[U-Boot] [PATCH] imx: hab: extend hab_auth_img to calculate ivt_offset
Current implementation of hab_auth_img command needs ivt_offset to
authenticate the image. But ivt header is placed at the end of image
date after padding.
This leaves the usage of hab_auth_img command to fixed size or static
offset for ivt header. New function "get_image_ivt_offset" is introduced
to find the ivt offset during runtime. The case conditional check in this
function is same as boot_get_kernel in common/bootm.c
With this variable length image e.g. FIT image with any random size can
have IVT at the end and ivt_offset option can be left optional
Can be used as "hab_auth_img $loadaddr $filesize" from u-boot script
Signed-off-by: Parthiban Nallathambi
---
arch/arm/mach-imx/hab.c | 29 +++--
1 file changed, 27 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index b88acd13da..060d0866b3 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -6,6 +6,8 @@
#include
#include
#include
+#include
+#include
#include
#include
#include
@@ -302,18 +304,41 @@ static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int
argc,
return 0;
}
+static ulong get_image_ivt_offset(ulong img_addr, ulong length)
+{
+ const void *buf;
+
+ buf = map_sysmem(img_addr, 0);
+ switch (genimg_get_format(buf)) {
+#if defined(CONFIG_IMAGE_FORMAT_LEGACY)
+ case IMAGE_FORMAT_LEGACY:
+ return (image_get_image_size((image_header_t *)img_addr)
+ + 0x1000 - 1) & ~(0x1000 - 1);
+#endif
+#if IMAGE_ENABLE_FIT
+ case IMAGE_FORMAT_FIT:
+ return (fit_get_size(buf) + 0x1000 - 1) & ~(0x1000 - 1);
+#endif
+ default:
+ return 0;
+ }
+}
+
static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
ulong addr, length, ivt_offset;
int rcode = 0;
- if (argc < 4)
+ if (argc < 3)
return CMD_RET_USAGE;
addr = simple_strtoul(argv[1], NULL, 16);
length = simple_strtoul(argv[2], NULL, 16);
- ivt_offset = simple_strtoul(argv[3], NULL, 16);
+ if (argc == 3)
+ ivt_offset = get_image_ivt_offset(addr, length);
+ else
+ ivt_offset = simple_strtoul(argv[3], NULL, 16);
rcode = imx_hab_authenticate_image(addr, length, ivt_offset);
if (rcode == 0)
--
2.17.2
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] imx: hab: extend hab_auth_img to calculate ivt_offset
Ping on this patch!
On 11/6/18 5:39 PM, Parthiban Nallathambi wrote:
Current implementation of hab_auth_img command needs ivt_offset to
authenticate the image. But ivt header is placed at the end of image
date after padding.
This leaves the usage of hab_auth_img command to fixed size or static
offset for ivt header. New function "get_image_ivt_offset" is introduced
to find the ivt offset during runtime. The case conditional check in this
function is same as boot_get_kernel in common/bootm.c
With this variable length image e.g. FIT image with any random size can
have IVT at the end and ivt_offset option can be left optional
Can be used as "hab_auth_img $loadaddr $filesize" from u-boot script
Signed-off-by: Parthiban Nallathambi
---
arch/arm/mach-imx/hab.c | 29 +++--
1 file changed, 27 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index b88acd13da..060d0866b3 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -6,6 +6,8 @@
#include
#include
#include
+#include
+#include
#include
#include
#include
@@ -302,18 +304,41 @@ static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int
argc,
return 0;
}
+static ulong get_image_ivt_offset(ulong img_addr, ulong length)
+{
+ const void *buf;
+
+ buf = map_sysmem(img_addr, 0);
+ switch (genimg_get_format(buf)) {
+#if defined(CONFIG_IMAGE_FORMAT_LEGACY)
+ case IMAGE_FORMAT_LEGACY:
+ return (image_get_image_size((image_header_t *)img_addr)
+ + 0x1000 - 1) & ~(0x1000 - 1);
+#endif
+#if IMAGE_ENABLE_FIT
+ case IMAGE_FORMAT_FIT:
+ return (fit_get_size(buf) + 0x1000 - 1) & ~(0x1000 - 1);
+#endif
+ default:
+ return 0;
+ }
+}
+
static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
ulong addr, length, ivt_offset;
int rcode = 0;
- if (argc < 4)
+ if (argc < 3)
return CMD_RET_USAGE;
addr = simple_strtoul(argv[1], NULL, 16);
length = simple_strtoul(argv[2], NULL, 16);
- ivt_offset = simple_strtoul(argv[3], NULL, 16);
+ if (argc == 3)
+ ivt_offset = get_image_ivt_offset(addr, length);
+ else
+ ivt_offset = simple_strtoul(argv[3], NULL, 16);
rcode = imx_hab_authenticate_image(addr, length, ivt_offset);
if (rcode == 0)
--
Thanks,
Parthiban N
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-22 Fax: (+49)-8142-66989-80 Email: p...@denx.de
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] imx: hab: extend hab_auth_img to calculate ivt_offset
Adding Bryan and Breno in case they can help reviewing it.
On Tue, Nov 6, 2018 at 2:42 PM Parthiban Nallathambi wrote:
>
> Current implementation of hab_auth_img command needs ivt_offset to
> authenticate the image. But ivt header is placed at the end of image
> date after padding.
>
> This leaves the usage of hab_auth_img command to fixed size or static
> offset for ivt header. New function "get_image_ivt_offset" is introduced
> to find the ivt offset during runtime. The case conditional check in this
> function is same as boot_get_kernel in common/bootm.c
>
> With this variable length image e.g. FIT image with any random size can
> have IVT at the end and ivt_offset option can be left optional
>
> Can be used as "hab_auth_img $loadaddr $filesize" from u-boot script
>
> Signed-off-by: Parthiban Nallathambi
> ---
> arch/arm/mach-imx/hab.c | 29 +++--
> 1 file changed, 27 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
> index b88acd13da..060d0866b3 100644
> --- a/arch/arm/mach-imx/hab.c
> +++ b/arch/arm/mach-imx/hab.c
> @@ -6,6 +6,8 @@
> #include
> #include
> #include
> +#include
> +#include
> #include
> #include
> #include
> @@ -302,18 +304,41 @@ static int do_hab_status(cmd_tbl_t *cmdtp, int flag,
> int argc,
> return 0;
> }
>
> +static ulong get_image_ivt_offset(ulong img_addr, ulong length)
> +{
> + const void *buf;
> +
> + buf = map_sysmem(img_addr, 0);
> + switch (genimg_get_format(buf)) {
> +#if defined(CONFIG_IMAGE_FORMAT_LEGACY)
> + case IMAGE_FORMAT_LEGACY:
> + return (image_get_image_size((image_header_t *)img_addr)
> + + 0x1000 - 1) & ~(0x1000 - 1);
> +#endif
> +#if IMAGE_ENABLE_FIT
> + case IMAGE_FORMAT_FIT:
> + return (fit_get_size(buf) + 0x1000 - 1) & ~(0x1000 - 1);
> +#endif
> + default:
> + return 0;
> + }
> +}
> +
> static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
> char * const argv[])
> {
> ulong addr, length, ivt_offset;
> int rcode = 0;
>
> - if (argc < 4)
> + if (argc < 3)
> return CMD_RET_USAGE;
>
> addr = simple_strtoul(argv[1], NULL, 16);
> length = simple_strtoul(argv[2], NULL, 16);
> - ivt_offset = simple_strtoul(argv[3], NULL, 16);
> + if (argc == 3)
> + ivt_offset = get_image_ivt_offset(addr, length);
> + else
> + ivt_offset = simple_strtoul(argv[3], NULL, 16);
>
> rcode = imx_hab_authenticate_image(addr, length, ivt_offset);
> if (rcode == 0)
> --
> 2.17.2
>
> ___
> U-Boot mailing list
> U-Boot@lists.denx.de
> https://lists.denx.de/listinfo/u-boot
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] imx: hab: extend hab_auth_img to calculate ivt_offset
Hi Parthiban,
Em ter, 6 de nov de 2018 às 14:42, Parthiban Nallathambi
escreveu:
>
> Current implementation of hab_auth_img command needs ivt_offset to
> authenticate the image. But ivt header is placed at the end of image
> date after padding.
>
> This leaves the usage of hab_auth_img command to fixed size or static
> offset for ivt header. New function "get_image_ivt_offset" is introduced
> to find the ivt offset during runtime. The case conditional check in this
> function is same as boot_get_kernel in common/bootm.c
>
> With this variable length image e.g. FIT image with any random size can
> have IVT at the end and ivt_offset option can be left optional
>
> Can be used as "hab_auth_img $loadaddr $filesize" from u-boot script
>
> Signed-off-by: Parthiban Nallathambi
> ---
> arch/arm/mach-imx/hab.c | 29 +++--
> 1 file changed, 27 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
> index b88acd13da..060d0866b3 100644
> --- a/arch/arm/mach-imx/hab.c
> +++ b/arch/arm/mach-imx/hab.c
> @@ -6,6 +6,8 @@
> #include
> #include
> #include
> +#include
> +#include
> #include
> #include
> #include
> @@ -302,18 +304,41 @@ static int do_hab_status(cmd_tbl_t *cmdtp, int flag,
> int argc,
> return 0;
> }
>
> +static ulong get_image_ivt_offset(ulong img_addr, ulong length)
> +{
I'm seeing that function get_image_ivt_offset() requires a length but
we are not using it, there is any reason for that?
Thanks,
Breno Lima
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] imx: hab: extend hab_auth_img to calculate ivt_offset
Hi Breno,
On 11/21/18 2:24 PM, Breno Matheus Lima wrote:
Hi Parthiban,
Em ter, 6 de nov de 2018 às 14:42, Parthiban Nallathambi
escreveu:
Current implementation of hab_auth_img command needs ivt_offset to
authenticate the image. But ivt header is placed at the end of image
date after padding.
This leaves the usage of hab_auth_img command to fixed size or static
offset for ivt header. New function "get_image_ivt_offset" is introduced
to find the ivt offset during runtime. The case conditional check in this
function is same as boot_get_kernel in common/bootm.c
With this variable length image e.g. FIT image with any random size can
have IVT at the end and ivt_offset option can be left optional
Can be used as "hab_auth_img $loadaddr $filesize" from u-boot script
Signed-off-by: Parthiban Nallathambi
---
arch/arm/mach-imx/hab.c | 29 +++--
1 file changed, 27 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index b88acd13da..060d0866b3 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -6,6 +6,8 @@
#include
#include
#include
+#include
+#include
#include
#include
#include
@@ -302,18 +304,41 @@ static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int
argc,
return 0;
}
+static ulong get_image_ivt_offset(ulong img_addr, ulong length)
+{
I'm seeing that function get_image_ivt_offset() requires a length but
we are not using it, there is any reason for that?
length is not required to find the ivt offset in the image. I will
remove this.
Thanks,
Breno Lima
--
Thanks,
Parthiban N
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-22 Fax: (+49)-8142-66989-80 Email: p...@denx.de
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] imx: hab: extend hab_auth_img to calculate ivt_offset
Hi Quentin Grembert, On 11/27/18 3:12 PM, Quentin Grembert wrote: Hi, I don't know how to publish on U-Boot mailing list, so i'm writing directly to you. I am using hab_auth_img to authentificate other files than Linux image, like *.dtb or others. So you have dtb and other images signed without combining them into a single image like fitimage? You can still use the previous method of using hab_auth_img with ivt if you are providing the ivt at fixed offset. The patch you submitted may broke the compatibility with our use : https://lists.denx.de/pipermail/u-boot/2018-November/348563.html Regards, Quentin Grembert -- Thanks, Parthiban N DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-22 Fax: (+49)-8142-66989-80 Email: p...@denx.de ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] imx: hab: extend hab_auth_img to calculate ivt_offset
Hello Quentin, Am 27.11.2018 um 15:15 schrieb Parthiban Nallathambi: Hi Quentin Grembert, On 11/27/18 3:12 PM, Quentin Grembert wrote: Hi, I don't know how to publish on U-Boot mailing list, so i'm writing directly to you. I am using hab_auth_img to authentificate other files than Linux image, like *.dtb or others. So you have dtb and other images signed without combining them into a single image like fitimage? You can still use the previous method of using hab_auth_img with ivt if you are providing the ivt at fixed offset. Yes, but I recommend to use FIT image. It is design for such tasks. bye, Heiko The patch you submitted may broke the compatibility with our use : https://lists.denx.de/pipermail/u-boot/2018-November/348563.html Regards, Quentin Grembert -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: +49-8142-66989-52 Fax: +49-8142-66989-80 Email: h...@denx.de ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] imx: hab: extend hab_auth_img to calculate ivt_offset
Hi, On 11/28/18 9:19 AM, Quentin Grembert wrote: Hello, I did not see I still could use the old parameters. So I guess I disturb you for nothing. You must still be able to use the previous method with ivt_offset as last argument to hab_auth_img. I did not not about FIT image. I will look into it. Thank's ! Quentin Grembert On Wed, 28 Nov 2018 at 05:43, Heiko Schocher wrote: Hello Quentin, Am 27.11.2018 um 15:15 schrieb Parthiban Nallathambi: Hi Quentin Grembert, On 11/27/18 3:12 PM, Quentin Grembert wrote: Hi, I don't know how to publish on U-Boot mailing list, so i'm writing directly to you. I am using hab_auth_img to authentificate other files than Linux image, like *.dtb or others. So you have dtb and other images signed without combining them into a single image like fitimage? You can still use the previous method of using hab_auth_img with ivt if you are providing the ivt at fixed offset. Yes, but I recommend to use FIT image. It is design for such tasks. bye, Heiko The patch you submitted may broke the compatibility with our use : https://lists.denx.de/pipermail/u-boot/2018-November/348563.html Regards, Quentin Grembert -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: +49-8142-66989-52 Fax: +49-8142-66989-80 Email: h...@denx.de -- Thanks, Parthiban N DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-22 Fax: (+49)-8142-66989-80 Email: p...@denx.de ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] imx: hab: extend hab_auth_img to calculate ivt_offset
Hello, I did not see I still could use the old parameters. So I guess I disturb you for nothing. I did not not about FIT image. I will look into it. Thank's ! Quentin Grembert On Wed, 28 Nov 2018 at 05:43, Heiko Schocher wrote: > Hello Quentin, > > Am 27.11.2018 um 15:15 schrieb Parthiban Nallathambi: > > Hi Quentin Grembert, > > > > On 11/27/18 3:12 PM, Quentin Grembert wrote: > >> Hi, > >> > >> I don't know how to publish on U-Boot mailing list, so i'm writing > directly > >> to you. > >> > >> I am using hab_auth_img to authentificate other files than Linux image, > >> like *.dtb or others. > > > > So you have dtb and other images signed without combining them into a > > single image like fitimage? > > > > You can still use the previous method of using hab_auth_img with ivt if > > you are providing the ivt at fixed offset. > > Yes, but I recommend to use FIT image. It is design for such tasks. > > bye, > Heiko > > > >> > >> The patch you submitted may broke the compatibility with our use : > >> https://lists.denx.de/pipermail/u-boot/2018-November/348563.html > >> > >> Regards, > >> Quentin Grembert > >> > > > > -- > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk > HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany > Phone: +49-8142-66989-52 Fax: +49-8142-66989-80 Email: h...@denx.de > ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
