Re: [PATCH v2] habv4: imx change signing area from full to the executed image

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Sasha, Maik,

Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> writes:

> On Wed, Dec 18, 2019 at 01:57:17PM +0100, Maik Otto wrote:
>> the whole barebox with mbr and partition table were be signed by default.
>> change the signing to the executed image without signing the mbr,
>> partition table and header_gap by imx8mq
>> additional delete option full, from-dcdofs and skip-mbr
>>
>> Signed-off-by: Maik Otto <m.otto@xxxxxxxxx>
>> ---
>> Changes in v2:
>>     - change subject from habv4: add the possibility to changing the signing
>>       area from Kconfig to
>>     - delete KConfig entries
>>     - delete changes habv4-imx6-gencsf.h
>>     - delete full, from-dcdofs and skip-mbr options
>> ---
>>  scripts/imx/imx.c | 33 +++++++++------------------------
>>  1 file changed, 9 insertions(+), 24 deletions(-)
>
> Applied, thanks.
>
> @Marcin, as you introduced the "from-dcdofs" and "full" options, are you
> happy with this patch? It removes the options, but should default to
> what you originally wanted to archieve, right?

I think that when adding separate skip-mbr and from-dcdofs I wanted to
protect (with skip-mbr) first bytes of generated image, which contain
barebox header (with its version?) from what I remember. I never used
that information from there, so I am quite okay with dropping skip-mbr
support in favor of only from-dcdofs.

However I wonder why offset_load_address is hardcoded to
0x400. Shouldn't we leave from-dcdofs as is and simply dropping all
other options (full and skip-mbr)?

Regards,
Marcin

>
> Regards
>  Sascha
>
>>
>> diff --git a/scripts/imx/imx.c b/scripts/imx/imx.c
>> index b3e8d62..b2dd25c 100644
>> --- a/scripts/imx/imx.c
>> +++ b/scripts/imx/imx.c
>> @@ -338,16 +338,13 @@ static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
>>  	char *str;
>>  	int ret;
>>  	uint32_t signed_size = data->load_size;
>> -	uint32_t offset = 0;
>> +	uint32_t offset_load_address = 0x400; //skip MBR and Partition Table
>> +	uint32_t offset_size = offset_load_address;
>> +	uint32_t offset = offset_load_address;
>>
>>  	if (!data->csf)
>>  		return -EINVAL;
>>
>> -	if (argc < 2)
>> -		type = "full";
>> -	else
>> -		type = argv[1];
>> -
>>  	/*
>>  	 * In case of encrypted image we reduce signed area to beginning
>>  	 * of encrypted area.
>> @@ -359,31 +356,19 @@ static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
>>  	 * Ensure we only sign the PBL for i.MX8MQ
>>  	 */
>>  	if (data->pbl_code_size && data->cpu_type == IMX_CPU_IMX8MQ) {
>> -		offset = data->header_gap;
>> +		offset += data->header_gap;
>>  		signed_size = roundup(data->pbl_code_size + HEADER_LEN, 0x1000);
>>  		if (data->signed_hdmi_firmware_file)
>>  			offset += PLUGIN_HDMI_SIZE;
>>  	}
>>
>> -	if (!strcmp(type, "full")) {
>> +	if (signed_size > 0) {
>>  		ret = asprintf(&str, "Blocks = 0x%08x 0x%08x 0x%08x \"%s\"\n",
>> -			       data->image_load_addr, offset, signed_size,
>> -			       data->outfile);
>> -	} else if (!strcmp(type, "from-dcdofs")) {
>> -		ret = asprintf(&str, "Blocks = 0x%08x 0x%x %d \"%s\"\n",
>> -			       data->image_load_addr + data->image_dcd_offset,
>> -			       data->image_dcd_offset,
>> -			       signed_size - data->image_dcd_offset,
>> -			       data->outfile);
>> -	} else if (!strcmp(type, "skip-mbr")) {
>> -		ret = asprintf(&str,
>> -			       "Blocks = 0x%08x 0 440 \"%s\", \\\n"
>> -			       "         0x%08x 512 %d \"%s\"\n",
>> -			       data->image_load_addr, data->outfile,
>> -			       data->image_load_addr + 512,
>> -			       signed_size - 512, data->outfile);
>> +			data->image_load_addr + offset_load_address, offset,
>> +			signed_size - offset_size, data->outfile);
>>  	} else {
>> -		fprintf(stderr, "Invalid hab_blocks option: %s\n", type);
>> +		fprintf(stderr, "Invalid signed size area 0x%08x\n",
>> +			signed_size);
>>  		return -EINVAL;
>>  	}
>>
>> --
>> 2.7.4
>>
>>
>> _______________________________________________
>> barebox mailing list
>> barebox@xxxxxxxxxxxxxxxxxxx
>> http://lists.infradead.org/mailman/listinfo/barebox
>>


-- 
Marcin Niestrój

_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox




[Index of Archives]     [Linux Embedded]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux