mail archive of the barebox mailing list
 help / color / mirror / Atom feed
* [PATCH v2 1/4] kbuild: make sha256sum command available generally
@ 2022-08-18  5:04 Ahmad Fatoum
  2022-08-18  5:04 ` [PATCH v2 2/4] pbl: export pbl_barebox_verify Ahmad Fatoum
                   ` (3 more replies)
  0 siblings, 4 replies; 7+ messages in thread
From: Ahmad Fatoum @ 2022-08-18  5:04 UTC (permalink / raw)
  To: barebox; +Cc: Ahmad Fatoum

We currently use the command only for generation a SHA256 sum of the
barebox proper binary. In preparation for using it in othe Makefiles
as well, move it to a central location and use the occasion to give
it a short comment.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
v1 -> v2:
  - no change
---
 images/Makefile      |  7 -------
 scripts/Makefile.lib | 11 +++++++++++
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/images/Makefile b/images/Makefile
index 7a8bb94fe0df..218a24ff1ddd 100644
--- a/images/Makefile
+++ b/images/Makefile
@@ -112,13 +112,6 @@ $(obj)/piggy.o: $(obj)/barebox.z FORCE
 
 $(obj)/sha_sum.o: $(obj)/barebox.sha.bin FORCE
 
-quiet_cmd_sha256bin ?= SHA-BIN $@
-      cmd_sha256bin = printf "$(shell sed 's/ .*$$//;s/../0x&\n/g;s/\n$$//' $(obj)/barebox.sum | \
-			while read -r byte; do printf '\%o' $$byte; done)" > $@
-
-quiet_cmd_sha256sum ?= SHA     $@
-      cmd_sha256sum ?= sha256sum $(obj)/barebox.z > $@
-
 $(obj)/barebox.sha.bin: $(obj)/barebox.sum FORCE
 	$(call if_changed,sha256bin)
 
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index 46042dab3c8f..16308497b845 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -272,6 +272,17 @@ cmd_ld = $(LD) $(KBUILD_LDFLAGS) $(EXTRA_LDFLAGS) $(LDFLAGS_$(@F)) \
 quiet_cmd_objcopy = OBJCOPY $@
 cmd_objcopy = $(OBJCOPY) $(OBJCOPYFLAGS) $(OBJCOPYFLAGS_$(@F)) $< $@
 
+# Hashing
+# ---------------------------------------------------------------------------
+# POSIX printf (e.g. dash's) doesn't support \xHH, but octal sequences are fine
+
+quiet_cmd_sha256bin ?= SHA-BIN $@
+      cmd_sha256bin = printf "$(shell sed 's/ .*$$//;s/../0x&\n/g;s/\n$$//' $< | \
+			while read -r byte; do printf '\%o' $$byte; done)" > $@
+
+quiet_cmd_sha256sum ?= SHA     $@
+      cmd_sha256sum ?= sha256sum $< > $@
+
 # Decompressor for barebox proper binary when using PBL
 # ---------------------------------------------------------------------------
 
-- 
2.30.2




^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH v2 2/4] pbl: export pbl_barebox_verify
  2022-08-18  5:04 [PATCH v2 1/4] kbuild: make sha256sum command available generally Ahmad Fatoum
@ 2022-08-18  5:04 ` Ahmad Fatoum
  2022-08-20 16:07   ` Antony Pavlov
  2022-08-18  5:04 ` [PATCH v2 3/4] firmware: add external firmware PBL support Ahmad Fatoum
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 7+ messages in thread
From: Ahmad Fatoum @ 2022-08-18  5:04 UTC (permalink / raw)
  To: barebox; +Cc: Ahmad Fatoum

There's no downside to always build the digest verification code in PBL
and export pbl_barebox_verify to access it. This allows board code to
use the function for verifying other firmware blobs and
CONFIG_PBL_VERIFY_PIGGY=y will remain to enable the verification at
barebox proper extraction time. Code not using it will have the function
sections garbage collected by the linker, so no functional change.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
v1 -> v2:
  - no change
---
 crypto/Makefile | 3 +--
 include/pbl.h   | 3 +++
 pbl/decomp.c    | 6 +++---
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/crypto/Makefile b/crypto/Makefile
index 762d7e543be4..22035d4f69ee 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -10,8 +10,7 @@ obj-$(CONFIG_DIGEST_MD5_GENERIC)	+= md5.o
 obj-$(CONFIG_DIGEST_SHA1_GENERIC)	+= sha1.o
 obj-$(CONFIG_DIGEST_SHA224_GENERIC)	+= sha2.o
 obj-$(CONFIG_DIGEST_SHA256_GENERIC)	+= sha2.o
-pbl-$(CONFIG_PBL_VERIFY_PIGGY)		+= sha2.o
-pbl-$(CONFIG_PBL_VERIFY_PIGGY)		+= digest.o
+pbl-y					+= sha2.o digest.o
 obj-$(CONFIG_DIGEST_SHA384_GENERIC)	+= sha4.o
 obj-$(CONFIG_DIGEST_SHA512_GENERIC)	+= sha4.o
 obj-y	+= memneq.o
diff --git a/include/pbl.h b/include/pbl.h
index 0dc23c72dcf5..7dc4fa309257 100644
--- a/include/pbl.h
+++ b/include/pbl.h
@@ -30,4 +30,7 @@ const void *
 fdt_device_get_match_data(const void *fdt, const char *nodepath,
 			  const struct fdt_device_id ids[]);
 
+int pbl_barebox_verify(const void *compressed_start, unsigned int len,
+		       const void *hash, unsigned int hash_len);
+
 #endif /* __PBL_H__ */
diff --git a/pbl/decomp.c b/pbl/decomp.c
index 1e0ef81ada00..553895bac5e8 100644
--- a/pbl/decomp.c
+++ b/pbl/decomp.c
@@ -54,14 +54,14 @@ static void noinline errorfn(char *error)
 extern unsigned char sha_sum[];
 extern unsigned char sha_sum_end[];
 
-static int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash,
-			      unsigned int hash_len)
+int pbl_barebox_verify(const void *compressed_start, unsigned int len,
+		       const void *hash, unsigned int hash_len)
 {
 	struct sha256_state sha_state = { 0 };
 	struct digest d = { .ctx = &sha_state };
 	char computed_hash[SHA256_DIGEST_SIZE];
 	int i;
-	char *char_hash = hash;
+	const char *char_hash = hash;
 
 	if (hash_len != SHA256_DIGEST_SIZE)
 		return -1;
-- 
2.30.2




^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH v2 3/4] firmware: add external firmware PBL support
  2022-08-18  5:04 [PATCH v2 1/4] kbuild: make sha256sum command available generally Ahmad Fatoum
  2022-08-18  5:04 ` [PATCH v2 2/4] pbl: export pbl_barebox_verify Ahmad Fatoum
@ 2022-08-18  5:04 ` Ahmad Fatoum
  2022-08-18  5:04 ` [PATCH v2 4/4] pbl: replace __piggydata_end with __image_end Ahmad Fatoum
  2022-08-19  7:31 ` [PATCH v2 1/4] kbuild: make sha256sum command available generally Sascha Hauer
  3 siblings, 0 replies; 7+ messages in thread
From: Ahmad Fatoum @ 2022-08-18  5:04 UTC (permalink / raw)
  To: barebox; +Cc: Ahmad Fatoum

Normally, barebox embds firmware into the binary referencing it, which
means that device tree blobs, RAM training code and e.g. TF-A for i.MX8M
end up in the prebootloader, while, e.g. Freescale FMan microcode ends
up in barebox proper. The only exception so far was barebox proper:
When only the PBL fits in on-chip SRAM, barebox proper is chainloaded
from the boot medium. To avoid TOCTOU attack, it's read fully into DRAM
after setup and then a SHA256 is calculated and compared against the
hash embedded in barebox PBL, which in a secure boot system would be
trusted by virtue of the PBL as a whole being verified beforehand by
the BootROM.

Reuse this mechanism to support arbitrary firmware, which is now termed
external firmware. Such firmware is placed beyond the piggydata (barebox
proper) and only offset and hash are included in the prebootloader
image. The new get_builtin_firmware_ext() is used to retrieve this
external firmware after integrity verification with SHA256.

This enables referencing firmware blobs from PBL that would bloat the
size of the PBL beyond what can fit into on-chip SRAM, e.g. very big
OP-TEE binaries. As users of get_builtin_firmware() didn't have to worry
about TOCTOU so far, we panic when a firmware verification fails to
ensure that we never load an OP-TEE that has been modified in-transit
We can't include the OP-TEE binary in barebox proper, because we need
to install it in EL3, but barebox proper on the i.MX8M runs as BL33
in a lower exception level.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
v1 -> v2:
  - removed section for SHA256 sum of external firmware. Now just placed
    into .rodata
  - instead of duplicating filechk_fwbin, parametrized it with two
    arguments, so it can be used for both internal and external firmware
  - defined fwobjdir to make line shorter. also using objtree instead of
    objdir
  - unified get_builtin_firmware and get_builtin_firmware_ext to both
    call into same underlying function (Sascha). We can use offset == 0
    check at compile-time to see that firmware is internal and skip
    SHA verification. For internal firmware, we do _not_ define _sha
    symbols. This ensures a link error will occur should the
    verification code not be optimized away for the internal firmware
    case. Original intention was to just compare sha sum _start and _end
    symbols, but this won't optimize away verification code, because we
    don't have link-time optimization enabled.
---
 arch/arm/lib/pbl.lds.S |  7 +++++++
 firmware/Makefile      | 38 ++++++++++++++++++++++++++++++++++----
 include/firmware.h     | 42 ++++++++++++++++++++++++++++++++++++------
 3 files changed, 77 insertions(+), 10 deletions(-)

diff --git a/arch/arm/lib/pbl.lds.S b/arch/arm/lib/pbl.lds.S
index e77b3220fcb0..44ad5b335356 100644
--- a/arch/arm/lib/pbl.lds.S
+++ b/arch/arm/lib/pbl.lds.S
@@ -101,6 +101,13 @@ SECTIONS
 	}
 	__piggydata_end = .;
 
+	. = ALIGN(4);
+	__pblext_start = .;
+	.pblext : {
+		*(.pblext.*)
+	}
+	__pblext_end = .;
+
 	.image_end : { KEEP(*(.__image_end)) }
 
 	pbl_image_size =  . - BASE;
diff --git a/firmware/Makefile b/firmware/Makefile
index 87bd033f6e5c..f6ff5b831be8 100644
--- a/firmware/Makefile
+++ b/firmware/Makefile
@@ -30,16 +30,17 @@ firmware-$(CONFIG_FIRMWARE_CCBV2_OPTEE) += ccbv2_optee.bin
 # leading /, it's relative to $(srctree).
 fwdir := $(subst $(quote),,$(CONFIG_EXTRA_FIRMWARE_DIR))
 fwdir := $(addprefix $(srctree)/,$(filter-out /%,$(fwdir)))$(filter /%,$(fwdir))
+fwobjdir := $(objtree)/firmware
 
 obj-pbl-y := $(addsuffix .gen.o, $(firmware-y))
 
-FWNAME    = $(patsubst $(obj)/%.gen.S,%,$@)
+FWNAME    = $(patsubst $(obj)/%.extgen.S,%,$(patsubst $(obj)/%.gen.S,%,$@))
 FWSTR     = $(subst /,_,$(subst .,_,$(subst -,_,$(FWNAME))))
 ASM_ALIGN = $(if $(CONFIG_64BIT),3,2)
 
 filechk_fwbin = { \
 	echo "/* Generated by $(src)/Makefile */"		;\
-	echo "    .section .rodata.$(FWSTR)"			;\
+	echo "    .section $2,\"$3\""				;\
 	echo "    .p2align $(ASM_ALIGN)"			;\
 	echo ".global _fw_$(FWSTR)_start"			;\
 	echo "_fw_$(FWSTR)_start:"				;\
@@ -48,19 +49,48 @@ filechk_fwbin = { \
 	echo "_fw_$(FWSTR)_end:"				;\
 }
 
+__fwbin_sha = { \
+	echo "    .section .rodata.$(FWSTR).sha"		;\
+	echo "    .p2align $(ASM_ALIGN)"			;\
+	echo ".global _fw_$(FWSTR)_sha_start"			;\
+	echo "_fw_$(FWSTR)_sha_start:"				;\
+	echo "    .incbin \"$(fwobjdir)/$(FWNAME).sha.bin\""	;\
+	echo ".global _fw_$(FWSTR)_sha_end"			;\
+	echo "_fw_$(FWSTR)_sha_end:"				;\
+}
+
+filechk_fwbin_ext = { \
+	$(filechk_fwbin)					;\
+	$(__fwbin_sha)						;\
+}
+
 $(obj)/%.gen.S: FORCE
-	$(call filechk,fwbin)
+	$(call filechk,fwbin,.rodata.$(FWSTR),)
+
+$(obj)/%.extgen.S: $(obj)/%.sha.bin FORCE
+	$(call filechk,fwbin_ext,.pblext.$(FWSTR),a)
+
+$(obj)/%.sha.bin: $(obj)/%.sum FORCE
+	$(call if_changed,sha256bin)
+
+$(obj)/%.sum: $(obj)/% FORCE
+	$(call if_changed,sha256sum)
+
+clean-files += *.sha.bin *.sum
 
 # The .o files depend on the binaries directly; the .S files don't.
 $(patsubst %,$(obj)/%.gen.o, $(obj-pbl-y)): $(obj)/%.gen.o: $(fwdir)/%
 
 # The same for pbl:
 $(patsubst %,$(obj)/%.gen.pbl.o, $(obj-pbl-y)): $(obj)/%.gen.pbl.o: $(fwdir)/%
+$(patsubst %,$(obj)/%.extgen.pbl.o, $(pbl-y)): $(obj)/%.extgen.pbl.o: $(fwdir)/%
 
-obj-pbl-y			 += $(patsubst %,%.gen.o, $(fw-external-y))
+pbl-y := $(addsuffix .extgen.o, $(fw-external-y))
 
 targets := $(patsubst $(obj)/%,%, \
                                 $(shell find $(obj) -name \*.gen.S 2>/dev/null))
+targets += $(patsubst $(obj)/%,%, \
+                                $(shell find $(obj) -name \*.extgen.S 2>/dev/null))
 
 # just to build a built-in.o. Otherwise compilation fails when no
 # firmware is built.
diff --git a/include/firmware.h b/include/firmware.h
index 2583342230ae..2cfaeb1e6a91 100644
--- a/include/firmware.h
+++ b/include/firmware.h
@@ -6,8 +6,11 @@
 #ifndef FIRMWARE_H
 #define FIRMWARE_H
 
+#include <pbl.h>
 #include <types.h>
 #include <driver.h>
+#include <debug_ll.h>
+#include <linux/kernel.h>
 
 struct firmware_handler {
 	char *id; /* unique identifier for this firmware device */
@@ -57,12 +60,39 @@ static inline void firmware_set_searchpath(const char *path)
 
 void firmwaremgr_list_handlers(void);
 
-#define get_builtin_firmware(name, start, size) \
-	{							\
-		extern char _fw_##name##_start[];		\
-		extern char _fw_##name##_end[];			\
-		*start = (typeof(*start)) _fw_##name##_start;	\
-		*size = _fw_##name##_end - _fw_##name##_start;	\
+static inline void firmware_ext_verify(const void *data_start, size_t data_size,
+				       const void *hash_start, size_t hash_size)
+{
+	if (pbl_barebox_verify(data_start, data_size,
+			       hash_start, hash_size) != 0) {
+		putc_ll('!');
+		panic("hash mismatch, refusing to decompress");
 	}
+}
+
+#define __get_builtin_firmware(name, offset, start, size)		\
+	do {								\
+		extern char _fw_##name##_start[];			\
+		extern char _fw_##name##_end[];				\
+		extern char _fw_##name##_sha_start[];			\
+		extern char _fw_##name##_sha_end[];			\
+		*start = (typeof(*start)) _fw_##name##_start;		\
+		*size = _fw_##name##_end - _fw_##name##_start;		\
+		if (!(offset))						\
+			break;						\
+		*start += (offset);					\
+		firmware_ext_verify(					\
+			*start, *size,					\
+			_fw_##name##_sha_start,				\
+			_fw_##name##_sha_end - _fw_##name##_sha_start	\
+		);							\
+	} while (0)
+
+
+#define get_builtin_firmware(name, start, size) \
+	__get_builtin_firmware(name, 0, start, size)
+
+#define get_builtin_firmware_ext(name, base, start, size)		\
+	__get_builtin_firmware(name, (long)base - (long)_text, start, size)
 
 #endif /* FIRMWARE_H */
-- 
2.30.2




^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH v2 4/4] pbl: replace __piggydata_end with __image_end
  2022-08-18  5:04 [PATCH v2 1/4] kbuild: make sha256sum command available generally Ahmad Fatoum
  2022-08-18  5:04 ` [PATCH v2 2/4] pbl: export pbl_barebox_verify Ahmad Fatoum
  2022-08-18  5:04 ` [PATCH v2 3/4] firmware: add external firmware PBL support Ahmad Fatoum
@ 2022-08-18  5:04 ` Ahmad Fatoum
  2022-08-19  7:31 ` [PATCH v2 1/4] kbuild: make sha256sum command available generally Sascha Hauer
  3 siblings, 0 replies; 7+ messages in thread
From: Ahmad Fatoum @ 2022-08-18  5:04 UTC (permalink / raw)
  To: barebox; +Cc: Ahmad Fatoum

__piggydata_end and __image_end used to be synonyms before the addition
of external firmware. Now that external firmware is located after
__piggydata_end, code using it needs to be revisited.

There's no reason to have code reference __piggydata_end. Either they
want all the rest of the image, so they should use __image_end instead
or they want just the piggy data, in which case they can read the data
size embedded into the piggydata itself.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 arch/arm/cpu/setupc_64.S       | 2 +-
 arch/arm/lib/pbl.lds.S         | 1 -
 arch/arm/mach-imx/romapi.c     | 2 +-
 arch/mips/lib/pbl.lds.S        | 3 ++-
 arch/riscv/lib/pbl.lds.S       | 2 --
 include/asm-generic/sections.h | 1 -
 6 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/arch/arm/cpu/setupc_64.S b/arch/arm/cpu/setupc_64.S
index b5f4a643fa42..d64281c148fc 100644
--- a/arch/arm/cpu/setupc_64.S
+++ b/arch/arm/cpu/setupc_64.S
@@ -29,7 +29,7 @@ ENDPROC(setup_c)
 					/* x0: target address */
 #ifdef __PBL__
 ENTRY(relocate_to_adr_full)
-	ldr	x2, =__piggydata_end
+	ldr	x2, =__image_end
 	b	1f
 #endif
 
diff --git a/arch/arm/lib/pbl.lds.S b/arch/arm/lib/pbl.lds.S
index 44ad5b335356..d48f27bc43b5 100644
--- a/arch/arm/lib/pbl.lds.S
+++ b/arch/arm/lib/pbl.lds.S
@@ -99,7 +99,6 @@ SECTIONS
 	.piggydata : {
 		*(.piggydata)
 	}
-	__piggydata_end = .;
 
 	. = ALIGN(4);
 	__pblext_start = .;
diff --git a/arch/arm/mach-imx/romapi.c b/arch/arm/mach-imx/romapi.c
index f7d421d73757..5d00d71154d7 100644
--- a/arch/arm/mach-imx/romapi.c
+++ b/arch/arm/mach-imx/romapi.c
@@ -28,7 +28,7 @@ static int imx8m_bootrom_load_image(struct rom_api *rom_api)
 {
 	return imx8m_bootrom_load(rom_api,
 				  (void *)MX8M_ATF_BL33_BASE_ADDR + barebox_pbl_size,
-				  __piggydata_end - __piggydata_start);
+				  __image_end - __piggydata_start);
 }
 
 int imx8mp_bootrom_load_image(void)
diff --git a/arch/mips/lib/pbl.lds.S b/arch/mips/lib/pbl.lds.S
index 75069b0c50d6..413f24b9ab05 100644
--- a/arch/mips/lib/pbl.lds.S
+++ b/arch/mips/lib/pbl.lds.S
@@ -48,7 +48,8 @@ SECTIONS
 	.piggydata : {
 		*(.piggydata)
 	}
-	__piggydata_end = . - BASE;
+
+	.image_end : { KEEP(*(.__image_end)) }
 
 	pbl_image_size =  .;
 
diff --git a/arch/riscv/lib/pbl.lds.S b/arch/riscv/lib/pbl.lds.S
index e238b2bfd34e..ccf64fc6d3aa 100644
--- a/arch/riscv/lib/pbl.lds.S
+++ b/arch/riscv/lib/pbl.lds.S
@@ -74,8 +74,6 @@ SECTIONS
 	.piggydata : {
 		*(.piggydata)
 	}
-	__piggydata_end = .;
-
 	.image_end : { KEEP(*(.__image_end)) }
 
 	pbl_image_size =  .;
diff --git a/include/asm-generic/sections.h b/include/asm-generic/sections.h
index e54123de0ea7..0b2ed5615bd6 100644
--- a/include/asm-generic/sections.h
+++ b/include/asm-generic/sections.h
@@ -11,7 +11,6 @@ extern char _end[];
 extern char __image_start[];
 extern char __image_end[];
 extern char __piggydata_start[];
-extern char __piggydata_end[];
 extern void *_barebox_image_size;
 extern void *_barebox_bare_init_size;
 extern void *_barebox_pbl_size;
-- 
2.30.2




^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v2 1/4] kbuild: make sha256sum command available generally
  2022-08-18  5:04 [PATCH v2 1/4] kbuild: make sha256sum command available generally Ahmad Fatoum
                   ` (2 preceding siblings ...)
  2022-08-18  5:04 ` [PATCH v2 4/4] pbl: replace __piggydata_end with __image_end Ahmad Fatoum
@ 2022-08-19  7:31 ` Sascha Hauer
  3 siblings, 0 replies; 7+ messages in thread
From: Sascha Hauer @ 2022-08-19  7:31 UTC (permalink / raw)
  To: Ahmad Fatoum; +Cc: barebox

On Thu, Aug 18, 2022 at 07:04:44AM +0200, Ahmad Fatoum wrote:
> We currently use the command only for generation a SHA256 sum of the
> barebox proper binary. In preparation for using it in othe Makefiles
> as well, move it to a central location and use the occasion to give
> it a short comment.
> 
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> ---
> v1 -> v2:
>   - no change
> ---
>  images/Makefile      |  7 -------
>  scripts/Makefile.lib | 11 +++++++++++
>  2 files changed, 11 insertions(+), 7 deletions(-)

Applied, thanks

Sascha

> 
> diff --git a/images/Makefile b/images/Makefile
> index 7a8bb94fe0df..218a24ff1ddd 100644
> --- a/images/Makefile
> +++ b/images/Makefile
> @@ -112,13 +112,6 @@ $(obj)/piggy.o: $(obj)/barebox.z FORCE
>  
>  $(obj)/sha_sum.o: $(obj)/barebox.sha.bin FORCE
>  
> -quiet_cmd_sha256bin ?= SHA-BIN $@
> -      cmd_sha256bin = printf "$(shell sed 's/ .*$$//;s/../0x&\n/g;s/\n$$//' $(obj)/barebox.sum | \
> -			while read -r byte; do printf '\%o' $$byte; done)" > $@
> -
> -quiet_cmd_sha256sum ?= SHA     $@
> -      cmd_sha256sum ?= sha256sum $(obj)/barebox.z > $@
> -
>  $(obj)/barebox.sha.bin: $(obj)/barebox.sum FORCE
>  	$(call if_changed,sha256bin)
>  
> diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
> index 46042dab3c8f..16308497b845 100644
> --- a/scripts/Makefile.lib
> +++ b/scripts/Makefile.lib
> @@ -272,6 +272,17 @@ cmd_ld = $(LD) $(KBUILD_LDFLAGS) $(EXTRA_LDFLAGS) $(LDFLAGS_$(@F)) \
>  quiet_cmd_objcopy = OBJCOPY $@
>  cmd_objcopy = $(OBJCOPY) $(OBJCOPYFLAGS) $(OBJCOPYFLAGS_$(@F)) $< $@
>  
> +# Hashing
> +# ---------------------------------------------------------------------------
> +# POSIX printf (e.g. dash's) doesn't support \xHH, but octal sequences are fine
> +
> +quiet_cmd_sha256bin ?= SHA-BIN $@
> +      cmd_sha256bin = printf "$(shell sed 's/ .*$$//;s/../0x&\n/g;s/\n$$//' $< | \
> +			while read -r byte; do printf '\%o' $$byte; done)" > $@
> +
> +quiet_cmd_sha256sum ?= SHA     $@
> +      cmd_sha256sum ?= sha256sum $< > $@
> +
>  # Decompressor for barebox proper binary when using PBL
>  # ---------------------------------------------------------------------------
>  
> -- 
> 2.30.2
> 
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v2 2/4] pbl: export pbl_barebox_verify
  2022-08-18  5:04 ` [PATCH v2 2/4] pbl: export pbl_barebox_verify Ahmad Fatoum
@ 2022-08-20 16:07   ` Antony Pavlov
  2022-08-21 13:29     ` Ahmad Fatoum
  0 siblings, 1 reply; 7+ messages in thread
From: Antony Pavlov @ 2022-08-20 16:07 UTC (permalink / raw)
  To: Ahmad Fatoum; +Cc: barebox

On Thu, 18 Aug 2022 07:04:45 +0200
Ahmad Fatoum <a.fatoum@pengutronix.de> wrote:

Hi!

It looks like the commit 5dba4f6b3d3 ("pbl: export pbl_barebox_verify") from the next branch
breaks the socfpga-xload-2_defconfig config build.

Here are the error messages:

crypto/digest.c:78:5: warning: no previous prototype for ‘digest_algo_register’ [-Wmissing-prototypes]
   78 | int digest_algo_register(struct digest_algo *d)
      |     ^~~~~~~~~~~~~~~~~~~~
crypto/digest.c:98:6: warning: no previous prototype for ‘digest_algo_unregister’ [-Wmissing-prototypes]
   98 | void digest_algo_unregister(struct digest_algo *d)
      |      ^~~~~~~~~~~~~~~~~~~~~~
crypto/digest.c:150:6: warning: no previous prototype for ‘digest_algo_prints’ [-Wmissing-prototypes]
  150 | void digest_algo_prints(const char *prefix)
      |      ^~~~~~~~~~~~~~~~~~
crypto/digest.c:162:16: error: redefinition of ‘digest_alloc’
  162 | struct digest *digest_alloc(const char *name)
      |                ^~~~~~~~~~~~
In file included from crypto/digest.c:17:
include/digest.h:99:30: note: previous definition of ‘digest_alloc’ with type ‘struct digest *(const char *)’
   99 | static inline struct digest *digest_alloc(const char *name)
      |                              ^~~~~~~~~~~~
crypto/digest.c:183:16: error: redefinition of ‘digest_alloc_by_algo’
  183 | struct digest *digest_alloc_by_algo(enum hash_algo hash_algo)
      |                ^~~~~~~~~~~~~~~~~~~~
include/digest.h:104:30: note: previous definition of ‘digest_alloc_by_algo’ with type ‘struct digest *(enum hash_algo)’
  104 | static inline struct digest *digest_alloc_by_algo(enum hash_algo algo)
      |                              ^~~~~~~~~~~~~~~~~~~~
crypto/digest.c:204:6: error: redefinition of ‘digest_free’
  204 | void digest_free(struct digest *d)
      |      ^~~~~~~~~~~
include/digest.h:109:20: note: previous definition of ‘digest_free’ with type ‘void(struct digest *)’
  109 | static inline void digest_free(struct digest *d)
      |                    ^~~~~~~~~~~
crypto/digest.c:259:5: warning: no previous prototype for ‘digest_file_window’ [-Wmissing-prototypes]
  259 | int digest_file_window(struct digest *d, const char *filename,
      |     ^~~~~~~~~~~~~~~~~~
crypto/digest.c:291:5: warning: no previous prototype for ‘digest_file’ [-Wmissing-prototypes]
  291 | int digest_file(struct digest *d, const char *filename,
      |     ^~~~~~~~~~~
crypto/digest.c:304:5: warning: no previous prototype for ‘digest_file_by_name’ [-Wmissing-prototypes]
  304 | int digest_file_by_name(const char *algo, const char *filename,
      |     ^~~~~~~~~~~~~~~~~~~
make[1]: *** [/home/antony/barebox/scripts/Makefile.build:137: crypto/digest.pbl.o] Error 1
make: *** [Makefile:953: crypto] Error 2
make: *** Waiting for unfinished jobs....




> There's no downside to always build the digest verification code in PBL
> and export pbl_barebox_verify to access it. This allows board code to
> use the function for verifying other firmware blobs and
> CONFIG_PBL_VERIFY_PIGGY=y will remain to enable the verification at
> barebox proper extraction time. Code not using it will have the function
> sections garbage collected by the linker, so no functional change.
> 
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> ---
> v1 -> v2:
>   - no change
> ---
>  crypto/Makefile | 3 +--
>  include/pbl.h   | 3 +++
>  pbl/decomp.c    | 6 +++---
>  3 files changed, 7 insertions(+), 5 deletions(-)
> 
> diff --git a/crypto/Makefile b/crypto/Makefile
> index 762d7e543be4..22035d4f69ee 100644
> --- a/crypto/Makefile
> +++ b/crypto/Makefile
> @@ -10,8 +10,7 @@ obj-$(CONFIG_DIGEST_MD5_GENERIC)	+= md5.o
>  obj-$(CONFIG_DIGEST_SHA1_GENERIC)	+= sha1.o
>  obj-$(CONFIG_DIGEST_SHA224_GENERIC)	+= sha2.o
>  obj-$(CONFIG_DIGEST_SHA256_GENERIC)	+= sha2.o
> -pbl-$(CONFIG_PBL_VERIFY_PIGGY)		+= sha2.o
> -pbl-$(CONFIG_PBL_VERIFY_PIGGY)		+= digest.o
> +pbl-y					+= sha2.o digest.o
>  obj-$(CONFIG_DIGEST_SHA384_GENERIC)	+= sha4.o
>  obj-$(CONFIG_DIGEST_SHA512_GENERIC)	+= sha4.o
>  obj-y	+= memneq.o
> diff --git a/include/pbl.h b/include/pbl.h
> index 0dc23c72dcf5..7dc4fa309257 100644
> --- a/include/pbl.h
> +++ b/include/pbl.h
> @@ -30,4 +30,7 @@ const void *
>  fdt_device_get_match_data(const void *fdt, const char *nodepath,
>  			  const struct fdt_device_id ids[]);
>  
> +int pbl_barebox_verify(const void *compressed_start, unsigned int len,
> +		       const void *hash, unsigned int hash_len);
> +
>  #endif /* __PBL_H__ */
> diff --git a/pbl/decomp.c b/pbl/decomp.c
> index 1e0ef81ada00..553895bac5e8 100644
> --- a/pbl/decomp.c
> +++ b/pbl/decomp.c
> @@ -54,14 +54,14 @@ static void noinline errorfn(char *error)
>  extern unsigned char sha_sum[];
>  extern unsigned char sha_sum_end[];
>  
> -static int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash,
> -			      unsigned int hash_len)
> +int pbl_barebox_verify(const void *compressed_start, unsigned int len,
> +		       const void *hash, unsigned int hash_len)
>  {
>  	struct sha256_state sha_state = { 0 };
>  	struct digest d = { .ctx = &sha_state };
>  	char computed_hash[SHA256_DIGEST_SIZE];
>  	int i;
> -	char *char_hash = hash;
> +	const char *char_hash = hash;
>  
>  	if (hash_len != SHA256_DIGEST_SIZE)
>  		return -1;
> -- 
> 2.30.2
> 
> 


-- 
Best regards,
  Antony Pavlov



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH v2 2/4] pbl: export pbl_barebox_verify
  2022-08-20 16:07   ` Antony Pavlov
@ 2022-08-21 13:29     ` Ahmad Fatoum
  0 siblings, 0 replies; 7+ messages in thread
From: Ahmad Fatoum @ 2022-08-21 13:29 UTC (permalink / raw)
  To: Antony Pavlov; +Cc: barebox

Hi Antony,

On 20.08.22 18:07, Antony Pavlov wrote:
> On Thu, 18 Aug 2022 07:04:45 +0200
> Ahmad Fatoum <a.fatoum@pengutronix.de> wrote:
> 
> Hi!
> 
> It looks like the commit 5dba4f6b3d3 ("pbl: export pbl_barebox_verify") from the next branch
> breaks the socfpga-xload-2_defconfig config build.

Thanks. Just sent a fixup.

> 
> Here are the error messages:
> 
> crypto/digest.c:78:5: warning: no previous prototype for ‘digest_algo_register’ [-Wmissing-prototypes]
>    78 | int digest_algo_register(struct digest_algo *d)
>       |     ^~~~~~~~~~~~~~~~~~~~
> crypto/digest.c:98:6: warning: no previous prototype for ‘digest_algo_unregister’ [-Wmissing-prototypes]
>    98 | void digest_algo_unregister(struct digest_algo *d)
>       |      ^~~~~~~~~~~~~~~~~~~~~~
> crypto/digest.c:150:6: warning: no previous prototype for ‘digest_algo_prints’ [-Wmissing-prototypes]
>   150 | void digest_algo_prints(const char *prefix)
>       |      ^~~~~~~~~~~~~~~~~~
> crypto/digest.c:162:16: error: redefinition of ‘digest_alloc’
>   162 | struct digest *digest_alloc(const char *name)
>       |                ^~~~~~~~~~~~
> In file included from crypto/digest.c:17:
> include/digest.h:99:30: note: previous definition of ‘digest_alloc’ with type ‘struct digest *(const char *)’
>    99 | static inline struct digest *digest_alloc(const char *name)
>       |                              ^~~~~~~~~~~~
> crypto/digest.c:183:16: error: redefinition of ‘digest_alloc_by_algo’
>   183 | struct digest *digest_alloc_by_algo(enum hash_algo hash_algo)
>       |                ^~~~~~~~~~~~~~~~~~~~
> include/digest.h:104:30: note: previous definition of ‘digest_alloc_by_algo’ with type ‘struct digest *(enum hash_algo)’
>   104 | static inline struct digest *digest_alloc_by_algo(enum hash_algo algo)
>       |                              ^~~~~~~~~~~~~~~~~~~~
> crypto/digest.c:204:6: error: redefinition of ‘digest_free’
>   204 | void digest_free(struct digest *d)
>       |      ^~~~~~~~~~~
> include/digest.h:109:20: note: previous definition of ‘digest_free’ with type ‘void(struct digest *)’
>   109 | static inline void digest_free(struct digest *d)
>       |                    ^~~~~~~~~~~
> crypto/digest.c:259:5: warning: no previous prototype for ‘digest_file_window’ [-Wmissing-prototypes]
>   259 | int digest_file_window(struct digest *d, const char *filename,
>       |     ^~~~~~~~~~~~~~~~~~
> crypto/digest.c:291:5: warning: no previous prototype for ‘digest_file’ [-Wmissing-prototypes]
>   291 | int digest_file(struct digest *d, const char *filename,
>       |     ^~~~~~~~~~~
> crypto/digest.c:304:5: warning: no previous prototype for ‘digest_file_by_name’ [-Wmissing-prototypes]
>   304 | int digest_file_by_name(const char *algo, const char *filename,
>       |     ^~~~~~~~~~~~~~~~~~~
> make[1]: *** [/home/antony/barebox/scripts/Makefile.build:137: crypto/digest.pbl.o] Error 1
> make: *** [Makefile:953: crypto] Error 2
> make: *** Waiting for unfinished jobs....
> 
> 
> 
> 
>> There's no downside to always build the digest verification code in PBL
>> and export pbl_barebox_verify to access it. This allows board code to
>> use the function for verifying other firmware blobs and
>> CONFIG_PBL_VERIFY_PIGGY=y will remain to enable the verification at
>> barebox proper extraction time. Code not using it will have the function
>> sections garbage collected by the linker, so no functional change.
>>
>> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
>> ---
>> v1 -> v2:
>>   - no change
>> ---
>>  crypto/Makefile | 3 +--
>>  include/pbl.h   | 3 +++
>>  pbl/decomp.c    | 6 +++---
>>  3 files changed, 7 insertions(+), 5 deletions(-)
>>
>> diff --git a/crypto/Makefile b/crypto/Makefile
>> index 762d7e543be4..22035d4f69ee 100644
>> --- a/crypto/Makefile
>> +++ b/crypto/Makefile
>> @@ -10,8 +10,7 @@ obj-$(CONFIG_DIGEST_MD5_GENERIC)	+= md5.o
>>  obj-$(CONFIG_DIGEST_SHA1_GENERIC)	+= sha1.o
>>  obj-$(CONFIG_DIGEST_SHA224_GENERIC)	+= sha2.o
>>  obj-$(CONFIG_DIGEST_SHA256_GENERIC)	+= sha2.o
>> -pbl-$(CONFIG_PBL_VERIFY_PIGGY)		+= sha2.o
>> -pbl-$(CONFIG_PBL_VERIFY_PIGGY)		+= digest.o
>> +pbl-y					+= sha2.o digest.o
>>  obj-$(CONFIG_DIGEST_SHA384_GENERIC)	+= sha4.o
>>  obj-$(CONFIG_DIGEST_SHA512_GENERIC)	+= sha4.o
>>  obj-y	+= memneq.o
>> diff --git a/include/pbl.h b/include/pbl.h
>> index 0dc23c72dcf5..7dc4fa309257 100644
>> --- a/include/pbl.h
>> +++ b/include/pbl.h
>> @@ -30,4 +30,7 @@ const void *
>>  fdt_device_get_match_data(const void *fdt, const char *nodepath,
>>  			  const struct fdt_device_id ids[]);
>>  
>> +int pbl_barebox_verify(const void *compressed_start, unsigned int len,
>> +		       const void *hash, unsigned int hash_len);
>> +
>>  #endif /* __PBL_H__ */
>> diff --git a/pbl/decomp.c b/pbl/decomp.c
>> index 1e0ef81ada00..553895bac5e8 100644
>> --- a/pbl/decomp.c
>> +++ b/pbl/decomp.c
>> @@ -54,14 +54,14 @@ static void noinline errorfn(char *error)
>>  extern unsigned char sha_sum[];
>>  extern unsigned char sha_sum_end[];
>>  
>> -static int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash,
>> -			      unsigned int hash_len)
>> +int pbl_barebox_verify(const void *compressed_start, unsigned int len,
>> +		       const void *hash, unsigned int hash_len)
>>  {
>>  	struct sha256_state sha_state = { 0 };
>>  	struct digest d = { .ctx = &sha_state };
>>  	char computed_hash[SHA256_DIGEST_SIZE];
>>  	int i;
>> -	char *char_hash = hash;
>> +	const char *char_hash = hash;
>>  
>>  	if (hash_len != SHA256_DIGEST_SIZE)
>>  		return -1;
>> -- 
>> 2.30.2
>>
>>
> 
> 


-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2022-08-21 13:31 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-18  5:04 [PATCH v2 1/4] kbuild: make sha256sum command available generally Ahmad Fatoum
2022-08-18  5:04 ` [PATCH v2 2/4] pbl: export pbl_barebox_verify Ahmad Fatoum
2022-08-20 16:07   ` Antony Pavlov
2022-08-21 13:29     ` Ahmad Fatoum
2022-08-18  5:04 ` [PATCH v2 3/4] firmware: add external firmware PBL support Ahmad Fatoum
2022-08-18  5:04 ` [PATCH v2 4/4] pbl: replace __piggydata_end with __image_end Ahmad Fatoum
2022-08-19  7:31 ` [PATCH v2 1/4] kbuild: make sha256sum command available generally Sascha Hauer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox