* [PATCH] scripts: imx: pass semicolons as substitute chars to compiler macros for CSF templating
@ 2025-01-06 11:33 Bastian Krause
2025-01-10 11:31 ` Sascha Hauer
0 siblings, 1 reply; 5+ messages in thread
From: Bastian Krause @ 2025-01-06 11:33 UTC (permalink / raw)
To: barebox; +Cc: Bastian Krause, Rouven Czerwinski, Marco Felsch, Stefan Kerkmann
With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB
certificates are taken from environment variables (allowing for better
integration with build systems). In this case these values are passed
internally via compiler macros (-D) to the imx-image host tool. PKCS#11
URIs usually contain semicolons. Semicolons, however, cannot be passed
via compiler macros and cannot be escaped.
To compensate for that, replace ';' with the substitute character '\x1a'
(with sed) before adding it as a macro and do the reverse in imx-image
while creating the CSF to be passed to NXP's cst. Ultimatively, this
allows using CONFIG_HAB_CERTS_ENV=y with PKCS#11 URIs, so build systems
do not need to set CONFIG_HABV4_* in barebox configs via tools like sed.
Note that this breaks use cases where literal substitute characters are
passed or are part of the CSF. But that shouldn't happen anyway.
An alternative approach would be base64 encoding the value before passing
it as a macro and decoding it in imx-image. But there seems to be no easy
way to encode before the kconfig variables are expanded in the CSF
template.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
---
scripts/Makefile.lib | 2 +-
scripts/imx/imx.c | 35 +++++++++++++++++++++++++++--------
2 files changed, 28 insertions(+), 9 deletions(-)
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index c32adf07cc5..dd720228408 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -556,7 +556,7 @@ cmd_imximage_S_dcd= \
overwrite-hab-env = $(shell set -e; \
test -n "$(CONFIG_HAB_CERTS_ENV)"; \
test -n "$$$(1)"; \
- echo -D$(1)=\\\"$(shell echo $$$(1))\\\")
+ echo -D$(1)=\\\"$(shell echo $$$(1) | sed 's/;/\x1a/g')\\\")
overwrite-fit-env = $(shell set -e; \
test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \
diff --git a/scripts/imx/imx.c b/scripts/imx/imx.c
index 5ccc116cfe3..f16bb8a26af 100644
--- a/scripts/imx/imx.c
+++ b/scripts/imx/imx.c
@@ -318,18 +318,37 @@ static int do_hab_qspi(struct config_data *data, int argc, char *argv[])
static int hab_add_str(struct config_data *data, const char *str)
{
- data->csf = strcata(data->csf, str);
- if (!data->csf)
- return -ENOMEM;
+ int ret = 0;
+ char *str_replaced = strdup(str);
+
+ /*
+ * Since semicolons cannot be passed via compiler macro (-D), these
+ * were replaced with substitute chars (\x1a) before. Now reverse the
+ * replacement.
+ */
+ for (char *p = str_replaced; *p != '\0'; ++p) {
+ if (*p == '\x1a')
+ *p = ';';
+ }
+
+ data->csf = strcata(data->csf, str_replaced);
+ if (!data->csf) {
+ ret = -ENOMEM;
+ goto cleanup;
+ }
if (!data->hab_qspi_support)
- return 0;
+ goto cleanup;
- data->flexspi_csf = strcata(data->flexspi_csf, str);
- if (!data->flexspi_csf)
- return -ENOMEM;
+ data->flexspi_csf = strcata(data->flexspi_csf, str_replaced);
+ if (!data->flexspi_csf) {
+ ret = -ENOMEM;
+ goto cleanup;
+ }
- return 0;
+cleanup:
+ free(str_replaced);
+ return ret;
}
static int hab_add_barebox_blocks(struct config_data *data,
--
2.39.5
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] scripts: imx: pass semicolons as substitute chars to compiler macros for CSF templating
2025-01-06 11:33 [PATCH] scripts: imx: pass semicolons as substitute chars to compiler macros for CSF templating Bastian Krause
@ 2025-01-10 11:31 ` Sascha Hauer
2025-01-10 16:18 ` Bastian Krause
0 siblings, 1 reply; 5+ messages in thread
From: Sascha Hauer @ 2025-01-10 11:31 UTC (permalink / raw)
To: Bastian Krause; +Cc: barebox, Rouven Czerwinski, Marco Felsch, Stefan Kerkmann
Hi Basti,
On Mon, Jan 06, 2025 at 12:33:40PM +0100, Bastian Krause wrote:
> With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB
> certificates are taken from environment variables (allowing for better
> integration with build systems). In this case these values are passed
> internally via compiler macros (-D) to the imx-image host tool. PKCS#11
> URIs usually contain semicolons. Semicolons, however, cannot be passed
> via compiler macros and cannot be escaped.
Try harder.
gcc -DFOO='"bar;baz"' test.c
#include <stdio.h>
int main(void)
{
printf(FOO);
}
Works as expected, so does it work when you add single quotes around the
URI?
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] scripts: imx: pass semicolons as substitute chars to compiler macros for CSF templating
2025-01-10 11:31 ` Sascha Hauer
@ 2025-01-10 16:18 ` Bastian Krause
2025-01-16 10:01 ` Sascha Hauer
0 siblings, 1 reply; 5+ messages in thread
From: Bastian Krause @ 2025-01-10 16:18 UTC (permalink / raw)
To: Sascha Hauer; +Cc: barebox, Rouven Czerwinski, Marco Felsch, Stefan Kerkmann
Hi Sascha,
On 1/10/25 12:31 PM, Sascha Hauer wrote:
> On Mon, Jan 06, 2025 at 12:33:40PM +0100, Bastian Krause wrote:
>> With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB
>> certificates are taken from environment variables (allowing for better
>> integration with build systems). In this case these values are passed
>> internally via compiler macros (-D) to the imx-image host tool. PKCS#11
>> URIs usually contain semicolons. Semicolons, however, cannot be passed
>> via compiler macros and cannot be escaped.
>
> Try harder.
>
> gcc -DFOO='"bar;baz"' test.c
>
> #include <stdio.h>
>
> int main(void)
> {
> printf(FOO);
> }
>
> Works as expected, so does it work when you add single quotes around the
> URI?
This actually works:
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -570,8 +570,8 @@ imxcfg_cpp_flags = -Wp,-MD,$(depfile) -nostdinc -x
assembler-with-cpp \
$(call overwrite-hab-env,CONFIG_HABV3_CSF_CRT_DER) \
$(call overwrite-hab-env,CONFIG_HABV3_IMG_CRT_DER) \
$(call overwrite-hab-env,CONFIG_HABV4_TABLE_BIN) \
- $(call overwrite-hab-env,CONFIG_HABV4_CSF_CRT_PEM) \
- $(call overwrite-hab-env,CONFIG_HABV4_IMG_CRT_PEM) \
+ -DCONFIG_HABV4_CSF_CRT_PEM='"$(CONFIG_HABV4_CSF_CRT_PEM)"' \
+ -DCONFIG_HABV4_IMG_CRT_PEM='"$(CONFIG_HABV4_IMG_CRT_PEM)"' \
$(call overwrite-fit-env,CONFIG_BOOTM_FITIMAGE_PUBKEY) \
dcd-tmp = $(subst $(comma),_,$(dot-target).dcd.tmp)
But I had no luck integrating the single quote approach in overwrite-
hab-env. Maybe my quoting/escaping fu is not strong enough. Could you
take a look?
Regards,
Bastian
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] scripts: imx: pass semicolons as substitute chars to compiler macros for CSF templating
2025-01-10 16:18 ` Bastian Krause
@ 2025-01-16 10:01 ` Sascha Hauer
2025-01-16 10:15 ` Bastian Krause
0 siblings, 1 reply; 5+ messages in thread
From: Sascha Hauer @ 2025-01-16 10:01 UTC (permalink / raw)
To: Bastian Krause; +Cc: barebox, Rouven Czerwinski, Marco Felsch, Stefan Kerkmann
On Fri, Jan 10, 2025 at 05:18:51PM +0100, Bastian Krause wrote:
> Hi Sascha,
>
> On 1/10/25 12:31 PM, Sascha Hauer wrote:
> > On Mon, Jan 06, 2025 at 12:33:40PM +0100, Bastian Krause wrote:
> > > With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB
> > > certificates are taken from environment variables (allowing for better
> > > integration with build systems). In this case these values are passed
> > > internally via compiler macros (-D) to the imx-image host tool. PKCS#11
> > > URIs usually contain semicolons. Semicolons, however, cannot be passed
> > > via compiler macros and cannot be escaped.
> >
> > Try harder.
> >
> > gcc -DFOO='"bar;baz"' test.c
> >
> > #include <stdio.h>
> >
> > int main(void)
> > {
> > printf(FOO);
> > }
> >
> > Works as expected, so does it work when you add single quotes around the
> > URI?
>
> This actually works:
>
> --- a/scripts/Makefile.lib
> +++ b/scripts/Makefile.lib
> @@ -570,8 +570,8 @@ imxcfg_cpp_flags = -Wp,-MD,$(depfile) -nostdinc -x
> assembler-with-cpp \
> $(call overwrite-hab-env,CONFIG_HABV3_CSF_CRT_DER) \
> $(call overwrite-hab-env,CONFIG_HABV3_IMG_CRT_DER) \
> $(call overwrite-hab-env,CONFIG_HABV4_TABLE_BIN) \
> - $(call overwrite-hab-env,CONFIG_HABV4_CSF_CRT_PEM) \
> - $(call overwrite-hab-env,CONFIG_HABV4_IMG_CRT_PEM) \
> + -DCONFIG_HABV4_CSF_CRT_PEM='"$(CONFIG_HABV4_CSF_CRT_PEM)"' \
> + -DCONFIG_HABV4_IMG_CRT_PEM='"$(CONFIG_HABV4_IMG_CRT_PEM)"' \
> $(call overwrite-fit-env,CONFIG_BOOTM_FITIMAGE_PUBKEY) \
>
> dcd-tmp = $(subst $(comma),_,$(dot-target).dcd.tmp)
>
>
> But I had no luck integrating the single quote approach in overwrite-
> hab-env. Maybe my quoting/escaping fu is not strong enough. Could you
> take a look?
Took some time, but it should work now. See the patch I just sent.
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] scripts: imx: pass semicolons as substitute chars to compiler macros for CSF templating
2025-01-16 10:01 ` Sascha Hauer
@ 2025-01-16 10:15 ` Bastian Krause
0 siblings, 0 replies; 5+ messages in thread
From: Bastian Krause @ 2025-01-16 10:15 UTC (permalink / raw)
To: Sascha Hauer; +Cc: barebox, Rouven Czerwinski, Marco Felsch, Stefan Kerkmann
On 1/16/25 11:01 AM, Sascha Hauer wrote:
> On Fri, Jan 10, 2025 at 05:18:51PM +0100, Bastian Krause wrote:
>> Hi Sascha,
>>
>> On 1/10/25 12:31 PM, Sascha Hauer wrote:
>>> On Mon, Jan 06, 2025 at 12:33:40PM +0100, Bastian Krause wrote:
>>>> With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB
>>>> certificates are taken from environment variables (allowing for better
>>>> integration with build systems). In this case these values are passed
>>>> internally via compiler macros (-D) to the imx-image host tool. PKCS#11
>>>> URIs usually contain semicolons. Semicolons, however, cannot be passed
>>>> via compiler macros and cannot be escaped.
>>>
>>> Try harder.
>>>
>>> gcc -DFOO='"bar;baz"' test.c
>>>
>>> #include <stdio.h>
>>>
>>> int main(void)
>>> {
>>> printf(FOO);
>>> }
>>>
>>> Works as expected, so does it work when you add single quotes around the
>>> URI?
>>
>> This actually works:
>>
>> --- a/scripts/Makefile.lib
>> +++ b/scripts/Makefile.lib
>> @@ -570,8 +570,8 @@ imxcfg_cpp_flags = -Wp,-MD,$(depfile) -nostdinc -x
>> assembler-with-cpp \
>> $(call overwrite-hab-env,CONFIG_HABV3_CSF_CRT_DER) \
>> $(call overwrite-hab-env,CONFIG_HABV3_IMG_CRT_DER) \
>> $(call overwrite-hab-env,CONFIG_HABV4_TABLE_BIN) \
>> - $(call overwrite-hab-env,CONFIG_HABV4_CSF_CRT_PEM) \
>> - $(call overwrite-hab-env,CONFIG_HABV4_IMG_CRT_PEM) \
>> + -DCONFIG_HABV4_CSF_CRT_PEM='"$(CONFIG_HABV4_CSF_CRT_PEM)"' \
>> + -DCONFIG_HABV4_IMG_CRT_PEM='"$(CONFIG_HABV4_IMG_CRT_PEM)"' \
>> $(call overwrite-fit-env,CONFIG_BOOTM_FITIMAGE_PUBKEY) \
>>
>> dcd-tmp = $(subst $(comma),_,$(dot-target).dcd.tmp)
>>
>>
>> But I had no luck integrating the single quote approach in overwrite-
>> hab-env. Maybe my quoting/escaping fu is not strong enough. Could you
>> take a look?
>
> Took some time, but it should work now. See the patch I just sent.
Nice, thanks! I'll give it a spin and will let you know if it works for me.
Regards,
Bastian
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-01-16 10:16 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-01-06 11:33 [PATCH] scripts: imx: pass semicolons as substitute chars to compiler macros for CSF templating Bastian Krause
2025-01-10 11:31 ` Sascha Hauer
2025-01-10 16:18 ` Bastian Krause
2025-01-16 10:01 ` Sascha Hauer
2025-01-16 10:15 ` Bastian Krause
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox