* how to do a digest on a flashed uImage ? @ 2015-07-01 7:02 Philippe Leduc 2015-07-02 5:42 ` Sascha Hauer 0 siblings, 1 reply; 3+ messages in thread From: Philippe Leduc @ 2015-07-01 7:02 UTC (permalink / raw) To: barebox Hello, I have a uImage saved in a memory partition and I am able to boot on it with bootm command. I would like to add a digest (like a hmac(sha1)) in order to check the integrity of the binary before booting on it. Because my partition is bigger than my uImage, I don't know how to use digest on it. In fact there are two problems that I don't know how to solve: I can't get the size of my file and I can't ask digest to work on COUNT bytes. For the size problem: I can extract the size of the uImage in binary form since this information is present in the uImage header (via memcpy), but I don't know how to convert it in a format compatible with Hush. For digest, I can copy the binary in the RAM, but I fear that it is longer than working on the flash: it takes 4,8s to memcpy the uImage in a RAM file, and less than 3s to bootm on the flash. But Do you know a way to get the size of a file? Or to convert a binary size into a "human readable format" for Hush? Or should I develop a kind of "stat" utility for barebox? Thank you in advance, I hope my explanation is not too convoluted :) Thank you in advance, Best regards, -- Philippe LEDUC ledphilippe@gmail.com _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: how to do a digest on a flashed uImage ? 2015-07-01 7:02 how to do a digest on a flashed uImage ? Philippe Leduc @ 2015-07-02 5:42 ` Sascha Hauer 2015-07-02 5:47 ` Jean-Christophe PLAGNIOL-VILLARD 0 siblings, 1 reply; 3+ messages in thread From: Sascha Hauer @ 2015-07-02 5:42 UTC (permalink / raw) To: Philippe Leduc; +Cc: barebox Hi Philippe, On Wed, Jul 01, 2015 at 09:02:28AM +0200, Philippe Leduc wrote: > Hello, > > I have a uImage saved in a memory partition and I am able to boot on > it with bootm command. I would like to add a digest (like a > hmac(sha1)) in order to check the integrity of the binary before > booting on it. > > Because my partition is bigger than my uImage, I don't know how to use > digest on it. > In fact there are two problems that I don't know how to solve: I can't > get the size of my file and I can't ask digest to work on COUNT bytes. > > For the size problem: I can extract the size of the uImage in binary > form since this information is present in the uImage header (via > memcpy), but I don't know how to convert it in a format compatible > with Hush. > > For digest, I can copy the binary in the RAM, but I fear that it is > longer than working on the flash: it takes 4,8s to memcpy the uImage > in a RAM file, and less than 3s to bootm on the flash. But > > > Do you know a way to get the size of a file? Or to convert a binary > size into a "human readable format" for Hush? Or should I develop a > kind of "stat" utility for barebox? > Thank you in advance, I can't think of a way on the shell to accomplish this. Something that might come close is uImagefs. You can mount an uImage as a filesystem, then you can run digest on the individual contents of the image, but not of the whole image itself. Also extracting the size from the image via memcpy and somehow convert the value to hex, then memcpy the uImage to a file sounds fragile. I would probably add a option to the uimage command, like -c for copy. In C it's easy to sanity check the size you read and to verify the header checksum before doing anything else. You can't do that in shell. Sascha -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: how to do a digest on a flashed uImage ? 2015-07-02 5:42 ` Sascha Hauer @ 2015-07-02 5:47 ` Jean-Christophe PLAGNIOL-VILLARD 0 siblings, 0 replies; 3+ messages in thread From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-07-02 5:47 UTC (permalink / raw) To: Sascha Hauer; +Cc: Philippe Leduc, barebox > On Jul 2, 2015, at 1:42 PM, Sascha Hauer <s.hauer@pengutronix.de> wrote: > > Hi Philippe, > > On Wed, Jul 01, 2015 at 09:02:28AM +0200, Philippe Leduc wrote: >> Hello, >> >> I have a uImage saved in a memory partition and I am able to boot on >> it with bootm command. I would like to add a digest (like a >> hmac(sha1)) in order to check the integrity of the binary before >> booting on it. >> >> Because my partition is bigger than my uImage, I don't know how to use >> digest on it. >> In fact there are two problems that I don't know how to solve: I can't >> get the size of my file and I can't ask digest to work on COUNT bytes. >> >> For the size problem: I can extract the size of the uImage in binary >> form since this information is present in the uImage header (via >> memcpy), but I don't know how to convert it in a format compatible >> with Hush. >> >> For digest, I can copy the binary in the RAM, but I fear that it is >> longer than working on the flash: it takes 4,8s to memcpy the uImage >> in a RAM file, and less than 3s to bootm on the flash. But >> >> >> Do you know a way to get the size of a file? Or to convert a binary >> size into a "human readable format" for Hush? Or should I develop a >> kind of "stat" utility for barebox? >> Thank you in advance, > > I can't think of a way on the shell to accomplish this. Something that > might come close is uImagefs. You can mount an uImage as a filesystem, > then you can run digest on the individual contents of the image, but not > of the whole image itself. > > Also extracting the size from the image via memcpy and somehow convert > the value to hex, then memcpy the uImage to a file sounds fragile. I > would probably add a option to the uimage command, like -c for copy. > In C it's easy to sanity check the size you read and to verify the > header checksum before doing anything else. You can't do that in shell. uImageFS was design exactly for this case Best Regards, J. > > Sascha > > -- > Pengutronix e.K. | | > Industrial Linux Solutions | http://www.pengutronix.de/ | > Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | > > _______________________________________________ > barebox mailing list > barebox@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/barebox _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-07-02 5:48 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-07-01 7:02 how to do a digest on a flashed uImage ? Philippe Leduc 2015-07-02 5:42 ` Sascha Hauer 2015-07-02 5:47 ` Jean-Christophe PLAGNIOL-VILLARD
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox