Re: [tegrarcm PATCH v1 2/4] Add option --ml_rcm <rcm_ml_blob>

public inbox for linux-tegra@vger.kernel.org
 help / color / mirror / Atom feed

From: Allen Martin <amartin-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
To: Jimmy Zhang <jimmzhang-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
Cc: swarren-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org,
	alban.bedel-RM9K5IK7kjKj5M59NBduVrNAH6kLmebB@public.gmane.org,
	linux-tegra-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [tegrarcm PATCH v1 2/4] Add option --ml_rcm <rcm_ml_blob>
Date: Fri, 4 Mar 2016 17:25:06 -0800	[thread overview]
Message-ID: <20160305012506.GA19189@nvidia.com> (raw)
In-Reply-To: <1457135087-967-3-git-send-email-jimmzhang-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>

On Fri, Mar 04, 2016 at 03:44:45PM -0800, Jimmy Zhang wrote:
> This option along with "--pkc <keyfile>" allows user to generate signed
> query version rcm, miniloader rcm and signed bootloader (flasher). With
> these signed blob, user will then be able to run tegrarcm on a fused system
> without keyfile.
> 
> Command syntax:
>  $ ./tegrarcm --ml_rcm <ml_rcm_blob> --pkc <keyfile>
> 
> Example:
> 1. connect usb cable to recovery mode usb port
> 2. put target in recovery mode
> 3. run command as below:
> $ sudo ./tegrarcm --ml_rcm t124_ml_rcm.bin --pkc rsa_priv.der
> 

Why this extra step to write the signed miniloader to a separate file?
Why not just sign the miniloader in memory when using the --signed
option?  It looks like this is also generating a file for the signed
RCM messages, which should just be done in memory as well like we do
when using CMAC signing.


> +static int initialize_rcm(uint16_t devid, usb_device_t *usb,
> +			const char *keyfile, const char *ml_rcm_file)
> +{
> +	int ret = 0;
>  	uint8_t *msg_buff;
>  	int msg_len;
>  	uint32_t status;
>  	int actual_len;
> +	#define query_rcm_ext	".qry"

Don't need this #define, just use ".qry" directly below


> +static int sign_blob(const char *blob_filename, const char *keyfile)
> +{
> +	int ret;
> +	uint8_t rsa_pss_sig[2048 / 8];
> +
> +	#define sign_ext	".sig"

Here too


> diff --git a/src/rcm.c b/src/rcm.c
> index c7f0f8dddecc..cdf81309ae96 100644
> --- a/src/rcm.c
> +++ b/src/rcm.c
> @@ -202,11 +202,12 @@ static int rcm35_sign_msg(uint8_t *buf)
>  		return -EMSGSIZE;
>  	}
>  
> +	cmac_hash(msg->reserved, crypto_len, msg->object_sig.cmac_hash);
> +
>  	if (rcm_keyfile)
>  		rsa_pss_sign(rcm_keyfile, msg->reserved, crypto_len,
>  			msg->object_sig.rsa_pss_sig, msg->modulus);
> -	else
> -		cmac_hash(msg->reserved, crypto_len, msg->object_sig.cmac_hash);

I don't understand this part, this looks like it undoes what you put
in the previous patch.


> @@ -226,11 +227,10 @@ static int rcm40_sign_msg(uint8_t *buf)
>  		return -EMSGSIZE;
>  	}
>  
> +	cmac_hash(msg->reserved, crypto_len, msg->object_sig.cmac_hash);
>  	if (rcm_keyfile)
>  		rsa_pss_sign(rcm_keyfile, msg->reserved, crypto_len,
>  			msg->object_sig.rsa_pss_sig, msg->modulus);
> -	else
> -		cmac_hash(msg->reserved, crypto_len, msg->object_sig.cmac_hash);

Same here

next prev parent reply	other threads:[~2016-03-05  1:25 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-04 23:44 [tegrarcm PATCH v1 0/4] Add flashing support for T124 rsa fused board Jimmy Zhang
     [not found] ` <1457135087-967-1-git-send-email-jimmzhang-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
2016-03-04 23:44   ` [tegrarcm PATCH v1 1/4] Add option "--pkc" Jimmy Zhang
     [not found]     ` <1457135087-967-2-git-send-email-jimmzhang-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
2016-03-05  1:43       ` Allen Martin
2016-03-07 19:55       ` Stephen Warren
     [not found]         ` <56DDDCC8.9090803-3lzwWm7+Weoh9ZMKESR00Q@public.gmane.org>
2016-03-09  0:50           ` Jimmy Zhang
     [not found]             ` <6dc28718c5ec4d4aba4bcafcf36409be-wO81nVYWzR7YuxH7O460wFaTQe2KTcn/@public.gmane.org>
2016-03-09 17:32               ` Stephen Warren
2016-03-04 23:44   ` [tegrarcm PATCH v1 2/4] Add option --ml_rcm <rcm_ml_blob> Jimmy Zhang
     [not found]     ` <1457135087-967-3-git-send-email-jimmzhang-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
2016-03-05  1:25       ` Allen Martin [this message]
     [not found]         ` <20160305012506.GA19189-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
2016-03-05  2:35           ` Jimmy Zhang
     [not found]             ` <b47263cc6b5a412bbbb9cd4a17d223cf-wO81nVYWzR7YuxH7O460wFaTQe2KTcn/@public.gmane.org>
2016-03-07  8:54               ` Thierry Reding
2016-03-07 20:15       ` Stephen Warren
     [not found]         ` <56DDE16A.8030809-3lzwWm7+Weoh9ZMKESR00Q@public.gmane.org>
2016-03-09  1:21           ` Jimmy Zhang
     [not found]             ` <efa82104830b489a8ebe29238bb48034-wO81nVYWzR7YuxH7O460wFaTQe2KTcn/@public.gmane.org>
2016-03-09 17:35               ` Stephen Warren
2016-03-04 23:44   ` [tegrarcm PATCH v1 3/4] Add option --signed Jimmy Zhang
     [not found]     ` <1457135087-967-4-git-send-email-jimmzhang-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
2016-03-07  8:58       ` Thierry Reding
2016-03-07 20:31       ` Stephen Warren
     [not found]         ` <56DDE53D.4060206-3lzwWm7+Weoh9ZMKESR00Q@public.gmane.org>
2016-03-09  0:36           ` Jimmy Zhang
     [not found]             ` <90950f4d7098476891feda7e5e803cfa-wO81nVYWzR7YuxH7O460wFaTQe2KTcn/@public.gmane.org>
2016-03-09 17:29               ` Stephen Warren
     [not found]                 ` <56E05D75.5050707-3lzwWm7+Weoh9ZMKESR00Q@public.gmane.org>
2016-03-09 21:01                   ` Jimmy Zhang
     [not found]                     ` <efdc080b4a0f4bd4a8a736d947417acd-wO81nVYWzR7YuxH7O460wFaTQe2KTcn/@public.gmane.org>
2016-03-09 21:03                       ` Stephen Warren
2016-03-04 23:44   ` [tegrarcm PATCH v1 4/4] Increate USB timeout value Jimmy Zhang
     [not found]     ` <1457135087-967-5-git-send-email-jimmzhang-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
2016-03-05  1:46       ` Allen Martin
     [not found]         ` <20160305014644.GC19189-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
2016-03-05  2:39           ` Jimmy Zhang
2016-03-07 19:39       ` Stephen Warren
     [not found]         ` <56DDD90B.1040802-3lzwWm7+Weoh9ZMKESR00Q@public.gmane.org>
2016-03-09  1:41           ` Jimmy Zhang
     [not found]             ` <973e4d88a8a24062964655a6ec3b2c71-wO81nVYWzR7YuxH7O460wFaTQe2KTcn/@public.gmane.org>
2016-03-09 17:41               ` Stephen Warren
     [not found]                 ` <56E06042.2060604-3lzwWm7+Weoh9ZMKESR00Q@public.gmane.org>
2016-03-09 19:56                   ` Jimmy Zhang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160305012506.GA19189@nvidia.com \
    --to=amartin-ddmlm1+adcrqt0dzr+alfa@public.gmane.org \
    --cc=alban.bedel-RM9K5IK7kjKj5M59NBduVrNAH6kLmebB@public.gmane.org \
    --cc=jimmzhang-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org \
    --cc=linux-tegra-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=swarren-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox