From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7C400C433EF for ; Mon, 16 May 2022 20:11:46 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4CFC8841F3; Mon, 16 May 2022 22:11:43 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=seco.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=seco.com header.i=@seco.com header.b="CeeOJVWI"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 662A784184; Mon, 16 May 2022 22:11:25 +0200 (CEST) Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on20630.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1a::630]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 37E058419A for ; Mon, 16 May 2022 22:11:20 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=seco.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sean.anderson@seco.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Vew9+YxIeMLzvLz+kSniaCDYsK4UVz6k7BfrGFLmohO1zqklkdwOm76X2I1CHbKfip0f5r2iSAqBMOUN3nS0s+10wakvkyfJR+S3W43qSxrr8Pdi3zf3uh/NI5FtRCYE5ixI1Uk1ldqHBdvP9wmt/pdw2cUTtH4Cq13QnhbxUMISazW2zSReIRMFjAF5GHSDzKqadq0QK/V6SbzFsuz30r/ForbHODsTe0yBc+nqmrIk5O2nZag8BvuoaNLR9xPm4hO0+MOsz17sjikYqOaQS/EuIukYmoYi4kxUpiXK92w3AHE9MlMHZOeRFW+U5z4uyMmtKxhACDRtWqBw0idRdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eIT2WDuWALQ81kmEiXiO3y5j31OD/tgpaaVuYUntH70=; b=OvRDxD0jW5zzS3yG10hw/M1vYRDBBkDAMfVyoCKh5nm8EsUTeqO15YZsLdJ6HrhdZOzu0BnU6ObcpcG4rS92lZ+6b1eb21TJujM2k9hBu7vj+wgbfcFyI881pHnbCIGwLhTz2ntkvMizpoBwR5YVq9qE0Or1f/mP+0VgCrRIbYXJzURLhZe1ETC0tDI39nH6z5H0tDbDZfJdfqJEGsj+VbTCEiZ58Ph98Wqjvz9DMfRLasSbkSR0qiTae6edRaPdzSiZAQ2ftUuMH6n6PphazXpMJrvQV7q5D2IFh9Q+YCIP6g/xYxHSTmNVV9VFa5oKBTp99WKfWtCWxl4yiQHAbg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=seco.com; dmarc=pass action=none header.from=seco.com; dkim=pass header.d=seco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eIT2WDuWALQ81kmEiXiO3y5j31OD/tgpaaVuYUntH70=; b=CeeOJVWIBbLoCYjURFJRikLkPc0OvSXOftPmrDot/83ubb8JAb1+rbuGibz3/aRzcT8S3gNP7FK0yW9iCXUugaMUDaS1WRY3jK3p0WiQLNaxPAZFAhPHPHEiq1rvBRexHaTFdkgwu/WKOMqjcRG5LWROqNQvw5ugFZXa/JsHuBIEcKxYD+FisuO/P6KmMG6q3bHdEMTukUCo1nNDK6LGGb83SsJjPiRPeBfFzqKy5rJanBcs2YYBjD2Kl17coEVDkxxGq4M9t7qQH9FLjMoYbYnjXIN+mwwKdrYlZjQFQ9lPQ9BuOgAMQChxwiP4lNFy2PN4xa9/GKvUEJndoywAdg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=seco.com; Received: from DB7PR03MB4972.eurprd03.prod.outlook.com (2603:10a6:10:7d::22) by DB7PR03MB3595.eurprd03.prod.outlook.com (2603:10a6:5:5::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.18; Mon, 16 May 2022 20:11:19 +0000 Received: from DB7PR03MB4972.eurprd03.prod.outlook.com ([fe80::cc0b:c665:8330:89bc]) by DB7PR03MB4972.eurprd03.prod.outlook.com ([fe80::cc0b:c665:8330:89bc%3]) with mapi id 15.20.5250.018; Mon, 16 May 2022 20:11:19 +0000 From: Sean Anderson To: Simon Glass , u-boot@lists.denx.de Cc: Heinrich Schuchardt , Sean Anderson Subject: [PATCH v3 2/2] mkimage: Support signing 'auto' FITs Date: Mon, 16 May 2022 16:11:08 -0400 Message-Id: <20220516201108.4070444-2-sean.anderson@seco.com> X-Mailer: git-send-email 2.35.1.1320.gc452695387.dirty In-Reply-To: <20220516201108.4070444-1-sean.anderson@seco.com> References: <20220516201108.4070444-1-sean.anderson@seco.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: MN2PR19CA0071.namprd19.prod.outlook.com (2603:10b6:208:19b::48) To DB7PR03MB4972.eurprd03.prod.outlook.com (2603:10a6:10:7d::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 1ea5b16e-f134-4323-119d-08da37783d2b X-MS-TrafficTypeDiagnostic: DB7PR03MB3595:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: BGf6MCC9Ax3mIo7Cu86C4dAphflUTbm8VdTLfp815eutUhDQgClBVnDO1nNc2GGrPODPvA8bvdOlrPniZ5GbFvJXRt7WYeudE6+RK6EkIgcnf08i6529vhWm5Xr+Md4eJJ7zFTPbnxaOOxMARs3FdbtaliHRcRQrqpsI1GN2lpeldt3hgATIEXPSPgy1LJTR3K9jXAsHl+eiZ6n7bvSKrf7gKRI0DeIHIgWc7R5V81KUtbJkfO3LCPiHYyaTp3GZTpLVkq05CScVqKuAzHVT3tpeS+oJ/UIsmWP/A5Za/J81mh7dZw4VxJpq3PxQ8e3FfC53o6zIqZjrL2XW9ojs2AbUtCFX2cnhvwbxDydSukC0yIa63BpEshQADJRIAbUlIYyiQj263Bkxr44hDLjO+nktjnE94HtwCiNLk/kXwJEyJQwdJgr8CEBMGFOgxf/0YR10ZLCL9FjCOW7PB+u67UM2/6ffXEI7/MWc5in+IAcXfPbjYWf4k5PuxEJudZ0zYR4HX+iGLlvPfCgNq+rIdoAp82w5K335qrDqkgK/Z2h1mW43cParDyqmB7kQ8iVUSnqvqndpdzGaVUkjmXq+Au6e+RAuSd4o5yVDpGnBVBvFMW+hIb5hfuGJecsKKDBM+xw+Hj5VFVrCmf9mpvAokB5zDI0JeMWTflVDvw9+kUA16nw0oUBNC8ceXO5qVsm2DCmAFMznTMSB4GVL9HtQf44f7ilFHGgQ0PBKjgVywb9BJ242oyuarVGF9jDkyX4Bj9vIynOxXWcPsq+hq3LrVpuyfdLaCJv6m6nyuxk8zIc= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR03MB4972.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(66946007)(8676002)(4326008)(66556008)(66476007)(6666004)(2616005)(38350700002)(38100700002)(86362001)(83380400001)(8936002)(5660300002)(107886003)(1076003)(186003)(6506007)(36756003)(6512007)(6486002)(26005)(966005)(52116002)(2906002)(44832011)(508600001)(54906003)(316002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?xlPeWsfm+NNJOk0/6lWOBHMCGNeMllJWjeU8M7cWKD1c0t9QZ0sUz5RAKbTF?= =?us-ascii?Q?Iu9BkdpVMqGGL0AaZRLocdBa0x2EVObCMJrzmg5lpg/BTAn+AKthuH0AAILy?= =?us-ascii?Q?y2gxn2aYssgFvpws362PguV/kcCVo0ibqhqn3tSqXxwRonuXhc5WYN0VR9PV?= =?us-ascii?Q?By45tnhlvSTLbWSmmTzlB9r2Fg1LUb5aq9FO9Pa7qFv2V0ll7S8xDlTFyq5V?= =?us-ascii?Q?FWxcg8dUMjrZIJ9vbxJxn2NurGfJYLV+dW6vCt0DC6zJNr56omTZfYaORa+x?= =?us-ascii?Q?1YhLfRNDydRvrElafpIKu6I2tj7mOAYjI4OaUq03Wbkem5G9OeEiOroojXG4?= =?us-ascii?Q?soZUoNNs6lup9Dsw+oXu0THqVw05P5FCLOrkIotzepImCCwLZRXmwjHVszq7?= =?us-ascii?Q?84SZLqxBo5+hDPeZl1ILaT0pBiisjU7q6frB9ojppux3jdHKq3G1uDuOE8p7?= =?us-ascii?Q?9AERZg0zuyMjzM5URn+Y4OdaXJ9iOzrheTntyKIMV4ihqiw9X7xZbl45b0Fn?= =?us-ascii?Q?G1XTsUsm2149t6erHxm/DXzMgK/4HtGHifdm+5r+pA89Cvdrv+XatFLaYITy?= =?us-ascii?Q?DeKAf7/ODhysscqvvu8J2jbZBNYrbLdC9cjCPay03JglxhQF0214qUaHBBCx?= =?us-ascii?Q?vjo7PUrekE55EUaL9t/0XEIeYloDPZhpyqd0cunhMlfIFLInT1GBMmIOz8+z?= =?us-ascii?Q?2zSW736f+kMbHHVzvVZi0mBkCRY7GP9cxmJf2QwRLXhGlkZQSE3yxwOgAyJ8?= =?us-ascii?Q?oE+Sl6pdWIDT/yQ4uFNJUeY01KJSviZ0o9cmIewvA/XT2LdhXEAg0f8na963?= =?us-ascii?Q?Jsn0s+nIsTI76LL/2Fcvic5olHmO6539o1Qt66ouPejC4bmgqC/R6o3fV0rB?= =?us-ascii?Q?5X4rpwQpTLfh2RRthjjoat84kUzUKEYM7N2tsAwpbpQosFYFNCInrNZJJvvc?= =?us-ascii?Q?9v8Bbq6oEMv74dn6tpzcK1WPyiJek0kUYpRuXBp5f97kCGlfUfjYL7ZqYgBH?= =?us-ascii?Q?NvHdHlKzq8TisRi7Qtpeat3XJPS88zgJRe7IFgT7jmvkhYyUw9+IroViaV8u?= =?us-ascii?Q?EqNp4o0c6nrZ0krjel0IW3Aj99MI8mlrSpCTAXIaiVugnOCM2z6srt+W498P?= =?us-ascii?Q?nLqcJcen8fn00BaGzdx6XgbWl1LX0J7p7CGRXlLQkTGh1NFq3WcwRLQT2JlU?= =?us-ascii?Q?k0MgP4JRcxToRKekPzUzT1BNNITgajVwZc6/Hd44Gu9kATsNLUx7bcssOGmA?= =?us-ascii?Q?274bwkMqvsN1nQz7yyrKYSVOhHfFnS9jHzVZuXVjI9o3LGSQz3To+HaEcB2H?= =?us-ascii?Q?Ed9ENoVUkwGVKAQOrHBNULpFct4AUBpTMbrqBkzp11vY1Onh0HiyOJH8nTAg?= =?us-ascii?Q?4EVnbOWl9DNo9+RmKbtCPonnXl2tUHKTucZHW4XLnSGFw2s9JwXGkcpVEE5u?= =?us-ascii?Q?EfAxAlQ5maNUXzF5FF3T8oiosqQVrQt+x1AIYqvMT7EAIlpzBcDY/rZ+jFih?= =?us-ascii?Q?HnPSvtDJWarLbbYDY+6FvuD435O0RfajNuFS0z3vTHkj9pq76aZPzNpLToBs?= =?us-ascii?Q?j8MMDJjm71sGXn8TJBOWvd9Vmaxqpc17mPELv+hzxFJESolsXnDpJpzFYV0S?= =?us-ascii?Q?kdYYxa7NN6zArKaT2IIadH7J/jfJL2GpFlRUqjarikvnItboyfPagyRQZFAA?= =?us-ascii?Q?ZnTW+6Cux3kFMkcxxSyQO+NG1LDD/pqA5BRA5px9YB3YaSwExPW2wK5jI0N9?= =?us-ascii?Q?sVPRfVZGB89YwkYMWXVMQK3FAwi1n34=3D?= X-OriginatorOrg: seco.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1ea5b16e-f134-4323-119d-08da37783d2b X-MS-Exchange-CrossTenant-AuthSource: DB7PR03MB4972.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2022 20:11:19.0057 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: bebe97c3-6438-442e-ade3-ff17aa50e733 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: eHNwgRfDbTejTfRPHdMLQzz95+ZSpMd7Jzsf4Ya5dRH3nxjFbvG9qNGReRFjCipnDTeqfRrDcM/+sN6wlM8K8w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR03MB3595 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean This adds support for signing images in auto-generated FITs. To do this, we need to add a signature node. The algorithm name property already has its own option, but we need one for the key name hint. We could have gone the -G route and added an explicit name for the public key (like what is done for the private key). However, many places assume the public key can be constructed from the key dir and hint, and I don't want to do the refactoring necessary. As a consequence of this, it is now easier to add public keys to an existing image without signing something. This could be done all along, but now you don't have to create an its just to do it. Ideally, we wouldn't create a FIT at the end. This could be done by calling fit_image_setup_sig/info.crypto->add_verify_data directly. Signed-off-by: Sean Anderson --- (no changes since v1) doc/mkimage.1 | 24 ++++++++++++++++++++++++ tools/fit_image.c | 41 ++++++++++++++++++++++++++++++++++------- tools/imagetool.h | 1 + tools/mkimage.c | 5 ++++- 4 files changed, 63 insertions(+), 8 deletions(-) diff --git a/doc/mkimage.1 b/doc/mkimage.1 index 878db90475..759dc2d12f 100644 --- a/doc/mkimage.1 +++ b/doc/mkimage.1 @@ -218,6 +218,13 @@ CONFIG_OF_CONTROL in U-Boot. Specifies the private key file to use when signing. This option may be used instead of \-k. +.TP +.BI "\-g [" "key_name_hint" "]" +Sets the key-name-hint property when used with \-f auto. This is the +part of the key. The directory part is set by \-k. This option also indicates +that the images included in the FIT should be signed. If this option is +specified, \-o must be specified as well. + .TP .BI "\-o [" "signing algorithm" "]" Specifies the algorithm to be used for signing a FIT image. The default is @@ -278,6 +285,15 @@ skipping those for which keys cannot be found. Also add a comment. .B -c """Kernel 3.8 image for production devices""" kernel.itb .fi +.P +Add public keys to u-boot.dtb without needing a FIT to sign. This will also +create a FIT containing an images node with no data named unused.itb. +.nf +.B mkimage -f auto -d /dev/null -k /public/signing-keys -g dev \\\\ +.br +.B -o sha256,rsa2048 -K u-boot.dtb unused.itb +.fi + .P Update an existing FIT image, signing it with additional keys. Add corresponding public keys into u-boot.dtb. This will resign all images @@ -306,6 +322,14 @@ automatic mode. No .its file is required. .B -c """Kernel 4.4 image for production devices""" -d vmlinuz \\\\ .B -b /path/to/rk3288-firefly.dtb -b /path/to/rk3288-jerry.dtb kernel.itb .fi +.P +Create a FIT image containing a signed kernel, using automatic mode. No .its +file is required. +.nf +.B mkimage -f auto -A arm -O linux -T kernel -C none -a 43e00000 -e 0 \\\\ +.br +.B -d vmlinuz -k /secret/signing-keys -g dev -o sha256,rsa2048 kernel.itb +.fi .SH HOMEPAGE http://www.denx.de/wiki/U-Boot/WebHome diff --git a/tools/fit_image.c b/tools/fit_image.c index 0d5a6a28f9..48fc1f5579 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -199,15 +199,36 @@ static void get_basename(char *str, int size, const char *fname) } /** - * add_crc_node() - Add a hash node to request a CRC checksum for an image + * add_hash_node() - Add a hash or signature node * + * @params: Image parameters * @fdt: Device tree to add to (in sequential-write mode) + * + * If there is a key name hint, try to sign the images. Otherwise, just add a + * CRC. + * + * Return: 0 on success, or -1 on failure */ -static void add_crc_node(void *fdt) +static int add_hash_node(struct image_tool_params *params, void *fdt) { - fdt_begin_node(fdt, "hash-1"); - fdt_property_string(fdt, FIT_ALGO_PROP, "crc32"); + if (params->keyname) { + if (!params->algo_name) { + fprintf(stderr, + "%s: Algorithm name must be specified\n", + params->cmdname); + return -1; + } + + fdt_begin_node(fdt, "signature-1"); + fdt_property_string(fdt, FIT_ALGO_PROP, params->algo_name); + fdt_property_string(fdt, FIT_KEY_HINT, params->keyname); + } else { + fdt_begin_node(fdt, "hash-1"); + fdt_property_string(fdt, FIT_ALGO_PROP, "crc32"); + } + fdt_end_node(fdt); + return 0; } /** @@ -248,7 +269,9 @@ static int fit_write_images(struct image_tool_params *params, char *fdt) ret = fdt_property_file(params, fdt, FIT_DATA_PROP, params->datafile); if (ret) return ret; - add_crc_node(fdt); + ret = add_hash_node(params, fdt); + if (ret) + return ret; fdt_end_node(fdt); /* Now the device tree files if available */ @@ -271,7 +294,9 @@ static int fit_write_images(struct image_tool_params *params, char *fdt) genimg_get_arch_short_name(params->arch)); fdt_property_string(fdt, FIT_COMP_PROP, genimg_get_comp_short_name(IH_COMP_NONE)); - add_crc_node(fdt); + ret = add_hash_node(params, fdt); + if (ret) + return ret; fdt_end_node(fdt); } @@ -289,7 +314,9 @@ static int fit_write_images(struct image_tool_params *params, char *fdt) params->fit_ramdisk); if (ret) return ret; - add_crc_node(fdt); + ret = add_hash_node(params, fdt); + if (ret) + return ret; fdt_end_node(fdt); } diff --git a/tools/imagetool.h b/tools/imagetool.h index 05dd94d108..ca7c2e48ba 100644 --- a/tools/imagetool.h +++ b/tools/imagetool.h @@ -71,6 +71,7 @@ struct image_tool_params { const char *keydir; /* Directory holding private keys */ const char *keydest; /* Destination .dtb for public key */ const char *keyfile; /* Filename of private or public key */ + const char *keyname; /* Key name "hint" */ const char *comment; /* Comment to add to signature node */ /* Algorithm name to use for hashing/signing or NULL to use the one * specified in the its */ diff --git a/tools/mkimage.c b/tools/mkimage.c index 5c6a60e851..0e1198b411 100644 --- a/tools/mkimage.c +++ b/tools/mkimage.c @@ -119,6 +119,7 @@ static void usage(const char *msg) "Signing / verified boot options: [-k keydir] [-K dtb] [ -c ] [-p addr] [-r] [-N engine]\n" " -k => set directory containing private keys\n" " -K => write public keys to this .dtb file\n" + " -g => set key name hint\n" " -G => use this signing key (in lieu of -k)\n" " -c => add comment in signature node\n" " -F => re-sign existing FIT image\n" @@ -163,7 +164,7 @@ static void process_args(int argc, char **argv) int opt; while ((opt = getopt(argc, argv, - "a:A:b:B:c:C:d:D:e:Ef:FG:k:i:K:ln:N:p:o:O:rR:qstT:vVx")) != -1) { + "a:A:b:B:c:C:d:D:e:Ef:Fg:G:k:i:K:ln:N:p:o:O:rR:qstT:vVx")) != -1) { switch (opt) { case 'a': params.addr = strtoull(optarg, &ptr, 16); @@ -239,6 +240,8 @@ static void process_args(int argc, char **argv) params.type = IH_TYPE_FLATDT; params.fflag = 1; break; + case 'g': + params.keyname = optarg; case 'G': params.keyfile = optarg; break; -- 2.35.1.1320.gc452695387.dirty