From: Sascha Hauer <s.hauer@pengutronix.de>
To: Philippe Leduc <ledphilippe@gmail.com>
Cc: barebox@lists.infradead.org
Subject: Re: how to do a digest on a flashed uImage ?
Date: Thu, 2 Jul 2015 07:42:08 +0200 [thread overview]
Message-ID: <20150702054208.GE18611@pengutronix.de> (raw)
In-Reply-To: <CABQt-UnvAoFHp_4LJvH0Q6AFw8US2vhcb_nOGGmjfAaCXrOFWQ@mail.gmail.com>
Hi Philippe,
On Wed, Jul 01, 2015 at 09:02:28AM +0200, Philippe Leduc wrote:
> Hello,
>
> I have a uImage saved in a memory partition and I am able to boot on
> it with bootm command. I would like to add a digest (like a
> hmac(sha1)) in order to check the integrity of the binary before
> booting on it.
>
> Because my partition is bigger than my uImage, I don't know how to use
> digest on it.
> In fact there are two problems that I don't know how to solve: I can't
> get the size of my file and I can't ask digest to work on COUNT bytes.
>
> For the size problem: I can extract the size of the uImage in binary
> form since this information is present in the uImage header (via
> memcpy), but I don't know how to convert it in a format compatible
> with Hush.
>
> For digest, I can copy the binary in the RAM, but I fear that it is
> longer than working on the flash: it takes 4,8s to memcpy the uImage
> in a RAM file, and less than 3s to bootm on the flash. But
>
>
> Do you know a way to get the size of a file? Or to convert a binary
> size into a "human readable format" for Hush? Or should I develop a
> kind of "stat" utility for barebox?
> Thank you in advance,
I can't think of a way on the shell to accomplish this. Something that
might come close is uImagefs. You can mount an uImage as a filesystem,
then you can run digest on the individual contents of the image, but not
of the whole image itself.
Also extracting the size from the image via memcpy and somehow convert
the value to hex, then memcpy the uImage to a file sounds fragile. I
would probably add a option to the uimage command, like -c for copy.
In C it's easy to sanity check the size you read and to verify the
header checksum before doing anything else. You can't do that in shell.
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2015-07-02 5:42 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-01 7:02 Philippe Leduc
2015-07-02 5:42 ` Sascha Hauer [this message]
2015-07-02 5:47 ` Jean-Christophe PLAGNIOL-VILLARD
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150702054208.GE18611@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=ledphilippe@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox