From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A862AC433F5 for ; Mon, 28 Mar 2022 20:57:22 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 786AC83C8F; Mon, 28 Mar 2022 22:57:20 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="U2Psav1g"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 85A4B83C0F; Mon, 28 Mar 2022 22:57:18 +0200 (CEST) Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0627.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::627]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B0D4283C7B for ; Mon, 28 Mar 2022 22:57:14 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X8T+N0VcgdicmD9UHQm/RLoN+chVbnHW0ZRmo1Wt2dW4d2w3DijtP4logKS8OPel952Pbw65bGYNhIEBCDqm6C1hSuazQuG1z6dj+Yg1RxNbW7eiytP3G+MJsTXj8gKBrJv1KlJMXhd2tFOU9YTjjNmudckz1OPoDxorbdhHxDlqdZ3JqLwzmETrGa9+8BgpGQmO11lBrSoWwOsF35hviDb5eEu4TSHTX2XdKYNpr/7ov6eerc0+YSb8nKSx3Av/riqrydEooeQObP6zJoD21aJhbZTPGW1zydKqRkOe0JksEzS6QHHDLaJrE8Ycby1lVR6Qp6kJxLEMe2XUe5ZV8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=86AgTinSFGBPYkpaYYMEIFStzcerheBJKXI0xDlam6c=; b=TsIOjSi9wUixKfA0qyVBXXkdUUMzwGT+hOBSZxgeihsmuflI82Z249onn+eDVx+C+azLAyw/1dEu9sfI7X7ykuGgtD32GJ40x5f69gwaOjpqUFS3AtXBlgCPPGIKaQC3Fq2Xj81WmLqCEx2NfAnRxlpptzir5NkyG3A7S2D7osBHSBdhfCU/p5VOS4Lx85d4b249FLqEWc4HiHiJ6m69FJH4J91I6fzeJjqYtUDKBGMHywUVl0HZ9N8nmcNjg/kGwRk//JMDSYyVvwB0I1PK6sK/z3cIMIwVQKcqueDC/eLQ6W2aDb7GQEIrOyz6PqJDo5jBFsGImgtoZlrKqIj72Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=86AgTinSFGBPYkpaYYMEIFStzcerheBJKXI0xDlam6c=; b=U2Psav1gMpm63qJzjwT0XDy3a+5JkNMgQ1iSfBimZEA3GmO/Gkz30r0mz2SAVtidV/+37YPWBMbh7s1pczqJVw2eBZOR2QuY/GJwrh7ENQgx/O8+z5vM29jMb8SBMWYJy5NVtpCRflx2jTeBe+CNbJF4dwnfIkct1bUyEw4B151rHiA0WGYAcxT1p8rWAX9Kgy90nTHo8StCXgafpZJVMXUKvnAWcx4lwkbgVJ0gaedasbzOODKO3ifjcYOrIsOudUJ7EoFeSVbihx5o6u+y3RBSWJQ4T+/hRvlzjNsvRMpNmISOb9lKHYU0h3WFY9HRiJN5/PEvE2sesbPSFO26Hg== Received: from AS9PR06CA0408.eurprd06.prod.outlook.com (2603:10a6:20b:461::31) by PR0P264MB1979.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:167::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.19; Mon, 28 Mar 2022 20:57:12 +0000 Received: from PR2FRA01FT002.eop-fra01.prod.protection.outlook.com (2603:10a6:20b:461:cafe::94) by AS9PR06CA0408.outlook.office365.com (2603:10a6:20b:461::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.17 via Frontend Transport; Mon, 28 Mar 2022 20:57:12 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT002.mail.protection.outlook.com (10.152.48.95) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.17 via Frontend Transport; Mon, 28 Mar 2022 20:57:11 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id 4152120047; Mon, 28 Mar 2022 22:57:11 +0200 (CEST) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v8 00/15] image: add a stage pre-load Date: Mon, 28 Mar 2022 22:56:52 +0200 Message-Id: <20220328205707.348270-1-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email Content-Type: text/plain X-MS-Office365-Filtering-Correlation-Id: a606b05f-79b3-443e-e0fb-08da10fd87da X-MS-TrafficTypeDiagnostic: PR0P264MB1979:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: d9a5PL388qBHw4X6dIPQCesbhJOMUWfd6ecxdvldHev3q6FownuOIRHtmvb7TtYW0/ZMYozDxVOVlZ6g7rTnkg07dISALwjB65K+KM9jovZAMZhxI3JieUjDPWcEaV79Mn6qgEURtZ9GrbeemGPYuVapFIW5c2+XWU8E4UwzdfPO45tAfpcYOcmH3tDj/Ai/ue+NW8QEidYeR+xyomVXKTT/ZbOfHWOMwDVKOjCx6mucC3sFEe/j694bcF8vZr+OOLQEeIH/iKCzJWK/o/MyDVEy7Oz1v7cF3ym/kTokrIiEOHYYhOXqrET1dnV/c8aHLs6oIG8700teFoIdE3GNQin95q/RAoCTyjjn2LEyUbBVvhy2egC63GK/Ox9pHXssxat2R5/gS8KImhhIsTrDgL8Y8NamefNWERjnwvboUr2Xk0ZYhOT3f6ApM2sgjY783CdpoHsdZwnQjwcazf2Ra4yzByBujGJ+/EB/ufh6kMnU84rvG48AiOmocthIaT6SzxHCHZ5hXmIW8YbUAxEPWLb/bY9CEPVj+eqcEnpTXBzwfJtz+PPTd8uvypTw6Q9MzZjlEbHPtHPP8HtoZNFvX8iInJ/M/rnWKlozzkKdKGMhOla+pKXTlKqzExikGXX8pjYglNnH/o/Csi4JOM5gO8Tea0Zr1EvoXOWbarxa7fWWb51GLYdbD2qHuQfgA6txgrPX9itvwlis+CtV8Afy1w== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(40470700004)(46966006)(8936002)(36860700001)(107886003)(5660300002)(40460700003)(36756003)(44832011)(70586007)(8676002)(70206006)(2616005)(2906002)(356005)(26005)(82960400001)(86362001)(4326008)(6666004)(6966003)(82310400004)(81166007)(316002)(186003)(336012)(426003)(47076005)(508600001)(1076003)(83380400001)(6266002)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Mar 2022 20:57:11.7916 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a606b05f-79b3-443e-e0fb-08da10fd87da X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT002.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR0P264MB1979 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean This serie adds a stage pre-load before launching an image. This stage is used to read a header before the image and this header contains the signature of the full image. So u-boot may check the full image before using any data of the image. The support of this header is added to binman, and a command verify checks the signature of a blob and set the u-boot env variable "loadaddr_verified" to the beginning of the "real" image. The support of this header is only added to binman, but it may also be added to mkimage. Changelog: v8: - remove command pre_load_verify - add subcommand preload to bootm - add stage pre_load in "bootm start" - use PYTHONPATH to use binman in py test vboot v7: - rename command verify to pre_load_verify - add usage doc for command pre_load_verify - some cleanup in support of pre-load in binman - rename variable key-path to pre-load-key-path - some cleanup in test vboot for pre-load v6: - set values in big endian in the pre-load header - binman: etypes: pre-load: read image from other entry instead of directly from a file - binman: etypes: pre-load: add test unit - lib: Makefile: no longer add -I$(obj) for SPL It was to fix build when oid is built on spl but not on u-boot. It is not longer possible. v5: - replace config SANDBOX_BINMAN by an imply v4: - add a config SANDBOX_BIN - enhance help for asn1 and oid - change the format of the pre-load header - add the support of pre-load header in binman - add py test for pre-load header - add a command verify v3: - move image-pre-load.c to /boot - update mkimage to add public key in u-boot device tree - add script gen_pre_load_header.sh v2: - move the code to image-pre-load - add support of stage pre-load for spl - add support of stage pre-load on spl_ram Philippe Reynes (15): arch: Kconfig: imply BINMAN for SANDBOX lib: Kconfig: enhance help for ASN1 lib: Kconfig: enhance the help of OID_REGISTRY lib: allow to build asn1 decoder and oid registry in SPL lib: crypto: allow to build crypyo in SPL lib: rsa: allow rsa verify with pkey in SPL boot: image: add a stage pre-load cmd: bootm: add a stage pre-load common: spl: fit_ram: allow to use image pre load mkimage: add public key for image pre-load stage Makefile: provide sah-key to binman tools: binman: add support for pre-load header configs: sandbox_defconfig: enable stage pre-load in bootm test: py: vboot: add test for global image signature cmd: bootm: add subcommand preload Makefile | 1 + arch/Kconfig | 1 + arch/sandbox/dts/sandbox.dtsi | 3 + arch/sandbox/dts/test.dts | 3 + boot/Kconfig | 55 +++ boot/Makefile | 1 + boot/bootm.c | 33 ++ boot/image-pre-load.c | 416 ++++++++++++++++++ cmd/Kconfig | 10 + cmd/bootm.c | 35 +- common/spl/spl_ram.c | 21 +- configs/sandbox_defconfig | 3 + include/image.h | 30 ++ lib/Kconfig | 37 +- lib/Makefile | 7 +- lib/crypto/Kconfig | 29 ++ lib/crypto/Makefile | 19 +- lib/rsa/Kconfig | 19 + test/py/tests/test_fit.py | 3 + test/py/tests/test_vboot.py | 148 ++++++- test/py/tests/vboot/sandbox-binman-pss.dts | 25 ++ test/py/tests/vboot/sandbox-binman.dts | 24 + .../tests/vboot/sandbox-u-boot-global-pss.dts | 28 ++ test/py/tests/vboot/sandbox-u-boot-global.dts | 27 ++ test/py/tests/vboot/sandbox-u-boot.dts | 3 + test/py/tests/vboot/simple-images.its | 36 ++ tools/binman/entries.rst | 38 ++ tools/binman/etype/pre_load.py | 162 +++++++ tools/binman/ftest.py | 51 +++ tools/binman/test/225_dev.key | 28 ++ tools/binman/test/225_pre_load.dts | 22 + tools/binman/test/226_pre_load_pkcs.dts | 23 + tools/binman/test/227_pre_load_pss.dts | 23 + .../test/228_pre_load_invalid_padding.dts | 23 + .../binman/test/229_pre_load_invalid_sha.dts | 23 + .../binman/test/230_pre_load_invalid_algo.dts | 23 + .../binman/test/231_pre_load_invalid_key.dts | 23 + tools/fit_image.c | 3 + tools/image-host.c | 114 +++++ 39 files changed, 1544 insertions(+), 29 deletions(-) create mode 100644 boot/image-pre-load.c create mode 100644 test/py/tests/vboot/sandbox-binman-pss.dts create mode 100644 test/py/tests/vboot/sandbox-binman.dts create mode 100644 test/py/tests/vboot/sandbox-u-boot-global-pss.dts create mode 100644 test/py/tests/vboot/sandbox-u-boot-global.dts create mode 100644 test/py/tests/vboot/simple-images.its create mode 100644 tools/binman/etype/pre_load.py create mode 100644 tools/binman/test/225_dev.key create mode 100644 tools/binman/test/225_pre_load.dts create mode 100644 tools/binman/test/226_pre_load_pkcs.dts create mode 100644 tools/binman/test/227_pre_load_pss.dts create mode 100644 tools/binman/test/228_pre_load_invalid_padding.dts create mode 100644 tools/binman/test/229_pre_load_invalid_sha.dts create mode 100644 tools/binman/test/230_pre_load_invalid_algo.dts create mode 100644 tools/binman/test/231_pre_load_invalid_key.dts -- 2.25.1