mail archive of the barebox mailing list
 help / color / mirror / Atom feed
* [PATCH] scripts: imx: pass semicolons as substitute chars to compiler macros for CSF templating
@ 2025-01-06 11:33 Bastian Krause
  2025-01-10 11:31 ` Sascha Hauer
  0 siblings, 1 reply; 5+ messages in thread
From: Bastian Krause @ 2025-01-06 11:33 UTC (permalink / raw)
  To: barebox; +Cc: Bastian Krause, Rouven Czerwinski, Marco Felsch, Stefan Kerkmann

With CONFIG_HAB_CERTS_ENV=y, paths and PKCS#11 URIs to the HAB
certificates are taken from environment variables (allowing for better
integration with build systems). In this case these values are passed
internally via compiler macros (-D) to the imx-image host tool. PKCS#11
URIs usually contain semicolons. Semicolons, however, cannot be passed
via compiler macros and cannot be escaped.

To compensate for that, replace ';' with the substitute character '\x1a'
(with sed) before adding it as a macro and do the reverse in imx-image
while creating the CSF to be passed to NXP's cst. Ultimatively, this
allows using CONFIG_HAB_CERTS_ENV=y with PKCS#11 URIs, so build systems
do not need to set CONFIG_HABV4_* in barebox configs via tools like sed.

Note that this breaks use cases where literal substitute characters are
passed or are part of the CSF. But that shouldn't happen anyway.

An alternative approach would be base64 encoding the value before passing
it as a macro and decoding it in imx-image. But there seems to be no easy
way to encode before the kconfig variables are expanded in the CSF
template.

Signed-off-by: Bastian Krause <bst@pengutronix.de>
---
 scripts/Makefile.lib |  2 +-
 scripts/imx/imx.c    | 35 +++++++++++++++++++++++++++--------
 2 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index c32adf07cc5..dd720228408 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -556,7 +556,7 @@ cmd_imximage_S_dcd=						\
 overwrite-hab-env = $(shell set -e; \
       test -n "$(CONFIG_HAB_CERTS_ENV)"; \
       test -n "$$$(1)"; \
-      echo -D$(1)=\\\"$(shell echo $$$(1))\\\")
+      echo -D$(1)=\\\"$(shell echo $$$(1) | sed 's/;/\x1a/g')\\\")
 
 overwrite-fit-env = $(shell set -e; \
       test -n "$(CONFIG_BOOTM_FITIMAGE_PUBKEY_ENV)"; \
diff --git a/scripts/imx/imx.c b/scripts/imx/imx.c
index 5ccc116cfe3..f16bb8a26af 100644
--- a/scripts/imx/imx.c
+++ b/scripts/imx/imx.c
@@ -318,18 +318,37 @@ static int do_hab_qspi(struct config_data *data, int argc, char *argv[])
 
 static int hab_add_str(struct config_data *data, const char *str)
 {
-	data->csf = strcata(data->csf, str);
-	if (!data->csf)
-		return -ENOMEM;
+	int ret = 0;
+	char *str_replaced = strdup(str);
+
+	/*
+	 * Since semicolons cannot be passed via compiler macro (-D), these
+	 * were replaced with substitute chars (\x1a) before. Now reverse the
+	 * replacement.
+	 */
+	for (char *p = str_replaced; *p != '\0'; ++p) {
+		if (*p == '\x1a')
+			*p = ';';
+	}
+
+	data->csf = strcata(data->csf, str_replaced);
+	if (!data->csf) {
+		ret = -ENOMEM;
+		goto cleanup;
+	}
 
 	if (!data->hab_qspi_support)
-		return 0;
+		goto cleanup;
 
-	data->flexspi_csf = strcata(data->flexspi_csf, str);
-	if (!data->flexspi_csf)
-		return -ENOMEM;
+	data->flexspi_csf = strcata(data->flexspi_csf, str_replaced);
+	if (!data->flexspi_csf) {
+		ret = -ENOMEM;
+		goto cleanup;
+	}
 
-	return 0;
+cleanup:
+	free(str_replaced);
+	return ret;
 }
 
 static int hab_add_barebox_blocks(struct config_data *data,
-- 
2.39.5




^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2025-01-16 10:16 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-01-06 11:33 [PATCH] scripts: imx: pass semicolons as substitute chars to compiler macros for CSF templating Bastian Krause
2025-01-10 11:31 ` Sascha Hauer
2025-01-10 16:18   ` Bastian Krause
2025-01-16 10:01     ` Sascha Hauer
2025-01-16 10:15       ` Bastian Krause

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox