Message ID | 1444441574-17205-3-git-send-email-jimmzhang@nvidia.com |
---|---|
State | Superseded, archived |
Headers | show |
On 10/09/2015 07:46 PM, Jimmy Zhang wrote: > Add support to dump rsa pubkey, bct's rsa-pss signature and > bootloader's rsa-pss signature. > diff --git a/src/bct_dump.c b/src/bct_dump.c > +#define ARSE_RSA_PARAM_MAX_BYTES 256 > typedef union { > u_int32_t val; > u_int8_t uid[16]; > + u_int8_t rsa_param[ARSE_RSA_PARAM_MAX_BYTES]; > } param_types; Shouldn't that be replaced by something that uses the new get_size() functionality now implemented in patch 1? -- To unsubscribe from this list: send the line "unsubscribe linux-tegra" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
> -----Original Message----- > From: Stephen Warren [mailto:swarren@wwwdotorg.org] > Sent: Monday, October 12, 2015 3:51 PM > To: Jimmy Zhang > Cc: Allen Martin; Stephen Warren; linux-tegra@vger.kernel.org > Subject: Re: [cbootimage PATCH v5 2/5] Add support to dump rsa related > fields for t210 > > On 10/09/2015 07:46 PM, Jimmy Zhang wrote: > > Add support to dump rsa pubkey, bct's rsa-pss signature and > > bootloader's rsa-pss signature. > > > diff --git a/src/bct_dump.c b/src/bct_dump.c > > > +#define ARSE_RSA_PARAM_MAX_BYTES 256 > > typedef union { > > u_int32_t val; > > u_int8_t uid[16]; > > + u_int8_t rsa_param[ARSE_RSA_PARAM_MAX_BYTES]; > > } param_types; > > Shouldn't that be replaced by something that uses the new get_size() > functionality now implemented in patch 1? For this data structure, I guess we better stay with a MAX constant. For display functions, ie values[i].format(...) bl_values[j].format(...) There is no id token being passed in. To use get_size(), all format_xxx function prototype need to be redefined (by adding in id token). I can submit a new patch if you agree my observations. -- To unsubscribe from this list: send the line "unsubscribe linux-tegra" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 10/12/2015 06:56 PM, Jimmy Zhang wrote: > > >> -----Original Message----- >> From: Stephen Warren [mailto:swarren@wwwdotorg.org] >> Sent: Monday, October 12, 2015 3:51 PM >> To: Jimmy Zhang >> Cc: Allen Martin; Stephen Warren; linux-tegra@vger.kernel.org >> Subject: Re: [cbootimage PATCH v5 2/5] Add support to dump rsa related >> fields for t210 >> >> On 10/09/2015 07:46 PM, Jimmy Zhang wrote: >>> Add support to dump rsa pubkey, bct's rsa-pss signature and >>> bootloader's rsa-pss signature. >> >>> diff --git a/src/bct_dump.c b/src/bct_dump.c >> >>> +#define ARSE_RSA_PARAM_MAX_BYTES 256 >>> typedef union { >>> u_int32_t val; >>> u_int8_t uid[16]; >>> + u_int8_t rsa_param[ARSE_RSA_PARAM_MAX_BYTES]; >>> } param_types; >> >> Shouldn't that be replaced by something that uses the new get_size() >> functionality now implemented in patch 1? > > For this data structure, I guess we better stay with a MAX constant. > > For display functions, ie > > values[i].format(...) > bl_values[j].format(...) > > There is no id token being passed in. To use get_size(), all format_xxx function prototype need to be redefined (by adding in id token). > > I can submit a new patch if you agree my observations. If we can't pass the size through all the way to make everything fully generic, I'd recommend: a) Name the field and MAX_BYES constant something more generic so it could be re-used for arbitrary fields, e.g. such as: #define PARAM_TYPE_BINARY_DATA_MAX_SIZE 256 u_int8_t binary[PARAM_TYPE_BINARY_DATA_MAX_SIZE] b) When filling in that field, call get_size() at that point in time, and validate that the value is equal to sizeof(binary) or PARAM_TYPE_BINARY_DATA_MAX_SIZE. At least that way we'll have a check that the sizes do actually match. Or, perhaps we can make the field: struct { size_t len; u_int8_t data[PARAM_TYPE_BINARY_DATA_MAX_SIZE]; } binary; ... and hence pass the size around that way? -- To unsubscribe from this list: send the line "unsubscribe linux-tegra" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/src/bct_dump.c b/src/bct_dump.c index be7b85dc72d6..1db7d250dc4f 100644 --- a/src/bct_dump.c +++ b/src/bct_dump.c @@ -30,6 +30,8 @@ cbootimage_soc_config * g_soc_config; static void format_u32_hex8(char const * message, void * data); static void format_u32(char const * message, void * data); static void format_chipuid(char const * message, void * data); +static void format_hex_16_bytes(char const * message, void * data); +static void format_rsa_param(char const * message, void * data); typedef void (*format_function)(char const * message, void * data); @@ -39,9 +41,11 @@ typedef struct { format_function format; } value_data; +#define ARSE_RSA_PARAM_MAX_BYTES 256 typedef union { u_int32_t val; u_int8_t uid[16]; + u_int8_t rsa_param[ARSE_RSA_PARAM_MAX_BYTES]; } param_types; #define MAX_PARAM_SIZE sizeof(param_types) @@ -54,6 +58,9 @@ static value_data const values[] = { { token_odm_data, "OdmData = ", format_u32_hex8 }, { token_secure_jtag_control, "JtagCtrl = ", format_u32_hex8 }, { token_secure_debug_control, "DebugCtrl = ", format_u32_hex8 }, + { token_crypto_hash, "BCT AES Hash = ", format_hex_16_bytes }, + { token_rsa_key_modulus, "RsaKeyModulus = ", format_rsa_param }, + { token_rsa_pss_sig_bct, "RsaPssSigBct = ", format_rsa_param }, { token_unique_chip_id, "ChipUid = ", format_chipuid }, { token_bootloader_used, "# Bootloader used = ", format_u32 }, { token_bootloaders_max, "# Bootloaders max = ", format_u32 }, @@ -72,6 +79,8 @@ static value_data const bl_values[] = { { token_bl_load_addr, "Load address = ", format_u32_hex8 }, { token_bl_entry_point, "Entry point = ", format_u32_hex8 }, { token_bl_attribute, "Attributes = ", format_u32_hex8 }, + { token_bl_crypto_hash, "Bl AES Hash = ", format_hex_16_bytes }, + { token_rsa_pss_sig_bl, "RsaPssSigBl = ", format_rsa_param }, }; static value_data const mts_values[] = { @@ -108,6 +117,36 @@ static void format_chipuid(char const * message, void * data) printf("%s%s;\n", message, uid_str); } +static void format_hex_16_bytes(char const * message, void * data) +{ + u_int8_t *p_byte = (u_int8_t *)data; + int byte_index; + + printf("%s", message); + for (byte_index = 0; byte_index < 16; ++byte_index) + printf("%02x", *p_byte++); + + printf(";\n"); +} + +static void format_rsa_param(char const * message, void * data) +{ + u_int8_t *rsa = (u_int8_t *)data; + int byte_index; + + printf("%s", message); + for (byte_index = 0; byte_index < ARSE_RSA_PARAM_MAX_BYTES; + ++byte_index) { + printf("%02x", *rsa++); + + if ((byte_index + 1) % 64 == 0) + printf(";\n"); + } + + if (byte_index % 64 != 0) + printf(";\n"); +} + /*****************************************************************************/ static void usage(void) { diff --git a/src/t210/nvbctlib_t210.c b/src/t210/nvbctlib_t210.c index 97985db9db7c..ba2235e1c653 100644 --- a/src/t210/nvbctlib_t210.c +++ b/src/t210/nvbctlib_t210.c @@ -109,6 +109,8 @@ parse_token t210_root_token_list[] = { token_bootloaders_max, token_bct_size, token_hash_size, + token_crypto_hash, + token_bl_crypto_hash, token_crypto_offset, token_crypto_length, token_max_bct_search_blks, @@ -2034,6 +2036,12 @@ t210_getbl_param(u_int32_t set, sizeof(nvboot_hash)); break; + case token_rsa_pss_sig_bl: + swap_endianness(data, + &bct_ptr->bootloader[set].signature.rsa_pss_sig, + sizeof(nvboot_rsa_pss_sig)); + break; + default: return -ENODATA; } @@ -2130,6 +2138,15 @@ t210_bct_get_value(parse_token id, void *data, u_int8_t *bct) memcpy(data, &(bct_ptr->unique_chip_id), sizeof(nvboot_ecid)); break; + case token_rsa_key_modulus: + swap_endianness(data, &bct_ptr->key, sizeof(nvboot_rsa_key_modulus)); + break; + + case token_rsa_pss_sig_bct: + swap_endianness(data, &bct_ptr->signature.rsa_pss_sig, + sizeof(nvboot_rsa_pss_sig)); + break; + case token_reserved_offset: *((u_int32_t *)data) = (u_int8_t *)&(samplebct.reserved) - (u_int8_t *)&samplebct;
Add support to dump rsa pubkey, bct's rsa-pss signature and bootloader's rsa-pss signature. Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com> --- src/bct_dump.c | 39 +++++++++++++++++++++++++++++++++++++++ src/t210/nvbctlib_t210.c | 17 +++++++++++++++++ 2 files changed, 56 insertions(+)