[Buildroot] [PATCH] board/octavo: Add FORCE_CHECK_HASHES config and custom hashes

[Buildroot] [PATCH] board/octavo: Add FORCE_CHECK_HASHES config and custom hashes

[Kory Maincent via buildroot]

Enable FORCE_CHECK_HASHES to ensure that all hashes are valid even
from custom packages.
Add custom version package hashes of Linux, U-boot and TF-A.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
---
 .../patches/arm-trusted-firmware/arm-trusted-firmware.hash      | 2 ++
 board/octavo/osd32mp1-brk/patches/linux/linux.hash              | 2 ++
 board/octavo/osd32mp1-brk/patches/uboot/uboot.hash              | 2 ++
 .../patches/arm-trusted-firmware/arm-trusted-firmware.hash      | 2 ++
 board/octavo/osd32mp1-red/patches/linux/linux.hash              | 2 ++
 board/octavo/osd32mp1-red/patches/uboot/uboot.hash              | 2 ++
 configs/octavo_osd32mp1_brk_defconfig                           | 1 +
 configs/octavo_osd32mp1_red_defconfig                           | 1 +
 8 files changed, 14 insertions(+)
 create mode 100644 board/octavo/osd32mp1-brk/patches/arm-trusted-firmware/arm-trusted-firmware.hash
 create mode 100644 board/octavo/osd32mp1-brk/patches/linux/linux.hash
 create mode 100644 board/octavo/osd32mp1-brk/patches/uboot/uboot.hash
 create mode 100644 board/octavo/osd32mp1-red/patches/arm-trusted-firmware/arm-trusted-firmware.hash
 create mode 100644 board/octavo/osd32mp1-red/patches/linux/linux.hash
 create mode 100644 board/octavo/osd32mp1-red/patches/uboot/uboot.hash

diff --git a/board/octavo/osd32mp1-brk/patches/arm-trusted-firmware/arm-trusted-firmware.hash b/board/octavo/osd32mp1-brk/patches/arm-trusted-firmware/arm-trusted-firmware.hash
new file mode 100644
index 0000000000..2ba1cc0972
--- /dev/null
+++ b/board/octavo/osd32mp1-brk/patches/arm-trusted-firmware/arm-trusted-firmware.hash
@@ -0,0 +1,2 @@
+# Locally calculated
+sha256  83d744c155097f27682a06fdba5f7e976fde6edf61474d40a5a44e71862a3822  arm-trusted-firmware-v2.4-stm32mp-r1-git4.tar.gz
diff --git a/board/octavo/osd32mp1-brk/patches/linux/linux.hash b/board/octavo/osd32mp1-brk/patches/linux/linux.hash
new file mode 100644
index 0000000000..ec9218e388
--- /dev/null
+++ b/board/octavo/osd32mp1-brk/patches/linux/linux.hash
@@ -0,0 +1,2 @@
+# Locally calculated
+sha256  c2e22c6d13e5970839231ca29cfbe3bb66ef4d4d1cd3c2b5afb61f591f89d71a  linux-v5.10-stm32mp-r2.1-git4.tar.gz
diff --git a/board/octavo/osd32mp1-brk/patches/uboot/uboot.hash b/board/octavo/osd32mp1-brk/patches/uboot/uboot.hash
new file mode 100644
index 0000000000..6b51c2685b
--- /dev/null
+++ b/board/octavo/osd32mp1-brk/patches/uboot/uboot.hash
@@ -0,0 +1,2 @@
+# Locally calculated
+sha256  49a2470ecd29c29cc712861372335c9e2020e5c56392c6417faf66dc7a782261  uboot-v2020.10-stm32mp-r2.1-git4.tar.gz
diff --git a/board/octavo/osd32mp1-red/patches/arm-trusted-firmware/arm-trusted-firmware.hash b/board/octavo/osd32mp1-red/patches/arm-trusted-firmware/arm-trusted-firmware.hash
new file mode 100644
index 0000000000..2ba1cc0972
--- /dev/null
+++ b/board/octavo/osd32mp1-red/patches/arm-trusted-firmware/arm-trusted-firmware.hash
@@ -0,0 +1,2 @@
+# Locally calculated
+sha256  83d744c155097f27682a06fdba5f7e976fde6edf61474d40a5a44e71862a3822  arm-trusted-firmware-v2.4-stm32mp-r1-git4.tar.gz
diff --git a/board/octavo/osd32mp1-red/patches/linux/linux.hash b/board/octavo/osd32mp1-red/patches/linux/linux.hash
new file mode 100644
index 0000000000..ec9218e388
--- /dev/null
+++ b/board/octavo/osd32mp1-red/patches/linux/linux.hash
@@ -0,0 +1,2 @@
+# Locally calculated
+sha256  c2e22c6d13e5970839231ca29cfbe3bb66ef4d4d1cd3c2b5afb61f591f89d71a  linux-v5.10-stm32mp-r2.1-git4.tar.gz
diff --git a/board/octavo/osd32mp1-red/patches/uboot/uboot.hash b/board/octavo/osd32mp1-red/patches/uboot/uboot.hash
new file mode 100644
index 0000000000..6b51c2685b
--- /dev/null
+++ b/board/octavo/osd32mp1-red/patches/uboot/uboot.hash
@@ -0,0 +1,2 @@
+# Locally calculated
+sha256  49a2470ecd29c29cc712861372335c9e2020e5c56392c6417faf66dc7a782261  uboot-v2020.10-stm32mp-r2.1-git4.tar.gz
diff --git a/configs/octavo_osd32mp1_brk_defconfig b/configs/octavo_osd32mp1_brk_defconfig
index e8857f3649..2a6d794722 100644
--- a/configs/octavo_osd32mp1_brk_defconfig
+++ b/configs/octavo_osd32mp1_brk_defconfig
@@ -4,6 +4,7 @@ BR2_TOOLCHAIN_EXTERNAL=y
 BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
 BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_GLIBC_STABLE=y
 BR2_GLOBAL_PATCH_DIR="board/octavo/osd32mp1-brk/patches"
+BR2_DOWNLOAD_FORCE_CHECK_HASHES=y
 BR2_ROOTFS_OVERLAY="board/octavo/osd32mp1-brk/overlay/"
 BR2_ROOTFS_POST_IMAGE_SCRIPT="support/scripts/genimage.sh"
 BR2_ROOTFS_POST_SCRIPT_ARGS="-c board/octavo/osd32mp1-brk/genimage.cfg"
diff --git a/configs/octavo_osd32mp1_red_defconfig b/configs/octavo_osd32mp1_red_defconfig
index d179e0a27e..3646e2d04f 100644
--- a/configs/octavo_osd32mp1_red_defconfig
+++ b/configs/octavo_osd32mp1_red_defconfig
@@ -4,6 +4,7 @@ BR2_TOOLCHAIN_EXTERNAL=y
 BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
 BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV7_EABIHF_GLIBC_STABLE=y
 BR2_GLOBAL_PATCH_DIR="board/octavo/osd32mp1-red/patches"
+BR2_DOWNLOAD_FORCE_CHECK_HASHES=y
 BR2_ROOTFS_OVERLAY="board/octavo/osd32mp1-red/overlay/"
 BR2_ROOTFS_POST_IMAGE_SCRIPT="support/scripts/genimage.sh"
 BR2_ROOTFS_POST_SCRIPT_ARGS="-c board/octavo/osd32mp1-red/genimage.cfg"
-- 
2.34.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] board/octavo: Add FORCE_CHECK_HASHES config and custom hashes

[Peter Korsgaard]

>>>>> "Kory" == Kory Maincent <kory.maincent@bootlin.com> writes:

 > Enable FORCE_CHECK_HASHES to ensure that all hashes are valid even
 > from custom packages.
 > Add custom version package hashes of Linux, U-boot and TF-A.

 > Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot