; + configurations { + default = "conf@1"; + conf@1 { + kernel = "kernel@1"; + fdt = "fdt@1"; + }; + }; +};
The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> --- test/py/tests/test_vboot.py | 10 +++--- test/py/tests/vboot/sign-configs-sha1-pss.its | 46 +++++++++++++++++++++++++ test/py/tests/vboot/sign-configs-sha256-pss.its | 46 +++++++++++++++++++++++++ test/py/tests/vboot/sign-images-sha1-pss.its | 44 +++++++++++++++++++++++ test/py/tests/vboot/sign-images-sha256-pss.its | 44 +++++++++++++++++++++++ 5 files changed, 186 insertions(+), 4 deletions(-) create mode 100644 test/py/tests/vboot/sign-configs-sha1-pss.its create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss.its create mode 100644 test/py/tests/vboot/sign-images-sha1-pss.its create mode 100644 test/py/tests/vboot/sign-images-sha256-pss.its Changelog: v2: - new patch in the serie - add vboot for pss padding (thanks Simon Glass)