From: "Marcin Niestrój" <m.niestroj@grinn-global.com>
To: Sascha Hauer <s.hauer@pengutronix.de>
Cc: Maik Otto <m.otto@phytec.de>, barebox@lists.infradead.org
Subject: Re: [PATCH v2] habv4: imx change signing area from full to the executed image
Date: Sun, 22 Dec 2019 23:13:48 +0100 [thread overview]
Message-ID: <87imm8huub.fsf@grinn-global.com> (raw)
In-Reply-To: <20191220152441.thp3kn2wfnw76xgl@pengutronix.de>
Hi Sasha, Maik,
Sascha Hauer <s.hauer@pengutronix.de> writes:
> On Wed, Dec 18, 2019 at 01:57:17PM +0100, Maik Otto wrote:
>> the whole barebox with mbr and partition table were be signed by default.
>> change the signing to the executed image without signing the mbr,
>> partition table and header_gap by imx8mq
>> additional delete option full, from-dcdofs and skip-mbr
>>
>> Signed-off-by: Maik Otto <m.otto@phytec.de>
>> ---
>> Changes in v2:
>> - change subject from habv4: add the possibility to changing the signing
>> area from Kconfig to
>> - delete KConfig entries
>> - delete changes habv4-imx6-gencsf.h
>> - delete full, from-dcdofs and skip-mbr options
>> ---
>> scripts/imx/imx.c | 33 +++++++++------------------------
>> 1 file changed, 9 insertions(+), 24 deletions(-)
>
> Applied, thanks.
>
> @Marcin, as you introduced the "from-dcdofs" and "full" options, are you
> happy with this patch? It removes the options, but should default to
> what you originally wanted to archieve, right?
I think that when adding separate skip-mbr and from-dcdofs I wanted to
protect (with skip-mbr) first bytes of generated image, which contain
barebox header (with its version?) from what I remember. I never used
that information from there, so I am quite okay with dropping skip-mbr
support in favor of only from-dcdofs.
However I wonder why offset_load_address is hardcoded to
0x400. Shouldn't we leave from-dcdofs as is and simply dropping all
other options (full and skip-mbr)?
Regards,
Marcin
>
> Regards
> Sascha
>
>>
>> diff --git a/scripts/imx/imx.c b/scripts/imx/imx.c
>> index b3e8d62..b2dd25c 100644
>> --- a/scripts/imx/imx.c
>> +++ b/scripts/imx/imx.c
>> @@ -338,16 +338,13 @@ static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
>> char *str;
>> int ret;
>> uint32_t signed_size = data->load_size;
>> - uint32_t offset = 0;
>> + uint32_t offset_load_address = 0x400; //skip MBR and Partition Table
>> + uint32_t offset_size = offset_load_address;
>> + uint32_t offset = offset_load_address;
>>
>> if (!data->csf)
>> return -EINVAL;
>>
>> - if (argc < 2)
>> - type = "full";
>> - else
>> - type = argv[1];
>> -
>> /*
>> * In case of encrypted image we reduce signed area to beginning
>> * of encrypted area.
>> @@ -359,31 +356,19 @@ static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
>> * Ensure we only sign the PBL for i.MX8MQ
>> */
>> if (data->pbl_code_size && data->cpu_type == IMX_CPU_IMX8MQ) {
>> - offset = data->header_gap;
>> + offset += data->header_gap;
>> signed_size = roundup(data->pbl_code_size + HEADER_LEN, 0x1000);
>> if (data->signed_hdmi_firmware_file)
>> offset += PLUGIN_HDMI_SIZE;
>> }
>>
>> - if (!strcmp(type, "full")) {
>> + if (signed_size > 0) {
>> ret = asprintf(&str, "Blocks = 0x%08x 0x%08x 0x%08x \"%s\"\n",
>> - data->image_load_addr, offset, signed_size,
>> - data->outfile);
>> - } else if (!strcmp(type, "from-dcdofs")) {
>> - ret = asprintf(&str, "Blocks = 0x%08x 0x%x %d \"%s\"\n",
>> - data->image_load_addr + data->image_dcd_offset,
>> - data->image_dcd_offset,
>> - signed_size - data->image_dcd_offset,
>> - data->outfile);
>> - } else if (!strcmp(type, "skip-mbr")) {
>> - ret = asprintf(&str,
>> - "Blocks = 0x%08x 0 440 \"%s\", \\\n"
>> - " 0x%08x 512 %d \"%s\"\n",
>> - data->image_load_addr, data->outfile,
>> - data->image_load_addr + 512,
>> - signed_size - 512, data->outfile);
>> + data->image_load_addr + offset_load_address, offset,
>> + signed_size - offset_size, data->outfile);
>> } else {
>> - fprintf(stderr, "Invalid hab_blocks option: %s\n", type);
>> + fprintf(stderr, "Invalid signed size area 0x%08x\n",
>> + signed_size);
>> return -EINVAL;
>> }
>>
>> --
>> 2.7.4
>>
>>
>> _______________________________________________
>> barebox mailing list
>> barebox@lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/barebox
>>
--
Marcin Niestrój
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2019-12-22 22:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-18 12:57 Maik Otto
2019-12-20 15:24 ` Sascha Hauer
2019-12-22 22:13 ` Marcin Niestrój [this message]
2020-01-06 9:35 ` Sascha Hauer
2020-01-06 14:42 ` Maik Otto
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87imm8huub.fsf@grinn-global.com \
--to=m.niestroj@grinn-global.com \
--cc=barebox@lists.infradead.org \
--cc=m.otto@phytec.de \
--cc=s.hauer@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox