Am Montag, den 05.08.2019, 11:23 +0200 schrieb Rouven Czerwinski: > Create a sha256sum of the compressed barebox image and always add it to > the PBL. We also add a custom linker section for ARM, to retrieve the > sha256sum for piggydata verification. Hm, this add an unconditional build dependency to the sha256sum host- tool, which might be a bit unexpected. I'm not sot sure if we care about this, so I'll defer the decision to Sascha. ;) Regards, Lucas > Signed-off-by: Rouven Czerwinski <r.czerwinski@xxxxxxxxxxxxxx> > --- > arch/arm/lib/pbl.lds.S | 7 +++++++ > images/Makefile | 22 +++++++++++++++++++--- > images/sha_sum.S | 7 +++++++ > 3 files changed, 33 insertions(+), 3 deletions(-) > create mode 100644 images/sha_sum.S > > diff --git a/arch/arm/lib/pbl.lds.S b/arch/arm/lib/pbl.lds.S > index d2f5ab2..01ed384 100644 > --- a/arch/arm/lib/pbl.lds.S > +++ b/arch/arm/lib/pbl.lds.S > @@ -68,6 +68,13 @@ SECTIONS > > . = ALIGN(4); > > .data : { *(.data*) } > > > + . = ALIGN(4); > > + __shasum_start = .; > > + .shasum : { > > + KEEP(*(.shasum)) > > + } > > + __shasum_end = .; > + > > .rel_dyn_start : { *(.__rel_dyn_start) } > #ifdef CONFIG_CPU_32 > > .rel.dyn : { *(.rel*) } > diff --git a/images/Makefile b/images/Makefile > index 293e644..907986e 100644 > --- a/images/Makefile > +++ b/images/Makefile > @@ -57,11 +57,12 @@ quiet_cmd_elf__ ?= LD $@ > > cmd_elf__ ?= $(LD) $(LDFLAGS_barebox) --gc-sections \ > > > -e $(2) -Map $@.map $(LDFLAGS_$(@F)) -o $@ \ > > > -T $(pbl-lds) \ > > - --start-group $(barebox-pbl-common) $(obj)/piggy.o --end-group > > > + --start-group $(barebox-pbl-common) $(obj)/piggy.o \ > > + $(obj)/sha_sum.o --end-group > > > PBL_CPPFLAGS += -fdata-sections -ffunction-sections > > -$(obj)/%.pbl: $(pbl-lds) $(barebox-pbl-common) $(obj)/piggy.o FORCE > +$(obj)/%.pbl: $(pbl-lds) $(barebox-pbl-common) $(obj)/piggy.o $(obj)/sha_sum.o FORCE > > $(call if_changed,elf__,$(*F)) > > $(obj)/%.pblb: $(obj)/%.pbl FORCE > @@ -111,6 +112,21 @@ suffix_$(CONFIG_IMAGE_COMPRESSION_NONE) = comp_copy > > $(obj)/piggy.o: $(obj)/barebox.z FORCE > > +$(obj)/sha_sum.o: $(obj)/barebox.sha.bin FORCE > + > +quiet_cmd_sha256bin ?= SHA-BIN $@ > + cmd_sha256bin ?= printf "$(shell awk '{printf $$1}' < $(obj)/barebox.sum | sed -e 's/../\\x&/g' )" > $@ > + > +quiet_cmd_sha256sum ?= SHA $@ > + cmd_sha256sum ?= sha256sum $(obj)/barebox.z > $@ > + > +$(obj)/barebox.sha.bin: $(obj)/barebox.sum FORCE > > + $(call if_changed,sha256bin) > + > +$(obj)/barebox.sum: $(obj)/barebox.z FORCE > > + $(call if_changed,sha256sum) > + > + > # barebox.z - compressed barebox binary > # ---------------------------------------------------------------- > $(obj)/barebox.z: $(obj)/../barebox.bin FORCE > @@ -152,7 +168,7 @@ ifneq ($(pblx-y)$(pblx-),) > $(error pblx- has been removed. Please use pblb- instead.) > endif > > -targets += $(image-y) pbl.lds barebox.x barebox.z piggy.o > +targets += $(image-y) pbl.lds barebox.x barebox.z piggy.o sha_sum.o barebox.sha.bin barebox.sum > targets += $(patsubst %,%.pblb,$(pblb-y)) > targets += $(patsubst %,%.pbl,$(pblb-y)) > targets += $(patsubst %,%.s,$(pblb-y)) > diff --git a/images/sha_sum.S b/images/sha_sum.S > new file mode 100644 > index 0000000..5928c20 > --- /dev/null > +++ b/images/sha_sum.S > @@ -0,0 +1,7 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > + .section .shasum,"a" > + .globl sha_sum > +sha_sum: > + .incbin "images/barebox.sha.bin" > + .globl sha_sum_end > +sha_sum_end: _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox