Re: [tegrarcm PATCH v2 3/4] Add support to dump rsa related fields for t210

[Stephen Warren <swarren@xxxxxxxxxxxxx>]

On 10/07/2015 12:57 PM, Jimmy Zhang wrote:
> > -----Original Message-----
> > From: Stephen Warren [mailto:swarren@xxxxxxxxxxxxx]
> > Sent: Wednesday, October 07, 2015 9:45 AM
> > To: Jimmy Zhang
> > Cc: Allen Martin; Stephen Warren; linux-tegra@xxxxxxxxxxxxxxx
> > Subject: Re: [tegrarcm PATCH v2 3/4] Add support to dump rsa related fields
> > for t210
> >
> > On 10/02/2015 02:56 PM, Jimmy Zhang wrote:
> > > Add support to dump rsa pubkey, bct's rsa-pss signature and
> > > bootloader's rsa-pss signature.
> >
> > It also seems to dump some AES hashes too.
> >
> > > diff --git a/src/bct_dump.c b/src/bct_dump.c
> >
> > > +static void format_rsa_param(char const * message, void * data) {
> > > +	u_int8_t *rsa = (u_int8_t *)data;
> > > +	int byte_index;
> > > +
> > > +	printf("%s", message);
> > > +	for (byte_index = 0; byte_index < ARSE_RSA_PARAM_MAX_BYTES;
> > > +					++byte_index) {
> > > +		printf("%02x", *rsa++);
> > > +
> > > +		if (byte_index && ((byte_index + 1) % 64 == 0))
> > > +			printf(";\n");
> > > +	}
> > > +
> > > +	if (byte_index && (byte_index % 64 != 0))
> > > +			printf(";\n");
> > > +}
> >
> > The same comment about hard-coding ARSE_RSA_PARAM_MAX_BYTES
> > applies here as in the previous commit.
> >
> > It would be nice if this function wrote the values to a file. That way, the
> > output of bct_dump would be something you could feed into cbootimage
> > directly. With this patch, the user has to manually convert the inline hex data
> > into a binary file before the output is useful.
> >
> > Still, solving that might be challenging. If bct_dump wrote to a user-supplied
> > filename, the files could simply be named "${filename}.RsaKeyModulus" etc.
> > However, since bct_dump prints to stdout, that's not possible. Perhaps since
> > bct_dump is mostly a debug aid, we can live with this issue for now.
>
> Maybe we should add a command line option to save RsaKey modulus to a given file.  I can come up another patch after this series is merged.

That would work. The issue is there are 3 tokens which implies 3 
command-line options (and may be more tokens if we extend cbootimage to 
support N BCT copies, N bootloaders, etc.).

Perhaps best would be:

bct_dump foo.bin
-> Prints results to stdout, with inline dumps of the RSA fields

bct_dump -o foo.cfg foo.bin
-> "Prints" results to foo.cfg, and puts all the RSA fields (as binary) 
into foo.cfg.RsaKeyModulus (and a variety of other auto-named files)?
--
To unsubscribe from this list: send the line "unsubscribe linux-tegra" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html