@@ -466,6 +466,14 @@ config ENCRYPTED_IMAGES
comment "Image encryption needs an SSL implementation"
depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_WOLFSSL && !SSL_IMPL_MBEDTLS
+config ENCRYPTED_SW_DESCRIPTION
+ bool "Even sw-description is encrypted"
+ depends on ENCRYPTED_IMAGES
+ help
+ sw-description is not encrypted as default, but it is encrypted
+ if this is set. It is a compile time option, and mix of plain and
+ encrypted sw-descriptions is not possible.
+
config PKCS11
bool "Enable PKCS#11 cryptographic operations"
default n
@@ -677,7 +677,7 @@ int extract_cpio_header(int fd, struct filehdr *fhdr, unsigned long *offset)
return 0;
}
-int extract_sw_description(int fd, const char *descfile, off_t *offs)
+int extract_sw_description(int fd, const char *descfile, off_t *offs, bool encrypted)
{
struct filehdr fdh;
unsigned long offset = *offs;
@@ -713,7 +713,7 @@ int extract_sw_description(int fd, const char *descfile, off_t *offs)
close(fdout);
return -1;
}
- if (copyfile(fd, &fdout, fdh.size, &offset, 0, 0, 0, &checksum, NULL, 0, NULL, NULL) < 0) {
+ if (copyfile(fd, &fdout, fdh.size, &offset, 0, 0, 0, &checksum, NULL, encrypted ? 1 : 0, NULL, NULL) < 0) {
ERROR("%s corrupted or not valid", descfile);
close(fdout);
return -1;
@@ -72,7 +72,7 @@ pthread_cond_t stream_wkup = PTHREAD_COND_INITIALIZER;
static struct installer inst;
-static int extract_file_to_tmp(int fd, const char *fname, unsigned long *poffs)
+static int extract_file_to_tmp(int fd, const char *fname, unsigned long *poffs, bool encrypted)
{
char output_file[MAX_IMAGE_FNAME];
struct filehdr fdh;
@@ -102,7 +102,8 @@ static int extract_file_to_tmp(int fd, const char *fname, unsigned long *poffs)
if (fdout < 0)
return -1;
- if (copyfile(fd, &fdout, fdh.size, poffs, 0, 0, 0, &checksum, NULL, 0, NULL, NULL) < 0) {
+ if (copyfile(fd, &fdout, fdh.size, poffs, 0, 0, 0, &checksum, NULL,
+ encrypted ? 1 : 0, NULL, NULL) < 0) {
close(fdout);
return -1;
}
@@ -127,6 +128,11 @@ static int extract_files(int fd, struct swupdate_cfg *software)
char output_file[MAX_IMAGE_FNAME];
const char* TMPDIR = get_tmpdir();
bool installed_directly = false;
+ bool encrypted_sw_desc = false;
+
+#ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION
+ encrypted_sw_desc = true;
+#endif
/* preset the info about the install parts */
@@ -141,7 +147,7 @@ static int extract_files(int fd, struct swupdate_cfg *software)
switch (status) {
/* Waiting for the first Header */
case STREAM_WAIT_DESCRIPTION:
- if (extract_file_to_tmp(fd, SW_DESCRIPTION_FILENAME, &offset) < 0 )
+ if (extract_file_to_tmp(fd, SW_DESCRIPTION_FILENAME, &offset, encrypted_sw_desc) < 0 )
return -1;
status = STREAM_WAIT_SIGNATURE;
@@ -150,7 +156,7 @@ static int extract_files(int fd, struct swupdate_cfg *software)
case STREAM_WAIT_SIGNATURE:
#ifdef CONFIG_SIGNED_IMAGES
snprintf(output_file, sizeof(output_file), "%s.sig", SW_DESCRIPTION_FILENAME);
- if (extract_file_to_tmp(fd, output_file, &offset) < 0 )
+ if (extract_file_to_tmp(fd, output_file, &offset, false) < 0 )
return -1;
#endif
snprintf(output_file, sizeof(output_file), "%s%s", TMPDIR, SW_DESCRIPTION_FILENAME);
@@ -356,7 +362,11 @@ static int save_stream(int fdin, struct swupdate_cfg *software)
unsigned long offset;
char output_file[MAX_IMAGE_FNAME];
const char* TMPDIR = get_tmpdir();
+ bool encrypted_sw_desc = false;
+#ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION
+ encrypted_sw_desc = true;
+#endif
if (fdin < 0)
return -EINVAL;
@@ -417,13 +427,13 @@ static int save_stream(int fdin, struct swupdate_cfg *software)
lseek(tmpfd, 0, SEEK_SET);
offset = 0;
- if (extract_file_to_tmp(tmpfd, SW_DESCRIPTION_FILENAME, &offset) < 0) {
+ if (extract_file_to_tmp(tmpfd, SW_DESCRIPTION_FILENAME, &offset, encrypted_sw_desc) < 0) {
ERROR("%s cannot be extracted", SW_DESCRIPTION_FILENAME);
ret = -EINVAL;
goto no_copy_output;
}
#ifdef CONFIG_SIGNED_IMAGES
- snprintf(output_file, sizeof(output_file), "%s.sig", SW_DESCRIPTION_FILENAME);
+ snprintf(output_file, sizeof(output_file), "%s.sig", SW_DESCRIPTION_FILENAME, false);
if (extract_file_to_tmp(tmpfd, output_file, &offset) < 0 ) {
ERROR("Signature cannot be extracted:%s", output_file);
ret = -EINVAL;
@@ -304,8 +304,11 @@ static int install_from_file(char *fname, int check)
int fdsw;
off_t pos;
int ret;
+ bool encrypted_sw_desc = false;
-
+#ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION
+ encrypted_sw_desc = true;
+#endif
if (!strlen(fname)) {
ERROR("Image not found...please reboot");
exit(EXIT_FAILURE);
@@ -321,10 +324,10 @@ static int install_from_file(char *fname, int check)
}
pos = 0;
- ret = extract_sw_description(fdsw, SW_DESCRIPTION_FILENAME, &pos);
+ ret = extract_sw_description(fdsw, SW_DESCRIPTION_FILENAME, &pos, encrypted_sw_desc);
#ifdef CONFIG_SIGNED_IMAGES
ret |= extract_sw_description(fdsw, SW_DESCRIPTION_FILENAME ".sig",
- &pos);
+ &pos, false);
#endif
/*
* Check if files could be extracted
@@ -191,7 +191,7 @@ int copyfile(int fdin, void *out, unsigned int nbytes, unsigned long *offs,
int skip_file, int compressed, uint32_t *checksum,
unsigned char *hash, int encrypted, const char *imgivt, writeimage callback);
int copyimage(void *out, struct img_type *img, writeimage callback);
-int extract_sw_description(int fd, const char *descfile, off_t *offs);
+int extract_sw_description(int fd, const char *descfile, off_t *offs, bool encrypted);
off_t extract_next_file(int fd, int fdout, off_t start, int compressed,
int encrypted, char *ivt, unsigned char *hash);
int openfileoutput(const char *filename);
In some use cases, even sw-description is required to be encrypted. This is useful in case sw-description contains Lua code and it is not desirable to expose this code. A new CONFIG_ENCRYPTED_SW_DESCRIPTION is added - this is at compile time because it is a security option. Signed-off-by: Stefano Babic <sbabic@denx.de> --- Kconfig | 8 ++++++++ core/cpio_utils.c | 4 ++-- core/stream_interface.c | 22 ++++++++++++++++------ core/swupdate.c | 9 ++++++--- include/util.h | 2 +- 5 files changed, 33 insertions(+), 12 deletions(-)