* how to do a digest on a flashed uImage ?
@ 2015-07-01 7:02 Philippe Leduc
2015-07-02 5:42 ` Sascha Hauer
0 siblings, 1 reply; 3+ messages in thread
From: Philippe Leduc @ 2015-07-01 7:02 UTC (permalink / raw)
To: barebox
Hello,
I have a uImage saved in a memory partition and I am able to boot on
it with bootm command. I would like to add a digest (like a
hmac(sha1)) in order to check the integrity of the binary before
booting on it.
Because my partition is bigger than my uImage, I don't know how to use
digest on it.
In fact there are two problems that I don't know how to solve: I can't
get the size of my file and I can't ask digest to work on COUNT bytes.
For the size problem: I can extract the size of the uImage in binary
form since this information is present in the uImage header (via
memcpy), but I don't know how to convert it in a format compatible
with Hush.
For digest, I can copy the binary in the RAM, but I fear that it is
longer than working on the flash: it takes 4,8s to memcpy the uImage
in a RAM file, and less than 3s to bootm on the flash. But
Do you know a way to get the size of a file? Or to convert a binary
size into a "human readable format" for Hush? Or should I develop a
kind of "stat" utility for barebox?
Thank you in advance,
I hope my explanation is not too convoluted :)
Thank you in advance,
Best regards,
--
Philippe LEDUC
ledphilippe@gmail.com
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: how to do a digest on a flashed uImage ?
2015-07-01 7:02 how to do a digest on a flashed uImage ? Philippe Leduc
@ 2015-07-02 5:42 ` Sascha Hauer
2015-07-02 5:47 ` Jean-Christophe PLAGNIOL-VILLARD
0 siblings, 1 reply; 3+ messages in thread
From: Sascha Hauer @ 2015-07-02 5:42 UTC (permalink / raw)
To: Philippe Leduc; +Cc: barebox
Hi Philippe,
On Wed, Jul 01, 2015 at 09:02:28AM +0200, Philippe Leduc wrote:
> Hello,
>
> I have a uImage saved in a memory partition and I am able to boot on
> it with bootm command. I would like to add a digest (like a
> hmac(sha1)) in order to check the integrity of the binary before
> booting on it.
>
> Because my partition is bigger than my uImage, I don't know how to use
> digest on it.
> In fact there are two problems that I don't know how to solve: I can't
> get the size of my file and I can't ask digest to work on COUNT bytes.
>
> For the size problem: I can extract the size of the uImage in binary
> form since this information is present in the uImage header (via
> memcpy), but I don't know how to convert it in a format compatible
> with Hush.
>
> For digest, I can copy the binary in the RAM, but I fear that it is
> longer than working on the flash: it takes 4,8s to memcpy the uImage
> in a RAM file, and less than 3s to bootm on the flash. But
>
>
> Do you know a way to get the size of a file? Or to convert a binary
> size into a "human readable format" for Hush? Or should I develop a
> kind of "stat" utility for barebox?
> Thank you in advance,
I can't think of a way on the shell to accomplish this. Something that
might come close is uImagefs. You can mount an uImage as a filesystem,
then you can run digest on the individual contents of the image, but not
of the whole image itself.
Also extracting the size from the image via memcpy and somehow convert
the value to hex, then memcpy the uImage to a file sounds fragile. I
would probably add a option to the uimage command, like -c for copy.
In C it's easy to sanity check the size you read and to verify the
header checksum before doing anything else. You can't do that in shell.
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: how to do a digest on a flashed uImage ?
2015-07-02 5:42 ` Sascha Hauer
@ 2015-07-02 5:47 ` Jean-Christophe PLAGNIOL-VILLARD
0 siblings, 0 replies; 3+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-07-02 5:47 UTC (permalink / raw)
To: Sascha Hauer; +Cc: Philippe Leduc, barebox
> On Jul 2, 2015, at 1:42 PM, Sascha Hauer <s.hauer@pengutronix.de> wrote:
>
> Hi Philippe,
>
> On Wed, Jul 01, 2015 at 09:02:28AM +0200, Philippe Leduc wrote:
>> Hello,
>>
>> I have a uImage saved in a memory partition and I am able to boot on
>> it with bootm command. I would like to add a digest (like a
>> hmac(sha1)) in order to check the integrity of the binary before
>> booting on it.
>>
>> Because my partition is bigger than my uImage, I don't know how to use
>> digest on it.
>> In fact there are two problems that I don't know how to solve: I can't
>> get the size of my file and I can't ask digest to work on COUNT bytes.
>>
>> For the size problem: I can extract the size of the uImage in binary
>> form since this information is present in the uImage header (via
>> memcpy), but I don't know how to convert it in a format compatible
>> with Hush.
>>
>> For digest, I can copy the binary in the RAM, but I fear that it is
>> longer than working on the flash: it takes 4,8s to memcpy the uImage
>> in a RAM file, and less than 3s to bootm on the flash. But
>>
>>
>> Do you know a way to get the size of a file? Or to convert a binary
>> size into a "human readable format" for Hush? Or should I develop a
>> kind of "stat" utility for barebox?
>> Thank you in advance,
>
> I can't think of a way on the shell to accomplish this. Something that
> might come close is uImagefs. You can mount an uImage as a filesystem,
> then you can run digest on the individual contents of the image, but not
> of the whole image itself.
>
> Also extracting the size from the image via memcpy and somehow convert
> the value to hex, then memcpy the uImage to a file sounds fragile. I
> would probably add a option to the uimage command, like -c for copy.
> In C it's easy to sanity check the size you read and to verify the
> header checksum before doing anything else. You can't do that in shell.
uImageFS was design exactly for this case
Best Regards,
J.
>
> Sascha
>
> --
> Pengutronix e.K. | |
> Industrial Linux Solutions | http://www.pengutronix.de/ |
> Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
>
> _______________________________________________
> barebox mailing list
> barebox@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/barebox
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-07-02 5:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-01 7:02 how to do a digest on a flashed uImage ? Philippe Leduc
2015-07-02 5:42 ` Sascha Hauer
2015-07-02 5:47 ` Jean-Christophe PLAGNIOL-VILLARD
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox