* [PATCH v2] habv4: imx change signing area from full to the executed image
@ 2019-12-18 12:57 Maik Otto
2019-12-20 15:24 ` Sascha Hauer
0 siblings, 1 reply; 5+ messages in thread
From: Maik Otto @ 2019-12-18 12:57 UTC (permalink / raw)
To: barebox; +Cc: Maik Otto
the whole barebox with mbr and partition table were be signed by default.
change the signing to the executed image without signing the mbr,
partition table and header_gap by imx8mq
additional delete option full, from-dcdofs and skip-mbr
Signed-off-by: Maik Otto <m.otto@phytec.de>
---
Changes in v2:
- change subject from habv4: add the possibility to changing the signing
area from Kconfig to
- delete KConfig entries
- delete changes habv4-imx6-gencsf.h
- delete full, from-dcdofs and skip-mbr options
---
scripts/imx/imx.c | 33 +++++++++------------------------
1 file changed, 9 insertions(+), 24 deletions(-)
diff --git a/scripts/imx/imx.c b/scripts/imx/imx.c
index b3e8d62..b2dd25c 100644
--- a/scripts/imx/imx.c
+++ b/scripts/imx/imx.c
@@ -338,16 +338,13 @@ static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
char *str;
int ret;
uint32_t signed_size = data->load_size;
- uint32_t offset = 0;
+ uint32_t offset_load_address = 0x400; //skip MBR and Partition Table
+ uint32_t offset_size = offset_load_address;
+ uint32_t offset = offset_load_address;
if (!data->csf)
return -EINVAL;
- if (argc < 2)
- type = "full";
- else
- type = argv[1];
-
/*
* In case of encrypted image we reduce signed area to beginning
* of encrypted area.
@@ -359,31 +356,19 @@ static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
* Ensure we only sign the PBL for i.MX8MQ
*/
if (data->pbl_code_size && data->cpu_type == IMX_CPU_IMX8MQ) {
- offset = data->header_gap;
+ offset += data->header_gap;
signed_size = roundup(data->pbl_code_size + HEADER_LEN, 0x1000);
if (data->signed_hdmi_firmware_file)
offset += PLUGIN_HDMI_SIZE;
}
- if (!strcmp(type, "full")) {
+ if (signed_size > 0) {
ret = asprintf(&str, "Blocks = 0x%08x 0x%08x 0x%08x \"%s\"\n",
- data->image_load_addr, offset, signed_size,
- data->outfile);
- } else if (!strcmp(type, "from-dcdofs")) {
- ret = asprintf(&str, "Blocks = 0x%08x 0x%x %d \"%s\"\n",
- data->image_load_addr + data->image_dcd_offset,
- data->image_dcd_offset,
- signed_size - data->image_dcd_offset,
- data->outfile);
- } else if (!strcmp(type, "skip-mbr")) {
- ret = asprintf(&str,
- "Blocks = 0x%08x 0 440 \"%s\", \\\n"
- " 0x%08x 512 %d \"%s\"\n",
- data->image_load_addr, data->outfile,
- data->image_load_addr + 512,
- signed_size - 512, data->outfile);
+ data->image_load_addr + offset_load_address, offset,
+ signed_size - offset_size, data->outfile);
} else {
- fprintf(stderr, "Invalid hab_blocks option: %s\n", type);
+ fprintf(stderr, "Invalid signed size area 0x%08x\n",
+ signed_size);
return -EINVAL;
}
--
2.7.4
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] habv4: imx change signing area from full to the executed image
2019-12-18 12:57 [PATCH v2] habv4: imx change signing area from full to the executed image Maik Otto
@ 2019-12-20 15:24 ` Sascha Hauer
2019-12-22 22:13 ` Marcin Niestrój
0 siblings, 1 reply; 5+ messages in thread
From: Sascha Hauer @ 2019-12-20 15:24 UTC (permalink / raw)
To: Maik Otto; +Cc: barebox, Marcin Niestroj
On Wed, Dec 18, 2019 at 01:57:17PM +0100, Maik Otto wrote:
> the whole barebox with mbr and partition table were be signed by default.
> change the signing to the executed image without signing the mbr,
> partition table and header_gap by imx8mq
> additional delete option full, from-dcdofs and skip-mbr
>
> Signed-off-by: Maik Otto <m.otto@phytec.de>
> ---
> Changes in v2:
> - change subject from habv4: add the possibility to changing the signing
> area from Kconfig to
> - delete KConfig entries
> - delete changes habv4-imx6-gencsf.h
> - delete full, from-dcdofs and skip-mbr options
> ---
> scripts/imx/imx.c | 33 +++++++++------------------------
> 1 file changed, 9 insertions(+), 24 deletions(-)
Applied, thanks.
@Marcin, as you introduced the "from-dcdofs" and "full" options, are you
happy with this patch? It removes the options, but should default to
what you originally wanted to archieve, right?
Regards
Sascha
>
> diff --git a/scripts/imx/imx.c b/scripts/imx/imx.c
> index b3e8d62..b2dd25c 100644
> --- a/scripts/imx/imx.c
> +++ b/scripts/imx/imx.c
> @@ -338,16 +338,13 @@ static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
> char *str;
> int ret;
> uint32_t signed_size = data->load_size;
> - uint32_t offset = 0;
> + uint32_t offset_load_address = 0x400; //skip MBR and Partition Table
> + uint32_t offset_size = offset_load_address;
> + uint32_t offset = offset_load_address;
>
> if (!data->csf)
> return -EINVAL;
>
> - if (argc < 2)
> - type = "full";
> - else
> - type = argv[1];
> -
> /*
> * In case of encrypted image we reduce signed area to beginning
> * of encrypted area.
> @@ -359,31 +356,19 @@ static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
> * Ensure we only sign the PBL for i.MX8MQ
> */
> if (data->pbl_code_size && data->cpu_type == IMX_CPU_IMX8MQ) {
> - offset = data->header_gap;
> + offset += data->header_gap;
> signed_size = roundup(data->pbl_code_size + HEADER_LEN, 0x1000);
> if (data->signed_hdmi_firmware_file)
> offset += PLUGIN_HDMI_SIZE;
> }
>
> - if (!strcmp(type, "full")) {
> + if (signed_size > 0) {
> ret = asprintf(&str, "Blocks = 0x%08x 0x%08x 0x%08x \"%s\"\n",
> - data->image_load_addr, offset, signed_size,
> - data->outfile);
> - } else if (!strcmp(type, "from-dcdofs")) {
> - ret = asprintf(&str, "Blocks = 0x%08x 0x%x %d \"%s\"\n",
> - data->image_load_addr + data->image_dcd_offset,
> - data->image_dcd_offset,
> - signed_size - data->image_dcd_offset,
> - data->outfile);
> - } else if (!strcmp(type, "skip-mbr")) {
> - ret = asprintf(&str,
> - "Blocks = 0x%08x 0 440 \"%s\", \\\n"
> - " 0x%08x 512 %d \"%s\"\n",
> - data->image_load_addr, data->outfile,
> - data->image_load_addr + 512,
> - signed_size - 512, data->outfile);
> + data->image_load_addr + offset_load_address, offset,
> + signed_size - offset_size, data->outfile);
> } else {
> - fprintf(stderr, "Invalid hab_blocks option: %s\n", type);
> + fprintf(stderr, "Invalid signed size area 0x%08x\n",
> + signed_size);
> return -EINVAL;
> }
>
> --
> 2.7.4
>
>
> _______________________________________________
> barebox mailing list
> barebox@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/barebox
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] habv4: imx change signing area from full to the executed image
2019-12-20 15:24 ` Sascha Hauer
@ 2019-12-22 22:13 ` Marcin Niestrój
2020-01-06 9:35 ` Sascha Hauer
0 siblings, 1 reply; 5+ messages in thread
From: Marcin Niestrój @ 2019-12-22 22:13 UTC (permalink / raw)
To: Sascha Hauer; +Cc: Maik Otto, barebox
Hi Sasha, Maik,
Sascha Hauer <s.hauer@pengutronix.de> writes:
> On Wed, Dec 18, 2019 at 01:57:17PM +0100, Maik Otto wrote:
>> the whole barebox with mbr and partition table were be signed by default.
>> change the signing to the executed image without signing the mbr,
>> partition table and header_gap by imx8mq
>> additional delete option full, from-dcdofs and skip-mbr
>>
>> Signed-off-by: Maik Otto <m.otto@phytec.de>
>> ---
>> Changes in v2:
>> - change subject from habv4: add the possibility to changing the signing
>> area from Kconfig to
>> - delete KConfig entries
>> - delete changes habv4-imx6-gencsf.h
>> - delete full, from-dcdofs and skip-mbr options
>> ---
>> scripts/imx/imx.c | 33 +++++++++------------------------
>> 1 file changed, 9 insertions(+), 24 deletions(-)
>
> Applied, thanks.
>
> @Marcin, as you introduced the "from-dcdofs" and "full" options, are you
> happy with this patch? It removes the options, but should default to
> what you originally wanted to archieve, right?
I think that when adding separate skip-mbr and from-dcdofs I wanted to
protect (with skip-mbr) first bytes of generated image, which contain
barebox header (with its version?) from what I remember. I never used
that information from there, so I am quite okay with dropping skip-mbr
support in favor of only from-dcdofs.
However I wonder why offset_load_address is hardcoded to
0x400. Shouldn't we leave from-dcdofs as is and simply dropping all
other options (full and skip-mbr)?
Regards,
Marcin
>
> Regards
> Sascha
>
>>
>> diff --git a/scripts/imx/imx.c b/scripts/imx/imx.c
>> index b3e8d62..b2dd25c 100644
>> --- a/scripts/imx/imx.c
>> +++ b/scripts/imx/imx.c
>> @@ -338,16 +338,13 @@ static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
>> char *str;
>> int ret;
>> uint32_t signed_size = data->load_size;
>> - uint32_t offset = 0;
>> + uint32_t offset_load_address = 0x400; //skip MBR and Partition Table
>> + uint32_t offset_size = offset_load_address;
>> + uint32_t offset = offset_load_address;
>>
>> if (!data->csf)
>> return -EINVAL;
>>
>> - if (argc < 2)
>> - type = "full";
>> - else
>> - type = argv[1];
>> -
>> /*
>> * In case of encrypted image we reduce signed area to beginning
>> * of encrypted area.
>> @@ -359,31 +356,19 @@ static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
>> * Ensure we only sign the PBL for i.MX8MQ
>> */
>> if (data->pbl_code_size && data->cpu_type == IMX_CPU_IMX8MQ) {
>> - offset = data->header_gap;
>> + offset += data->header_gap;
>> signed_size = roundup(data->pbl_code_size + HEADER_LEN, 0x1000);
>> if (data->signed_hdmi_firmware_file)
>> offset += PLUGIN_HDMI_SIZE;
>> }
>>
>> - if (!strcmp(type, "full")) {
>> + if (signed_size > 0) {
>> ret = asprintf(&str, "Blocks = 0x%08x 0x%08x 0x%08x \"%s\"\n",
>> - data->image_load_addr, offset, signed_size,
>> - data->outfile);
>> - } else if (!strcmp(type, "from-dcdofs")) {
>> - ret = asprintf(&str, "Blocks = 0x%08x 0x%x %d \"%s\"\n",
>> - data->image_load_addr + data->image_dcd_offset,
>> - data->image_dcd_offset,
>> - signed_size - data->image_dcd_offset,
>> - data->outfile);
>> - } else if (!strcmp(type, "skip-mbr")) {
>> - ret = asprintf(&str,
>> - "Blocks = 0x%08x 0 440 \"%s\", \\\n"
>> - " 0x%08x 512 %d \"%s\"\n",
>> - data->image_load_addr, data->outfile,
>> - data->image_load_addr + 512,
>> - signed_size - 512, data->outfile);
>> + data->image_load_addr + offset_load_address, offset,
>> + signed_size - offset_size, data->outfile);
>> } else {
>> - fprintf(stderr, "Invalid hab_blocks option: %s\n", type);
>> + fprintf(stderr, "Invalid signed size area 0x%08x\n",
>> + signed_size);
>> return -EINVAL;
>> }
>>
>> --
>> 2.7.4
>>
>>
>> _______________________________________________
>> barebox mailing list
>> barebox@lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/barebox
>>
--
Marcin Niestrój
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] habv4: imx change signing area from full to the executed image
2019-12-22 22:13 ` Marcin Niestrój
@ 2020-01-06 9:35 ` Sascha Hauer
2020-01-06 14:42 ` Maik Otto
0 siblings, 1 reply; 5+ messages in thread
From: Sascha Hauer @ 2020-01-06 9:35 UTC (permalink / raw)
To: Marcin Niestrój; +Cc: Maik Otto, barebox
On Sun, Dec 22, 2019 at 11:13:48PM +0100, Marcin Niestrój wrote:
> Hi Sasha, Maik,
>
> Sascha Hauer <s.hauer@pengutronix.de> writes:
>
> > On Wed, Dec 18, 2019 at 01:57:17PM +0100, Maik Otto wrote:
> >> the whole barebox with mbr and partition table were be signed by default.
> >> change the signing to the executed image without signing the mbr,
> >> partition table and header_gap by imx8mq
> >> additional delete option full, from-dcdofs and skip-mbr
> >>
> >> Signed-off-by: Maik Otto <m.otto@phytec.de>
> >> ---
> >> Changes in v2:
> >> - change subject from habv4: add the possibility to changing the signing
> >> area from Kconfig to
> >> - delete KConfig entries
> >> - delete changes habv4-imx6-gencsf.h
> >> - delete full, from-dcdofs and skip-mbr options
> >> ---
> >> scripts/imx/imx.c | 33 +++++++++------------------------
> >> 1 file changed, 9 insertions(+), 24 deletions(-)
> >
> > Applied, thanks.
> >
> > @Marcin, as you introduced the "from-dcdofs" and "full" options, are you
> > happy with this patch? It removes the options, but should default to
> > what you originally wanted to archieve, right?
>
> I think that when adding separate skip-mbr and from-dcdofs I wanted to
> protect (with skip-mbr) first bytes of generated image, which contain
> barebox header (with its version?) from what I remember. I never used
> that information from there, so I am quite okay with dropping skip-mbr
> support in favor of only from-dcdofs.
The version is not contained in the header.
>
> However I wonder why offset_load_address is hardcoded to
> 0x400. Shouldn't we leave from-dcdofs as is and simply dropping all
> other options (full and skip-mbr)?
Yes, this sounds better. Maik, can you change the patch accordingly?
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] habv4: imx change signing area from full to the executed image
2020-01-06 9:35 ` Sascha Hauer
@ 2020-01-06 14:42 ` Maik Otto
0 siblings, 0 replies; 5+ messages in thread
From: Maik Otto @ 2020-01-06 14:42 UTC (permalink / raw)
To: Sascha Hauer, Marcin Niestrój; +Cc: barebox
Hi Sascha and Marcin,
yes i will be change the patch.
Maik
.
Am 06.01.2020 um 10:35 schrieb Sascha Hauer:
> On Sun, Dec 22, 2019 at 11:13:48PM +0100, Marcin Niestrój wrote:
>> Hi Sasha, Maik,
>>
>> Sascha Hauer <s.hauer@pengutronix.de> writes:
>>
>>> On Wed, Dec 18, 2019 at 01:57:17PM +0100, Maik Otto wrote:
>>>> the whole barebox with mbr and partition table were be signed by default.
>>>> change the signing to the executed image without signing the mbr,
>>>> partition table and header_gap by imx8mq
>>>> additional delete option full, from-dcdofs and skip-mbr
>>>>
>>>> Signed-off-by: Maik Otto <m.otto@phytec.de>
>>>> ---
>>>> Changes in v2:
>>>> - change subject from habv4: add the possibility to changing the signing
>>>> area from Kconfig to
>>>> - delete KConfig entries
>>>> - delete changes habv4-imx6-gencsf.h
>>>> - delete full, from-dcdofs and skip-mbr options
>>>> ---
>>>> scripts/imx/imx.c | 33 +++++++++------------------------
>>>> 1 file changed, 9 insertions(+), 24 deletions(-)
>>> Applied, thanks.
>>>
>>> @Marcin, as you introduced the "from-dcdofs" and "full" options, are you
>>> happy with this patch? It removes the options, but should default to
>>> what you originally wanted to archieve, right?
>> I think that when adding separate skip-mbr and from-dcdofs I wanted to
>> protect (with skip-mbr) first bytes of generated image, which contain
>> barebox header (with its version?) from what I remember. I never used
>> that information from there, so I am quite okay with dropping skip-mbr
>> support in favor of only from-dcdofs.
> The version is not contained in the header.
>
>> However I wonder why offset_load_address is hardcoded to
>> 0x400. Shouldn't we leave from-dcdofs as is and simply dropping all
>> other options (full and skip-mbr)?
> Yes, this sounds better. Maik, can you change the patch accordingly?
>
> Sascha
>
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-01-06 14:42 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-18 12:57 [PATCH v2] habv4: imx change signing area from full to the executed image Maik Otto
2019-12-20 15:24 ` Sascha Hauer
2019-12-22 22:13 ` Marcin Niestrój
2020-01-06 9:35 ` Sascha Hauer
2020-01-06 14:42 ` Maik Otto
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox