From: Lucas Stach <l.stach@pengutronix.de>
To: Rouven Czerwinski <r.czerwinski@pengutronix.de>,
barebox@lists.infradead.org
Subject: Re: [PATCH v2 10/16] pbl: add sha256 and piggy verification to PBL
Date: Mon, 05 Aug 2019 13:00:51 +0200 [thread overview]
Message-ID: <1565002851.2323.7.camel@pengutronix.de> (raw)
In-Reply-To: <7c96c0b967c09a1ba065d464586cecd9a82b2032.1564997015.git-series.r.czerwinski@pengutronix.de>
Am Montag, den 05.08.2019, 11:23 +0200 schrieb Rouven Czerwinski:
> Extract the necessary functions from sha256 into a PBL headder and add a
> verification function to the PBL. The function will be called before the
> individual architectures decompress functions is run.
>
> > Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
> ---
> crypto/Makefile | 2 ++
> crypto/sha2.c | 11 +++++++----
> include/crypto/pbl-sha.h | 13 +++++++++++++
> include/pbl.h | 2 ++
> pbl/Kconfig | 9 +++++++++
> pbl/decomp.c | 39 +++++++++++++++++++++++++++++++++++++++
> 6 files changed, 72 insertions(+), 4 deletions(-)
> create mode 100644 include/crypto/pbl-sha.h
>
> diff --git a/crypto/Makefile b/crypto/Makefile
> index 3402f57..d6fb74a 100644
> --- a/crypto/Makefile
> +++ b/crypto/Makefile
> > @@ -8,6 +8,8 @@ obj-$(CONFIG_DIGEST_MD5_GENERIC) += md5.o
> > obj-$(CONFIG_DIGEST_SHA1_GENERIC) += sha1.o
> > obj-$(CONFIG_DIGEST_SHA224_GENERIC) += sha2.o
> > obj-$(CONFIG_DIGEST_SHA256_GENERIC) += sha2.o
> > +pbl-$(CONFIG_PBL_VERIFY_PIGGY) += sha2.o
> > +pbl-$(CONFIG_PBL_VERIFY_PIGGY) += digest.o
> > obj-$(CONFIG_DIGEST_SHA384_GENERIC) += sha4.o
> > obj-$(CONFIG_DIGEST_SHA512_GENERIC) += sha4.o
>
> diff --git a/crypto/sha2.c b/crypto/sha2.c
> index c62ddb8..3947a09 100644
> --- a/crypto/sha2.c
> +++ b/crypto/sha2.c
> @@ -27,6 +27,7 @@
>
> #include <crypto/sha.h>
> #include <crypto/internal.h>
> +#include <crypto/pbl-sha.h>
>
> static inline u32 Ch(u32 x, u32 y, u32 z)
> {
> @@ -232,7 +233,7 @@ static int sha224_init(struct digest *desc)
> > return 0;
> }
>
> -static int sha256_init(struct digest *desc)
> +int sha256_init(struct digest *desc)
> {
> > struct sha256_state *sctx = digest_ctx(desc);
> > sctx->state[0] = SHA256_H0;
> @@ -248,7 +249,7 @@ static int sha256_init(struct digest *desc)
> > return 0;
> }
>
> -static int sha256_update(struct digest *desc, const void *data,
> +int sha256_update(struct digest *desc, const void *data,
> > unsigned long len)
> {
> > struct sha256_state *sctx = digest_ctx(desc);
> @@ -280,7 +281,7 @@ static int sha256_update(struct digest *desc, const void *data,
> > return 0;
> }
>
> -static int sha256_final(struct digest *desc, u8 *out)
> +int sha256_final(struct digest *desc, u8 *out)
> {
> > struct sha256_state *sctx = digest_ctx(desc);
> > __be32 *dst = (__be32 *)out;
> @@ -348,7 +349,7 @@ static int sha224_digest_register(void)
> }
> device_initcall(sha224_digest_register);
>
> -static struct digest_algo m256 = {
> +struct digest_algo m256 = {
> > .base = {
> > > > .name = "sha256",
> > > > .driver_name = "sha256-generic",
> @@ -365,6 +366,7 @@ static struct digest_algo m256 = {
> > > .ctx_length = sizeof(struct sha256_state),
> };
>
> +#ifndef __PBL__
> static int sha256_digest_register(void)
> {
> > if (!IS_ENABLED(CONFIG_SHA256))
> @@ -373,3 +375,4 @@ static int sha256_digest_register(void)
> > return digest_algo_register(&m256);
> }
> coredevice_initcall(sha256_digest_register);
> +#endif /* __PBL__ */
> diff --git a/include/crypto/pbl-sha.h b/include/crypto/pbl-sha.h
> new file mode 100644
> index 0000000..7d323ab
> --- /dev/null
> +++ b/include/crypto/pbl-sha.h
> @@ -0,0 +1,13 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +#ifndef __PBL_SHA_H_
> +
> +#define __PBL_SHA_H_
> +
> +#include <digest.h>
> +#include <types.h>
> +
> +int sha256_init(struct digest *desc);
> +int sha256_update(struct digest *desc, const void *data, unsigned long len);
> +int sha256_final(struct digest *desc, u8 *out);
> +
> +#endif /* __PBL-SHA_H_ */
> diff --git a/include/pbl.h b/include/pbl.h
> index 787bd82..1917a76 100644
> --- a/include/pbl.h
> +++ b/include/pbl.h
> @@ -11,6 +11,8 @@ extern unsigned long free_mem_ptr;
> extern unsigned long free_mem_end_ptr;
>
> void pbl_barebox_uncompress(void *dest, void *compressed_start, unsigned int len);
> +int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash,
> > + unsigned int hash_len);
>
> #ifdef __PBL__
> > #define IN_PBL 1
> diff --git a/pbl/Kconfig b/pbl/Kconfig
> index f2250dd..38f1003 100644
> --- a/pbl/Kconfig
> +++ b/pbl/Kconfig
> @@ -44,6 +44,15 @@ config PBL_RELOCATABLE
> > This option only inflluences the PBL image. See RELOCATABLE to also make
> > the real image relocatable.
>
> +config PBL_VERIFY_PIGGY
> + depends on ARM
Why? What exactly is ARM specific about this mechanism?
> + bool "Verify piggydata"
> > + help
> > + Use a PBL builtin sha256sum to verify the piggydata before decompression.
> > + WARNING: your board will not boot if a mismatch is detected, enable DEBUG_LL
> > + to see the builtin and calculated hash.
> + This effectively locks a given PBL to the matching main barebox.
Does it make sense to have this as a user-visible option? We want this
in a very specific use-case, in which case it's selected anyways, so
the user can't break the security model via a wrong configuration. I
don't see any use for piggydata verification outside of this use-case.
Regards,
Lucas
> +
> config IMAGE_COMPRESSION
> > bool
> > depends on HAVE_IMAGE_COMPRESSION
> diff --git a/pbl/decomp.c b/pbl/decomp.c
> index 72a1623..ef713a6 100644
> --- a/pbl/decomp.c
> +++ b/pbl/decomp.c
> @@ -6,6 +6,10 @@
> */
>
> #include <common.h>
> +#include <crypto/sha.h>
> +#include <crypto/pbl-sha.h>
> +#include <digest.h>
> +#include <asm/sections.h>
> #include <pbl.h>
> #include <debug_ll.h>
>
> @@ -54,3 +58,38 @@ void pbl_barebox_uncompress(void *dest, void *compressed_start, unsigned int len
> > NULL, NULL,
> > dest, NULL, errorfn);
> }
> +
> +int pbl_barebox_verify(void *compressed_start, unsigned int len, void *hash,
> > + unsigned int hash_len)
> +{
> > + struct sha256_state sha_state = { 0 };
> > + struct digest d = { .ctx = &sha_state };
> > + char computed_hash[SHA256_DIGEST_SIZE];
> > + int i;
> > + char *char_hash = hash;
> +
> > + if (hash_len != SHA256_DIGEST_SIZE)
> > + return -1;
> +
> > + sha256_init(&d);
> > + sha256_update(&d, compressed_start, len);
> > + sha256_final(&d, computed_hash);
> > + if (IS_ENABLED(CONFIG_DEBUG_LL)) {
> > + putc_ll('C');
> > + putc_ll('H');
> > + putc_ll('\n');
> > + for (i = 0; i < SHA256_DIGEST_SIZE; i++) {
> > + puthex_ll(computed_hash[i]);
> > + putc_ll('\n');
> > + }
> > + putc_ll('I');
> > + putc_ll('H');
> > + putc_ll('\n');
> > + for (i = 0; i < SHA256_DIGEST_SIZE; i++) {
> > + puthex_ll(char_hash[i]);
> > + putc_ll('\n');
> > + }
> > + }
> +
> > + return memcmp(hash, computed_hash, SHA256_DIGEST_SIZE);
> +}
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2019-08-05 11:00 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-05 9:23 [PATCH v2 00/16] HAB for i.MX8MQ Rouven Czerwinski
2019-08-05 9:23 ` [PATCH v2 01/16] i.MX: HABv4: ignore return for i.MX28/6 initcalls Rouven Czerwinski
2019-08-05 9:23 ` [PATCH v2 02/16] i.MX: HABv4: implement interface for i.MX8MQ Rouven Czerwinski
2019-08-05 12:12 ` Lucas Stach
2019-08-05 9:23 ` [PATCH v2 03/16] mach-imx: enable HAB on i.MX8MQ Rouven Czerwinski
2019-08-05 9:23 ` [PATCH v2 04/16] arm: lib: add CSF section between PBL and piggy Rouven Czerwinski
2019-08-05 9:23 ` [PATCH v2 05/16] esdhc-pbl: extract header parsing from image start Rouven Czerwinski
2019-08-05 9:23 ` [PATCH v2 06/16] esdhc-pbl: add piggy load function Rouven Czerwinski
2019-08-05 9:23 ` [PATCH v2 07/16] sections: fix macro for barebox_pbl_size Rouven Czerwinski
2019-08-05 9:23 ` [PATCH v2 08/16] scripts: imx: support signing for i.MX8MQ Rouven Czerwinski
2019-08-05 9:23 ` [PATCH v2 09/16] images: always build sha256sum into pbl Rouven Czerwinski
2019-08-05 12:20 ` Lucas Stach
2019-08-05 12:52 ` Rouven Czerwinski
2019-08-05 9:23 ` [PATCH v2 10/16] pbl: add sha256 and piggy verification to PBL Rouven Czerwinski
2019-08-05 11:00 ` Lucas Stach [this message]
2019-08-05 12:57 ` Rouven Czerwinski
2019-08-05 9:23 ` [PATCH v2 11/16] stdio: puts and putchar static inline wrappers Rouven Czerwinski
2019-08-05 9:23 ` [PATCH v2 12/16] pbl: support panic with log output Rouven Czerwinski
2019-08-05 9:23 ` [PATCH v2 13/16] arm: uncompress: verify sha256 if enabled Rouven Czerwinski
2019-08-05 10:42 ` Lucas Stach
2019-08-05 9:23 ` [PATCH v2 14/16] mach-imx: add gencsf header for i.MX8MQ Rouven Czerwinski
2019-08-05 9:23 ` [PATCH v2 15/16] mach-imx: hab: select piggy verification for i.MX8 Rouven Czerwinski
2019-08-05 10:39 ` Lucas Stach
2019-08-05 9:23 ` [PATCH v2 16/16] boards: nxp-mx8-evk: rework to different boot flow Rouven Czerwinski
2019-08-05 10:37 ` Lucas Stach
2019-08-05 12:59 ` Rouven Czerwinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1565002851.2323.7.camel@pengutronix.de \
--to=l.stach@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=r.czerwinski@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox