On Saturday 21 January 2023 17:31:15 Paul-Erwan RIO wrote: > Le sam. 21 janv. 2023 à 17:21, Pali Rohar <p...@kernel.org> a écrit : > > > > On Saturday 21 January 2023 17:08:42 Paul-Erwan RIO wrote: > > > Le sam. 21 janv. 2023 à 16:56, Pali Rohar <p...@kernel.org> a écrit : > > > > > > > > On Saturday 21 January 2023 16:47:41 Paul-Erwan Rio wrote: > > > > > The secure boot features cannot be built without 'LIBCRYPTO' enabled. > > > > > This kind of reverts some of > > > > > <b4f3cc2c42d97967a3a3c8796c340f6b07ecccac> > > > > > changes. > > > > > > > > > > Signed-off-by: Paul-Erwan Rio <paulerwan....@gmail.com> > > > > > --- > > > > > > > > > > tools/kwbimage.c | 18 ++++++++++++++++++ > > > > > 1 file changed, 18 insertions(+) > > > > > > > > > > diff --git a/tools/kwbimage.c b/tools/kwbimage.c > > > > > index 6abb9f2d5c..0db99dbb02 100644 > > > > > --- a/tools/kwbimage.c > > > > > +++ b/tools/kwbimage.c > > > > > @@ -19,6 +19,7 @@ > > > > > #include <stdint.h> > > > > > #include "kwbimage.h" > > > > > > > > > > +#if CONFIG_IS_ENABLED(LIBCRYPTO) > > > > > #include <openssl/bn.h> > > > > > #include <openssl/rsa.h> > > > > > #include <openssl/pem.h> > > > > > @@ -44,6 +45,7 @@ void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) > > > > > EVP_MD_CTX_reset(ctx); > > > > > } > > > > > #endif > > > > > +#endif > > > > > > > > > > /* fls - find last (most-significant) bit set in 4-bit integer */ > > > > > static inline int fls4(int num) > > > > > @@ -62,7 +64,9 @@ static inline int fls4(int num) > > > > > > > > > > static struct image_cfg_element *image_cfg; > > > > > static int cfgn; > > > > > +#if CONFIG_IS_ENABLED(LIBCRYPTO) > > > > > static int verbose_mode; > > > > > +#endif > > > > > > > > > > struct boot_mode { > > > > > unsigned int id; > > > > > @@ -278,6 +282,7 @@ image_count_options(unsigned int optiontype) > > > > > return count; > > > > > } > > > > > > > > > > +#if CONFIG_IS_ENABLED(LIBCRYPTO) > > > > > static int image_get_csk_index(void) > > > > > { > > > > > struct image_cfg_element *e; > > > > > @@ -299,6 +304,7 @@ static bool image_get_spezialized_img(void) > > > > > > > > > > return e->sec_specialized_img; > > > > > } > > > > > +#endif > > > > > > > > > > static int image_get_bootfrom(void) > > > > > { > > > > > @@ -432,6 +438,7 @@ static uint8_t baudrate_to_option(unsigned int > > > > > baudrate) > > > > > } > > > > > } > > > > > > > > > > +#if CONFIG_IS_ENABLED(LIBCRYPTO) > > > > > static void kwb_msg(const char *fmt, ...) > > > > > { > > > > > if (verbose_mode) { > > > > > @@ -926,6 +933,7 @@ static int kwb_dump_fuse_cmds(struct > > > > > secure_hdr_v1 *sec_hdr) > > > > > done: > > > > > return ret; > > > > > } > > > > > +#endif > > > > > > > > > > static size_t image_headersz_align(size_t headersz, uint8_t blockid) > > > > > { > > > > > @@ -1079,11 +1087,13 @@ static size_t image_headersz_v1(int *hasext) > > > > > */ > > > > > headersz = sizeof(struct main_hdr_v1); > > > > > > > > > > +#if CONFIG_IS_ENABLED(LIBCRYPTO) > > > > > if (image_get_csk_index() >= 0) { > > > > > headersz += sizeof(struct secure_hdr_v1); > > > > > if (hasext) > > > > > *hasext = 1; > > > > > } > > > > > +#endif > > > > > > > > > > cpu_sheeva = image_is_cpu_sheeva(); > > > > > > > > > > @@ -1270,6 +1280,7 @@ err_close: > > > > > return -1; > > > > > } > > > > > > > > > > +#if CONFIG_IS_ENABLED(LIBCRYPTO) > > > > > static int export_pub_kak_hash(RSA *kak, struct secure_hdr_v1 > > > > > *secure_hdr) > > > > > { > > > > > FILE *hashf; > > > > > @@ -1382,6 +1393,7 @@ static int add_secure_header_v1(struct > > > > > image_tool_params *params, uint8_t *ptr, > > > > > > > > > > return 0; > > > > > } > > > > > +#endif > > > > > > > > > > static void finish_register_set_header_v1(uint8_t **cur, uint8_t > > > > > **next_ext, > > > > > struct register_set_hdr_v1 > > > > > *register_set_hdr, > > > > > @@ -1406,7 +1418,9 @@ static void *image_create_v1(size_t *imagesz, > > > > > struct image_tool_params *params, > > > > > struct main_hdr_v1 *main_hdr; > > > > > struct opt_hdr_v1 *ohdr; > > > > > struct register_set_hdr_v1 *register_set_hdr; > > > > > +#if CONFIG_IS_ENABLED(LIBCRYPTO) > > > > > struct secure_hdr_v1 *secure_hdr = NULL; > > > > > +#endif > > > > > size_t headersz; > > > > > uint8_t *image, *cur; > > > > > int hasext = 0; > > > > > @@ -1491,6 +1505,7 @@ static void *image_create_v1(size_t *imagesz, > > > > > struct image_tool_params *params, > > > > > if (main_hdr->blockid == IBR_HDR_PEX_ID) > > > > > main_hdr->srcaddr = cpu_to_le32(0xFFFFFFFF); > > > > > > > > > > +#if CONFIG_IS_ENABLED(LIBCRYPTO) > > > > > if (image_get_csk_index() >= 0) { > > > > > /* > > > > > * only reserve the space here; we fill the header > > > > > later since > > > > > @@ -1501,6 +1516,7 @@ static void *image_create_v1(size_t *imagesz, > > > > > struct image_tool_params *params, > > > > > *next_ext = 1; > > > > > next_ext = &secure_hdr->next; > > > > > } > > > > > +#endif > > > > > > > > > > datai = 0; > > > > > for (cfgi = 0; cfgi < cfgn; cfgi++) { > > > > > @@ -1552,9 +1568,11 @@ static void *image_create_v1(size_t *imagesz, > > > > > struct image_tool_params *params, > > > > > &datai, delay); > > > > > } > > > > > > > > > > +#if CONFIG_IS_ENABLED(LIBCRYPTO) > > > > > if (secure_hdr && add_secure_header_v1(params, ptr, payloadsz + > > > > > headersz, > > > > > headersz, image, > > > > > secure_hdr)) > > > > > return NULL; > > > > > +#endif > > > > > > > > > > *imagesz = headersz; > > > > > > > > > > -- > > > > > 2.39.0 > > > > > > > > > > > > > This is entirely wrong change as it completely skips processing of some > > > > command lone or config file options. It can lead to generating of broken > > > > images by mkimage without any notice by user or any automated CI > > > > testing. You really cannot randomly disable or comment some of functions > > > > which are currently called. > > > > > > Hello, > > > That is true, especially since I do not know how to test my changes > > > regarding kwbimage. But I do not really randomly disable some > > > functions. > > > I looked at the commit that introduced the issue: > > > > > > Date: Fri Jul 23 11:14:13 2021 +0200 > > > tools: kwbimage: Do not hide usage of secure header under > > > CONFIG_ARMADA_38X > > > commit b4f3cc2c42d97967a3a3c8796c340f6b07eccca upstream > > > > > > And reverted its change. But instead of hiding the secure header usage > > > under the previous CONFIG_ARMADA_38X config, I used the the config > > > that really shows the issue: CONFIG_TOOLS_LIBCRYPTO. > > > > > > Regards, > > > > And that is wrong. You cannot disable calling of some functions which > > has to be called based on some settings (e.g. cmdline or config file). > > > > mkimage parses command line options from argv[] and from config file and > > based on these options it generates output file. > > > > Look at the proposed change. What you have done is that you have > > randomly disabled calling of some functions which was previously called > > based on the options specified in mkimage argv[]. > > > > mkimage works like any other tool, based on the cmdline supplied in the > > argv[] it calls specific functions which affects generated output file. > > > > And not calling of some functions which were previously called cause > > generating of different - broken output file (because it would not match > > supplied command line options). > > So, if I understand you correctly, the right way to do it would be to > prevent the user to call the very functions that need OpenSSL crypto > features (and output some kind of warning/error) when LIBCRYPTO > support is disabled ? So that the user could not even attempt to > create kwbimage v1 with secure header (in this particular case), > instead of having a broken output file like you said.
Of course, u-boot (and also any other) tools must not generate broken output files. I thought that this is pretty obvious.