Re: [PATCH v6 15/16] cmd: verify: initial import
Hi Simon, Le 28/03/2022 à 08:35, Simon Glass a écrit : Hi Philippe, On Thu, 10 Mar 2022 at 09:53, Philippe REYNES wrote: Hi Simon, Le 03/03/2022 à 04:37, Simon Glass a écrit : Hi Philippe, On Fri, 25 Feb 2022 at 07:58, Philippe Reynes wrote: Add the command verify that check the signature of an image with the pre-load header. If the check succeed, the u-boot env variable 'loadaddr_verified' is set to the address of the image (without the header). It allows to run such commands: tftp script.img && verify $loadaddr && source $loadaddr_verified Signed-off-by: Philippe Reynes --- cmd/Kconfig | 7 +++ cmd/Makefile | 1 + cmd/verify.c | 53 3 files changed, 61 insertions(+) create mode 100644 cmd/verify.c Using the 'verify' command seems a bit vague. Could it be a sub-command of bootm perhaps? The command verify may be used with any binary (script, video firmware, .). So a lot of binaries that are not launched by bootm. I think that it is not "logic" to used a bootm subcommand. But we could use another name if you want. For example : pre_load_verify ? I see. Well, I suppose this is a boot loader, so 'verify' would be expected to mean verifying an image or something to boot, so this seems reasonable to me. But I do like the idea of putting pre_load in there somewhere if you can, since we do most other verification as part of the 'bootm' command. Up to you. I have sent a v8 where I remove the command pre_load_verify, and add the subcommand preload to bootm. Reviewed-by: Simon Glass Regards, Simon Regards, Philippe
Re: [PATCH v6 15/16] cmd: verify: initial import
Hi Philippe, On Thu, 10 Mar 2022 at 09:53, Philippe REYNES wrote: > > Hi Simon, > > > Le 03/03/2022 à 04:37, Simon Glass a écrit : > > Hi Philippe, > > > > On Fri, 25 Feb 2022 at 07:58, Philippe Reynes > > wrote: > >> Add the command verify that check the signature of > >> an image with the pre-load header. If the check > >> succeed, the u-boot env variable 'loadaddr_verified' > >> is set to the address of the image (without the header). > >> > >> It allows to run such commands: > >> tftp script.img && verify $loadaddr && source $loadaddr_verified > >> > >> Signed-off-by: Philippe Reynes > >> --- > >> cmd/Kconfig | 7 +++ > >> cmd/Makefile | 1 + > >> cmd/verify.c | 53 > >> 3 files changed, 61 insertions(+) > >> create mode 100644 cmd/verify.c > >> > > Using the 'verify' command seems a bit vague. Could it be a > > sub-command of bootm perhaps? > > > The command verify may be used with any binary (script, video firmware, > .). > So a lot of binaries that are not launched by bootm. > I think that it is not "logic" to used a bootm subcommand. > But we could use another name if you want. > For example : pre_load_verify ? I see. Well, I suppose this is a boot loader, so 'verify' would be expected to mean verifying an image or something to boot, so this seems reasonable to me. But I do like the idea of putting pre_load in there somewhere if you can, since we do most other verification as part of the 'bootm' command. Up to you. Reviewed-by: Simon Glass Regards, Simon
Re: [PATCH v6 15/16] cmd: verify: initial import
Hi Simon, Le 03/03/2022 à 04:37, Simon Glass a écrit : Hi Philippe, On Fri, 25 Feb 2022 at 07:58, Philippe Reynes wrote: Add the command verify that check the signature of an image with the pre-load header. If the check succeed, the u-boot env variable 'loadaddr_verified' is set to the address of the image (without the header). It allows to run such commands: tftp script.img && verify $loadaddr && source $loadaddr_verified Signed-off-by: Philippe Reynes --- cmd/Kconfig | 7 +++ cmd/Makefile | 1 + cmd/verify.c | 53 3 files changed, 61 insertions(+) create mode 100644 cmd/verify.c Using the 'verify' command seems a bit vague. Could it be a sub-command of bootm perhaps? The command verify may be used with any binary (script, video firmware, .). So a lot of binaries that are not launched by bootm. I think that it is not "logic" to used a bootm subcommand. But we could use another name if you want. For example : pre_load_verify ? diff --git a/cmd/Kconfig b/cmd/Kconfig index 87aa3fb11a..0460d5c3a0 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -428,6 +428,13 @@ config CMD_THOR_DOWNLOAD There is no documentation about this within the U-Boot source code but you should be able to find something on the interwebs. +config CMD_VERIFY + bool "verify the global signature" +depends on CMD_BOOTM_PRE_LOAD + help + Verify the signature provided in a pre-load header of + a full image. Please point to docs here + config CMD_ZBOOT bool "zboot - x86 boot command" help diff --git a/cmd/Makefile b/cmd/Makefile index 166c652d98..80e054e806 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -177,6 +177,7 @@ obj-$(CONFIG_CMD_THOR_DOWNLOAD) += thordown.o obj-$(CONFIG_CMD_XIMG) += ximg.o obj-$(CONFIG_CMD_YAFFS2) += yaffs2.o obj-$(CONFIG_CMD_SPL) += spl.o +obj-$(CONFIG_CMD_VERIFY) += verify.o obj-$(CONFIG_CMD_W1) += w1.o obj-$(CONFIG_CMD_ZIP) += zip.o obj-$(CONFIG_CMD_ZFS) += zfs.o diff --git a/cmd/verify.c b/cmd/verify.c new file mode 100644 index 00..4d055e0790 --- /dev/null +++ b/cmd/verify.c @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (C) 2022 Philippe Reynes + */ + +#include +#include +#include +#include + +static ulong verify_get_addr(int argc, char *const argv[]) +{ + ulong addr; + + if (argc > 0) + addr = simple_strtoul(argv[0], NULL, 16); hextoul + else + addr = image_load_addr; + + return addr; +} + +static int do_verify(struct cmd_tbl *cmdtp, int flag, int argc, +char *const argv[]) +{ + ulong addr = verify_get_addr(argc, argv); + int ret = 0; + + argc--; argv++; + + addr = verify_get_addr(argc, argv); + + if (CONFIG_IS_ENABLED(CMD_BOOTM_PRE_LOAD)) { + ret = image_pre_load(addr); + + if (ret) { + ret = CMD_RET_FAILURE; + goto out; + } + + env_set_hex("loadaddr_verified", addr + image_load_offset); + } + + out: + return ret; +} + +U_BOOT_CMD(verify, 2, 1, do_verify, + "verify the global signature provided in the pre-load header,\n" + "\tif the check succeed, the u-boot env variable loadaddr_verified\n" + "\tis set to the address of the image (without the header)", + "" +); -- 2.17.1 Regards, Simon Regards, Philippe
Re: [PATCH v6 15/16] cmd: verify: initial import
Hi Philippe, On Fri, 25 Feb 2022 at 07:58, Philippe Reynes wrote: > > Add the command verify that check the signature of > an image with the pre-load header. If the check > succeed, the u-boot env variable 'loadaddr_verified' > is set to the address of the image (without the header). > > It allows to run such commands: > tftp script.img && verify $loadaddr && source $loadaddr_verified > > Signed-off-by: Philippe Reynes > --- > cmd/Kconfig | 7 +++ > cmd/Makefile | 1 + > cmd/verify.c | 53 > 3 files changed, 61 insertions(+) > create mode 100644 cmd/verify.c > Using the 'verify' command seems a bit vague. Could it be a sub-command of bootm perhaps? > diff --git a/cmd/Kconfig b/cmd/Kconfig > index 87aa3fb11a..0460d5c3a0 100644 > --- a/cmd/Kconfig > +++ b/cmd/Kconfig > @@ -428,6 +428,13 @@ config CMD_THOR_DOWNLOAD > There is no documentation about this within the U-Boot source code > but you should be able to find something on the interwebs. > > +config CMD_VERIFY > + bool "verify the global signature" > +depends on CMD_BOOTM_PRE_LOAD > + help > + Verify the signature provided in a pre-load header of > + a full image. Please point to docs here > + > config CMD_ZBOOT > bool "zboot - x86 boot command" > help > diff --git a/cmd/Makefile b/cmd/Makefile > index 166c652d98..80e054e806 100644 > --- a/cmd/Makefile > +++ b/cmd/Makefile > @@ -177,6 +177,7 @@ obj-$(CONFIG_CMD_THOR_DOWNLOAD) += thordown.o > obj-$(CONFIG_CMD_XIMG) += ximg.o > obj-$(CONFIG_CMD_YAFFS2) += yaffs2.o > obj-$(CONFIG_CMD_SPL) += spl.o > +obj-$(CONFIG_CMD_VERIFY) += verify.o > obj-$(CONFIG_CMD_W1) += w1.o > obj-$(CONFIG_CMD_ZIP) += zip.o > obj-$(CONFIG_CMD_ZFS) += zfs.o > diff --git a/cmd/verify.c b/cmd/verify.c > new file mode 100644 > index 00..4d055e0790 > --- /dev/null > +++ b/cmd/verify.c > @@ -0,0 +1,53 @@ > +// SPDX-License-Identifier: GPL-2.0+ > +/* > + * Copyright (C) 2022 Philippe Reynes > + */ > + > +#include > +#include > +#include > +#include > + > +static ulong verify_get_addr(int argc, char *const argv[]) > +{ > + ulong addr; > + > + if (argc > 0) > + addr = simple_strtoul(argv[0], NULL, 16); hextoul > + else > + addr = image_load_addr; > + > + return addr; > +} > + > +static int do_verify(struct cmd_tbl *cmdtp, int flag, int argc, > +char *const argv[]) > +{ > + ulong addr = verify_get_addr(argc, argv); > + int ret = 0; > + > + argc--; argv++; > + > + addr = verify_get_addr(argc, argv); > + > + if (CONFIG_IS_ENABLED(CMD_BOOTM_PRE_LOAD)) { > + ret = image_pre_load(addr); > + > + if (ret) { > + ret = CMD_RET_FAILURE; > + goto out; > + } > + > + env_set_hex("loadaddr_verified", addr + image_load_offset); > + } > + > + out: > + return ret; > +} > + > +U_BOOT_CMD(verify, 2, 1, do_verify, > + "verify the global signature provided in the pre-load header,\n" > + "\tif the check succeed, the u-boot env variable > loadaddr_verified\n" > + "\tis set to the address of the image (without the header)", > + "" > +); > -- > 2.17.1 > Regards, Simon
[PATCH v6 15/16] cmd: verify: initial import
Add the command verify that check the signature of an image with the pre-load header. If the check succeed, the u-boot env variable 'loadaddr_verified' is set to the address of the image (without the header). It allows to run such commands: tftp script.img && verify $loadaddr && source $loadaddr_verified Signed-off-by: Philippe Reynes --- cmd/Kconfig | 7 +++ cmd/Makefile | 1 + cmd/verify.c | 53 3 files changed, 61 insertions(+) create mode 100644 cmd/verify.c diff --git a/cmd/Kconfig b/cmd/Kconfig index 87aa3fb11a..0460d5c3a0 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -428,6 +428,13 @@ config CMD_THOR_DOWNLOAD There is no documentation about this within the U-Boot source code but you should be able to find something on the interwebs. +config CMD_VERIFY + bool "verify the global signature" +depends on CMD_BOOTM_PRE_LOAD + help + Verify the signature provided in a pre-load header of + a full image. + config CMD_ZBOOT bool "zboot - x86 boot command" help diff --git a/cmd/Makefile b/cmd/Makefile index 166c652d98..80e054e806 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -177,6 +177,7 @@ obj-$(CONFIG_CMD_THOR_DOWNLOAD) += thordown.o obj-$(CONFIG_CMD_XIMG) += ximg.o obj-$(CONFIG_CMD_YAFFS2) += yaffs2.o obj-$(CONFIG_CMD_SPL) += spl.o +obj-$(CONFIG_CMD_VERIFY) += verify.o obj-$(CONFIG_CMD_W1) += w1.o obj-$(CONFIG_CMD_ZIP) += zip.o obj-$(CONFIG_CMD_ZFS) += zfs.o diff --git a/cmd/verify.c b/cmd/verify.c new file mode 100644 index 00..4d055e0790 --- /dev/null +++ b/cmd/verify.c @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (C) 2022 Philippe Reynes + */ + +#include +#include +#include +#include + +static ulong verify_get_addr(int argc, char *const argv[]) +{ + ulong addr; + + if (argc > 0) + addr = simple_strtoul(argv[0], NULL, 16); + else + addr = image_load_addr; + + return addr; +} + +static int do_verify(struct cmd_tbl *cmdtp, int flag, int argc, +char *const argv[]) +{ + ulong addr = verify_get_addr(argc, argv); + int ret = 0; + + argc--; argv++; + + addr = verify_get_addr(argc, argv); + + if (CONFIG_IS_ENABLED(CMD_BOOTM_PRE_LOAD)) { + ret = image_pre_load(addr); + + if (ret) { + ret = CMD_RET_FAILURE; + goto out; + } + + env_set_hex("loadaddr_verified", addr + image_load_offset); + } + + out: + return ret; +} + +U_BOOT_CMD(verify, 2, 1, do_verify, + "verify the global signature provided in the pre-load header,\n" + "\tif the check succeed, the u-boot env variable loadaddr_verified\n" + "\tis set to the address of the image (without the header)", + "" +); -- 2.17.1