From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9E805C433F5 for ; Mon, 6 Dec 2021 08:24:11 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0D00E83077; Mon, 6 Dec 2021 09:24:09 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=prevas.dk Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=prevas.dk header.i=@prevas.dk header.b="iktMlyl5"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 923A58307D; Mon, 6 Dec 2021 09:24:06 +0100 (CET) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-am5eur02on0702.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe07::702]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 7EE2283066 for ; Mon, 6 Dec 2021 09:24:01 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=prevas.dk Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=rasmus.villemoes@prevas.dk ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OwjnaK8n+mZ+QSmtwRXG85nBzaJTVFnIxOgIvnZIRsF/6j2wIrztxPuwoV+JCvwRgDPPX9/ckHjTdedJ0ABbnurZxl6uHARADHRKsXv1XCMwUnKqElmqZ70BjGvzRK5Z5U2E8oB2JBeGlMdMn41UYah9geuKnJXjEfrzDYQcZuHetLgQPuM8AAdMl/hswv6/mB5gzXB7mPfabF+oRC+2Aa5XdMMnvKxg2axRDJJi6eGGDeIvFPJXScJDyA4SDxn5gp0+LZYx7nvDdFNFPPW6czC0BAt0GDwXUD7tycAmxatEtCdVzIPoFAotr9R8YjQxgzl3SGh9qKKezousxduL+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=t/OAwblMo/BJkQBGyFdNUYAFy2NfMSgHMPtdVvOTipk=; b=RgrJGFECKqFnti17Ai4203kyu9HA6wZMNuDCHa2pNbG6ewXBPJCxpEjU7g15KNojUQP5SZphR0wowYp9ujE4pUAvrhfvqDQmwmu/ZvtoyrNCBAkxtXtToahORmaobaDtllhmkxwdyAXNb2bzWYnkHTLnOFJNRWS8mrrnsf31gpRlBmf2CmKCnG3kpcT+3Rr66+MtzEoc+xD7mt48T96Xo6NuY6N4snxGdC+/yfPBNft/4uDnTWJzplY2LvSpU1eeCmmQBGTGJzJVO2Wo8hO/yVymZOkQ/Mn3Vq45ad8DOkp0tR1wMhyYH5tsqhrnxWywA9ZtqGef2a0V7jnDqPjtxA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=prevas.dk; dmarc=pass action=none header.from=prevas.dk; dkim=pass header.d=prevas.dk; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=prevas.dk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t/OAwblMo/BJkQBGyFdNUYAFy2NfMSgHMPtdVvOTipk=; b=iktMlyl5sN1rdJVG6muhfE21K9R/yWDHutDXxMA/PnltvlHwOU12MhL5dg8tqlE2y5oBK7mfI050T23aSqpFyOdO0Q/hNBr8wW4FGOwwM0qOUbGOsBKcZvHlOwP5Ixfqa7BhEkS9eVi/r+EfTwr04ZmDlXOe36WXvq5VDDo7Okk= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=prevas.dk; Received: from DU0PR10MB5266.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:34a::22) by DB9PR10MB5188.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:33f::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4649.17; Mon, 6 Dec 2021 08:24:00 +0000 Received: from DU0PR10MB5266.EURPRD10.PROD.OUTLOOK.COM ([fe80::e1f4:ce93:7894:bd1e]) by DU0PR10MB5266.EURPRD10.PROD.OUTLOOK.COM ([fe80::e1f4:ce93:7894:bd1e%5]) with mapi id 15.20.4755.021; Mon, 6 Dec 2021 08:24:00 +0000 Subject: Re: [RFC PATCH v3 8/8] tools: gen_pre_load_header.sh: initial import To: Philippe Reynes , sjg@chromium.org, mr.nuke.me@gmail.com, joel.peshkin@broadcom.com Cc: u-boot@lists.denx.de References: <20211117175215.24262-1-philippe.reynes@softathome.com> <20211117175215.24262-9-philippe.reynes@softathome.com> From: Rasmus Villemoes Message-ID: Date: Mon, 6 Dec 2021 09:23:58 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 In-Reply-To: <20211117175215.24262-9-philippe.reynes@softathome.com> Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: 7bit X-ClientProxiedBy: AS9PR06CA0258.eurprd06.prod.outlook.com (2603:10a6:20b:45f::30) To DU0PR10MB5266.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:34a::22) MIME-Version: 1.0 Received: from [172.16.11.1] (81.216.59.226) by AS9PR06CA0258.eurprd06.prod.outlook.com (2603:10a6:20b:45f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.16 via Frontend Transport; Mon, 6 Dec 2021 08:23:59 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 522b0428-5d08-4355-e7c0-08d9b891c11c X-MS-TrafficTypeDiagnostic: DB9PR10MB5188: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1169; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: BPmm0jQcYqnR56SrryAVut0cEfkBmGPXANsd6+QUmM3iuGGWW8jm3Tb/OqQqsUlVgjETGxbx6dS36aV5KSTehyJQ+nuku4acpMBJDL5395Z88xR2ci8/zeZlsHDj0HKG6muGxpBLX2D2r2tkU5dESbWbJWZnDkj3Dkjtfyk0r0wN0SbCupSPg3jPDGAo8xxoEdy3iUqDWfgR5JN239hlkHsVMq8Iss1BXCovlvN1Fv1rfg9prCmIhdcIJQ1NsSHItXSUCN7ewIWlZIAWSKmIlHz847zloNLAwciASZj+FJstrf79wj49iKjlBRlp88Jo79V77ZL7kvHcD0dZ3BHgiFlMnkSBTbjj+GAynl/VzVrBE18a6ZgCAeE4K66A8S0OC5XPEHsj3avBsjiw0TP6meFSWCPKbYvQc9L2yF0hSSpalYuPbj6eEIXDZ8SjcXl7r48lmlD1G05yiiUU4PwAG7x88QS1AIJFRTlkFitXc8QEj0fZ/WR2wcqx51eXXX1mk/YbNgtdzOqsHL6xF3gU04z7p+aPQqWGkF/XMh2+gQvP1OO9c4sDpSH3sgR++FFI9yfpxrxFkP4SZSjU0nzLb8GqponugkmHWiHIeN65ucg16l8QyZykeQPjSwma7WQhTiPzPwlh1VMoZat7ir/KLfAB73kHtdVlaufohoYoCxBlTCHfn8R1PwAqlgyYvYOuZrjHGEivCLhG6DQ/We4ddAGSdQP93OEHnJ+Y6m6pqXbby/ompLFrmklO1AJazXYZetXLCemrrzKKV4q8dxOF/A== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0PR10MB5266.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(5660300002)(186003)(66556008)(2616005)(2906002)(66476007)(44832011)(31686004)(38100700002)(83380400001)(6486002)(26005)(52116002)(31696002)(66946007)(8936002)(8676002)(508600001)(16576012)(86362001)(4326008)(36756003)(956004)(8976002)(38350700002)(316002)(43740500002)(45980500001); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?Windows-1252?Q?H/PdYE4RkkvtMCowUjNkUuHTJVx4Fn+BwX2WtQviKWApLjDAHNWBYES7?= =?Windows-1252?Q?3ZY8L/L4lVjq3OORTBlEGO3rMSa9jAi9nJ8b60P935ej790wyA5NEMlI?= =?Windows-1252?Q?XyAN5gK2NbfIs21X6hEPVwGrxbZ9Oxq5SUVUsZZKQ20dK4d6x6pVZhoo?= =?Windows-1252?Q?W4yleLiGXhjZla2raF4WTuGpuK/7VJyyUTVd6vRKyg+xgksuwXrJt8nn?= =?Windows-1252?Q?2rkq7H6G/YWvrj5Xb0WDnFX7Tp+KHQkUhnhXwe6VPhpQ2eHdGrtXSGx2?= =?Windows-1252?Q?HEtx8YdK7sTq8wWjmlYqqTbJWaDZ+eoIfAUrGUoDZaz/yBsgXWZ7vVzm?= =?Windows-1252?Q?5Y3Wywgxq43ObHgxttfNDrgaqsHmq8OYCDaC9Qzlifp/PeMj5Yq1W7fb?= =?Windows-1252?Q?knjonEIF3nqobeDKw/8mYow2gM3orxJoAUduXRrVO2N1ZsV0Kfy4Dn1u?= =?Windows-1252?Q?4IKNlUaoCfeQbbpdg4CZ/6qpkcSktEx8Y6fOmrHz1BUgszGVsk3PTYSi?= =?Windows-1252?Q?J9V27VPKqp8cieGR3eYrGaBcPTb7A5Mv3mEXEHCN4g/9IatLIoPHJ5Z+?= =?Windows-1252?Q?Pu2Cvzbfv5Voo2fRAPkT/h5cntkk55zEv466/EpYKJsTPTzqm8Q09dDL?= =?Windows-1252?Q?ax6sIM7Iu5RBRSHOmVeGcbKNbMwgafMsGjx+7AenFyuKZjpI3mcpIpCJ?= =?Windows-1252?Q?ypMfqf251qa4Fs6Dh85td6gtHMtBXNcy6P12swX+cu1NolOf+bzen2Hq?= =?Windows-1252?Q?XjbPsfClnj6tqMOzBMPL8u8Ff5oOqWOVDJ4OWmo7D/iNule8Ymd+iA8N?= =?Windows-1252?Q?fTei2fX/kyH72edvlSCy+KeEjsu9Hre/t4davHuHvPCvbxDHqPoj77ie?= =?Windows-1252?Q?2aAkB3DIaKlKZlzQnQdLW2J519hlCdCQhZT3II12+cl/gYnMzTtOu/Hn?= =?Windows-1252?Q?easQOmQLwSaMDL86FsDGGCKK4/EE5HZ0Nebo+TZF03drgDuEoE7mCeK1?= =?Windows-1252?Q?ne8DLWXZYU0ye2enQj/qag4tuGlYeChExoSj614jNiQjOzBSuQZx1O6E?= =?Windows-1252?Q?d3/ds+qArh0RECuIe6UdkwBClsvf8+qwJBbW/qGH6ViXNtIXZASBdKj4?= =?Windows-1252?Q?ZlsY8eJatFpbS+Lvt8MWTZfUayMpNV/+xJReDE2lQJoZfW5zs4fZQcYj?= =?Windows-1252?Q?G4dF1e5a/ENYqQG6QBryOGrBVMKckkmZhF5uhVemni/01UOEHA6/Z6Ty?= =?Windows-1252?Q?jXZdrLAg8VBHnefyJQYi3QXzu7VCM5cpkngpP6bEX9urb6DxqbX6vrcL?= =?Windows-1252?Q?8m2Dasiucjohuf+aomC/mzyT/3//xUNwHqW1pRFQTnRfiCANnFP1kHTU?= =?Windows-1252?Q?HLqODqqJkqhE2jXh30VJLpvZECT6m3bwypPKLROEziBdXBg0JPaG02nk?= =?Windows-1252?Q?Ki11J9QHShlvS4dWqY4AO/kmQtr4WdSERxM9SVvg91mHdVxmDZmr/fVK?= =?Windows-1252?Q?xGo/fIDOVkjG8JhAypdMyt6ToffvRWXw6ZzJg/43LmCPNHoGr1UZ3rVg?= =?Windows-1252?Q?YnxhOtO1gUhmZEYKW/TeC87ZfCnCd8721fSdDmAubRLRZNEExX110xpJ?= =?Windows-1252?Q?xUIIPZPZjo8wBTBaGiozSIZMgjRieIXOvvZ+rqyjVH8QXMX6nj/J2R+b?= =?Windows-1252?Q?AFdQppOwWoJvvMj9L0paxojaAsoARW+tA5cKxQRlK23nvn2SNv2+erPN?= =?Windows-1252?Q?zGOP2vSLYaP5HUsp5IxIO3DhJj+zNijTH9gqw4pXDBTlObyKtZG56p5C?= =?Windows-1252?Q?DVi2wg=3D=3D?= X-OriginatorOrg: prevas.dk X-MS-Exchange-CrossTenant-Network-Message-Id: 522b0428-5d08-4355-e7c0-08d9b891c11c X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB5266.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Dec 2021 08:24:00.4448 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d350cf71-778d-4780-88f5-071a4cb1ed61 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: tedzAFw0+Bh1NOTlPI9ci47Su3QLuQRVQmJhKe9TQASIX3DVoEnKxy9/oQ1oGCrrkb1OXIifDWA9yTDNB+HuxJb0quUFEu38Z7N6uu7Oxxo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR10MB5188 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.38 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On 17/11/2021 18.52, Philippe Reynes wrote: > This commit adds a script gen_pre_load_header.sh > that generate the header used by the image pre-load > stage. > > Signed-off-by: Philippe Reynes > --- > tools/gen_pre_load_header.sh | 174 +++++++++++++++++++++++++++++++++++ > 1 file changed, 174 insertions(+) > create mode 100755 tools/gen_pre_load_header.sh > > diff --git a/tools/gen_pre_load_header.sh b/tools/gen_pre_load_header.sh > new file mode 100755 > index 0000000000..8256fa80ee > --- /dev/null > +++ b/tools/gen_pre_load_header.sh > @@ -0,0 +1,174 @@ > +#!/bin/bash > +# SPDX-License-Identifier: GPL-2.0+ > + > +# > +# default value > +# > +size='4096' > +algo='sha256,rsa2048' > +padding='pkcs-1.5' > +key='' > +verbose='false' > +input='' > +output='' > + > +usage() { > + printf "Usage: $0 -a -k [-p ] [-s ] [-v] -i -o \n" > +} > + > +# > +# parse arguments > +# > +while getopts 'a:hi:k:o:p:s:v' flag; do > + case "${flag}" in > + a) algo="${OPTARG}" ;; > + h) usage > + exit 0 ;; > + i) input="${OPTARG}" ;; > + k) key="${OPTARG}" ;; > + o) output="${OPTARG}" ;; > + p) padding="${OPTARG}" ;; > + s) size="${OPTARG}" ;; > + v) verbose='true' ;; > + *) usage > + exit 1 ;; > + esac > +done > + > +# > +# check that mandatory arguments are provided > +# > +if [ -z "$key" -o -z "$input" -o -z "$output" ] > +then > + usage > + exit 0 > +fi > + > +hash=$(echo $algo | cut -d',' -f1) > +sign=$(echo $algo | cut -d',' -f2) > + > +echo "status:" > +echo "size = $size" > +echo "algo = $algo" > +echo "hash = $hash" > +echo "sign = $sign" > +echo "padding = $padding" > +echo "key = $key" > +echo "verbose = $verbose" > + > +# > +# check if input file exist > +# > +if [ ! -f "$input" ] > +then > + echo "Error: file '$input' doesn't exist" > + exit 1 > +fi > + > +# > +# check if output is not empty > +# > +if [ -z "$output" ] > +then > + echo "Error: output is empty" > + exit 1 > +fi > + > +# > +# check that size is bigger than 0 > +# > +if [ $size -le 0 ] > +then > + echo "Error: $size lower than 0" > + exit 1 > +fi > + > +# > +# check if the key file exist > +# > +if [ ! -f "$key" ] > +then > + echo "Error: file $key doesn't exist\n" > + exit 1 > +fi > + > +# > +# check if the hash is valid and supported > +# > +print_supported_hash() { > + echo "Supported hash:" > + echo "- sha1" > + echo "- sha256" > + echo "- sha384" > + echo "- sha512" > +} > + > +case "$hash" in > + "sha1") hashOption="-sha1" ;; > + "sha256") hashOption="-sha256" ;; > + "sha384") hashOption="-sha384" ;; > + "sha512") hashOption="-sha512" ;; > + *) echo "Error: $hash is an invalid hash" > + print_supported_hash > + exit 1;; > +esac > + > +# > +# check if the sign is valid and supported > +# > +print_supported_sign() { > + echo "Supported sign:" > + echo "- rsa1024" > + echo "- rsa2048" > + echo "- rsa4096" > +} > + > +case "$sign" in > + "rsa1024") ;; > + "rsa2048") ;; > + "rsa4096") ;; > + *) echo "Error: $sign is an invalid signature type" > + print_supported_sign > + exit 1;; > +esac > + > +# > +# check if the padding is valid and supported > +# > +print_supported_padding() { > + echo "Supported padding:" > + echo "- pkcs-1.5" > + echo "- pss" > +} > + > +case "$padding" in > + "pkcs-1.5") optionPadding='' ;; > + "pss") optionPadding='-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-2' ;; > + *) echo "Error: $padding is an invalid padding" > + print_supported_padding > + exit 1;; > +esac > + > + > +# > +# generate the sigature > +# > +sig=$(openssl dgst $optionHash -sign $key $optionPadding $input | xxd -p) > + > +# > +# generate the header > +# > +# 0 = magic > +# 4 = image size > +# 8 = signature > +# > +h=$(printf "%08x" 0x55425348) > +i=$(stat --printf="%s" $input) > +i=$(printf "%08x" $i) > + > +echo "$h$i$sig" | xxd -r -p > $output So this sounds like a completely generic way of prepending a signature to an arbitrary blob, whether that is a FIT image, a U-Boot script wrapped in a FIT, some firmware blob or whatnot. So it sounds like it could be generally useful, and a lot simpler than the complexity inherent when trying to add signature data within the signed data structure itself. So, can we perhaps not tie it to bootm as such? It's not a problem if bootm learns to recognize 0x55425348 as another image format and then automatically knows how to locate the "real" image, and/or automatically verifies it. But I'd really like to be able to fatload $loadaddr blabla && \ verify $loadaddr && \ source $loadaddr where fatload can be any random command that gets a bunch of bytes into memory at a specific location (tftpboot, mmc read, ubi...). Currently, we simply don't have any sane way to verify a boot script, or random blobs, AFAICT. To that end, it would be nice if the header was a little more self-describing. Something like 0 = magic 4 = header size (including padding) 8 = image size 12 = offset to image signature 16 = flags (currently enforced to 0) 20 = reserved (currently enforced to 0) 24 = signature of first 24 bytes xx = signature of image Why do I want the image size signed? Because I'd like to be able to store the whole thing in a raw partition (or ubi volume, or...), where there's no concept of "file size" available. So I'd like to be able to read in some fixed size chunk (24+whatever I expect the signature could be, so 4096 is certainly enough), and from that compute the whole size I need to read. But I don't want to blindly trust the "image size" field. So, for such a case, I'd also like a "verify header $loadaddr" subcommand (and "verify image $loadaddr", with "verify $loadaddr" being shorthand for doing both). And continuing the wishlist, it could be even better if we had verify load $loadaddr 'mmc read %l% 0 %s512%' i.e. we could pass a "parametrized shell command" to verify for it to use to read in a bunch of bytes to a given address - with %l% being substituted by the address and %s% by the size to load, optionally specified in the given unit. Rasmus