[U-Boot] [PATCH] imx: hab: extend hab_auth_img to calculate ivt_offset
Current implementation of hab_auth_img command needs ivt_offset to authenticate the image. But ivt header is placed at the end of image date after padding.
This leaves the usage of hab_auth_img command to fixed size or static offset for ivt header. New function "get_image_ivt_offset" is introduced to find the ivt offset during runtime. The case conditional check in this function is same as boot_get_kernel in common/bootm.c
With this variable length image e.g. FIT image with any random size can have IVT at the end and ivt_offset option can be left optional
Can be used as "hab_auth_img $loadaddr $filesize" from u-boot script
Signed-off-by: Parthiban Nallathambi pn@denx.de --- arch/arm/mach-imx/hab.c | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index b88acd13da..060d0866b3 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -6,6 +6,8 @@ #include <common.h> #include <config.h> #include <fuse.h> +#include <mapmem.h> +#include <image.h> #include <asm/io.h> #include <asm/system.h> #include <asm/arch/clock.h> @@ -302,18 +304,41 @@ static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, return 0; }
+static ulong get_image_ivt_offset(ulong img_addr, ulong length) +{ + const void *buf; + + buf = map_sysmem(img_addr, 0); + switch (genimg_get_format(buf)) { +#if defined(CONFIG_IMAGE_FORMAT_LEGACY) + case IMAGE_FORMAT_LEGACY: + return (image_get_image_size((image_header_t *)img_addr) + + 0x1000 - 1) & ~(0x1000 - 1); +#endif +#if IMAGE_ENABLE_FIT + case IMAGE_FORMAT_FIT: + return (fit_get_size(buf) + 0x1000 - 1) & ~(0x1000 - 1); +#endif + default: + return 0; + } +} + static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { ulong addr, length, ivt_offset; int rcode = 0;
- if (argc < 4) + if (argc < 3) return CMD_RET_USAGE;
addr = simple_strtoul(argv[1], NULL, 16); length = simple_strtoul(argv[2], NULL, 16); - ivt_offset = simple_strtoul(argv[3], NULL, 16); + if (argc == 3) + ivt_offset = get_image_ivt_offset(addr, length); + else + ivt_offset = simple_strtoul(argv[3], NULL, 16);
rcode = imx_hab_authenticate_image(addr, length, ivt_offset); if (rcode == 0)
Ping on this patch!
On 11/6/18 5:39 PM, Parthiban Nallathambi wrote:
Current implementation of hab_auth_img command needs ivt_offset to authenticate the image. But ivt header is placed at the end of image date after padding.
This leaves the usage of hab_auth_img command to fixed size or static offset for ivt header. New function "get_image_ivt_offset" is introduced to find the ivt offset during runtime. The case conditional check in this function is same as boot_get_kernel in common/bootm.c
With this variable length image e.g. FIT image with any random size can have IVT at the end and ivt_offset option can be left optional
Can be used as "hab_auth_img $loadaddr $filesize" from u-boot script
Signed-off-by: Parthiban Nallathambi pn@denx.de
arch/arm/mach-imx/hab.c | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index b88acd13da..060d0866b3 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -6,6 +6,8 @@ #include <common.h> #include <config.h> #include <fuse.h> +#include <mapmem.h> +#include <image.h> #include <asm/io.h> #include <asm/system.h> #include <asm/arch/clock.h> @@ -302,18 +304,41 @@ static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, return 0; }
+static ulong get_image_ivt_offset(ulong img_addr, ulong length) +{
- const void *buf;
- buf = map_sysmem(img_addr, 0);
- switch (genimg_get_format(buf)) {
+#if defined(CONFIG_IMAGE_FORMAT_LEGACY)
- case IMAGE_FORMAT_LEGACY:
return (image_get_image_size((image_header_t *)img_addr)+ 0x1000 - 1) & ~(0x1000 - 1);+#endif +#if IMAGE_ENABLE_FIT
- case IMAGE_FORMAT_FIT:
return (fit_get_size(buf) + 0x1000 - 1) & ~(0x1000 - 1);+#endif
- default:
return 0;- }
+}
- static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { ulong addr, length, ivt_offset; int rcode = 0;
- if (argc < 4)
if (argc < 3) return CMD_RET_USAGE;
addr = simple_strtoul(argv[1], NULL, 16); length = simple_strtoul(argv[2], NULL, 16);
- ivt_offset = simple_strtoul(argv[3], NULL, 16);
if (argc == 3)
ivt_offset = get_image_ivt_offset(addr, length);else
ivt_offset = simple_strtoul(argv[3], NULL, 16);rcode = imx_hab_authenticate_image(addr, length, ivt_offset); if (rcode == 0)
Adding Bryan and Breno in case they can help reviewing it.
On Tue, Nov 6, 2018 at 2:42 PM Parthiban Nallathambi pn@denx.de wrote:
Current implementation of hab_auth_img command needs ivt_offset to authenticate the image. But ivt header is placed at the end of image date after padding.
This leaves the usage of hab_auth_img command to fixed size or static offset for ivt header. New function "get_image_ivt_offset" is introduced to find the ivt offset during runtime. The case conditional check in this function is same as boot_get_kernel in common/bootm.c
With this variable length image e.g. FIT image with any random size can have IVT at the end and ivt_offset option can be left optional
Can be used as "hab_auth_img $loadaddr $filesize" from u-boot script
Signed-off-by: Parthiban Nallathambi pn@denx.de
arch/arm/mach-imx/hab.c | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index b88acd13da..060d0866b3 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -6,6 +6,8 @@ #include <common.h> #include <config.h> #include <fuse.h> +#include <mapmem.h> +#include <image.h> #include <asm/io.h> #include <asm/system.h> #include <asm/arch/clock.h> @@ -302,18 +304,41 @@ static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, return 0; }
+static ulong get_image_ivt_offset(ulong img_addr, ulong length) +{
const void *buf;buf = map_sysmem(img_addr, 0);switch (genimg_get_format(buf)) {+#if defined(CONFIG_IMAGE_FORMAT_LEGACY)
case IMAGE_FORMAT_LEGACY:return (image_get_image_size((image_header_t *)img_addr)+ 0x1000 - 1) & ~(0x1000 - 1);+#endif +#if IMAGE_ENABLE_FIT
case IMAGE_FORMAT_FIT:return (fit_get_size(buf) + 0x1000 - 1) & ~(0x1000 - 1);+#endif
default:return 0;}+}
static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { ulong addr, length, ivt_offset; int rcode = 0;
if (argc < 4)
if (argc < 3) return CMD_RET_USAGE; addr = simple_strtoul(argv[1], NULL, 16); length = simple_strtoul(argv[2], NULL, 16);
ivt_offset = simple_strtoul(argv[3], NULL, 16);
if (argc == 3)ivt_offset = get_image_ivt_offset(addr, length);elseivt_offset = simple_strtoul(argv[3], NULL, 16); rcode = imx_hab_authenticate_image(addr, length, ivt_offset); if (rcode == 0)-- 2.17.2
U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Hi Parthiban,
Em ter, 6 de nov de 2018 às 14:42, Parthiban Nallathambi pn@denx.de escreveu:
Current implementation of hab_auth_img command needs ivt_offset to authenticate the image. But ivt header is placed at the end of image date after padding.
This leaves the usage of hab_auth_img command to fixed size or static offset for ivt header. New function "get_image_ivt_offset" is introduced to find the ivt offset during runtime. The case conditional check in this function is same as boot_get_kernel in common/bootm.c
With this variable length image e.g. FIT image with any random size can have IVT at the end and ivt_offset option can be left optional
Can be used as "hab_auth_img $loadaddr $filesize" from u-boot script
Signed-off-by: Parthiban Nallathambi pn@denx.de
arch/arm/mach-imx/hab.c | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index b88acd13da..060d0866b3 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -6,6 +6,8 @@ #include <common.h> #include <config.h> #include <fuse.h> +#include <mapmem.h> +#include <image.h> #include <asm/io.h> #include <asm/system.h> #include <asm/arch/clock.h> @@ -302,18 +304,41 @@ static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, return 0; }
+static ulong get_image_ivt_offset(ulong img_addr, ulong length) +{
I'm seeing that function get_image_ivt_offset() requires a length but we are not using it, there is any reason for that?
Thanks, Breno Lima
Hi Breno,
On 11/21/18 2:24 PM, Breno Matheus Lima wrote:
Hi Parthiban,
Em ter, 6 de nov de 2018 às 14:42, Parthiban Nallathambi pn@denx.de escreveu:
Current implementation of hab_auth_img command needs ivt_offset to authenticate the image. But ivt header is placed at the end of image date after padding.
This leaves the usage of hab_auth_img command to fixed size or static offset for ivt header. New function "get_image_ivt_offset" is introduced to find the ivt offset during runtime. The case conditional check in this function is same as boot_get_kernel in common/bootm.c
With this variable length image e.g. FIT image with any random size can have IVT at the end and ivt_offset option can be left optional
Can be used as "hab_auth_img $loadaddr $filesize" from u-boot script
Signed-off-by: Parthiban Nallathambi pn@denx.de
arch/arm/mach-imx/hab.c | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index b88acd13da..060d0866b3 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -6,6 +6,8 @@ #include <common.h> #include <config.h> #include <fuse.h> +#include <mapmem.h> +#include <image.h> #include <asm/io.h> #include <asm/system.h> #include <asm/arch/clock.h> @@ -302,18 +304,41 @@ static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, return 0; }
+static ulong get_image_ivt_offset(ulong img_addr, ulong length) +{
I'm seeing that function get_image_ivt_offset() requires a length but we are not using it, there is any reason for that?
length is not required to find the ivt offset in the image. I will remove this.
Thanks, Breno Lima
participants (3)
-
Breno Matheus Lima -
Fabio Estevam -
Parthiban Nallathambi