From: "Marek Behún" <kabel@kernel.org>
To: Stefan Roese <sr@denx.de>
Cc: u-boot@lists.denx.de, pali@kernel.org,
"Chris Packham" <judge.packham@gmail.com>,
"Baruch Siach" <baruch@tkos.co.il>,
"Dennis Gilmore" <dgilmore@redhat.com>,
"Mario Six" <mario.six@gdsys.cc>,
"Jon Nettleton" <jon@solid-run.com>,
"Marek Behún" <marek.behun@nic.cz>
Subject: [PATCH u-boot-marvell v3 20/39] tools: kwboot: Don't patch image header if signed
Date: Fri, 24 Sep 2021 23:06:57 +0200 [thread overview]
Message-ID: <20210924210716.29752-21-kabel@kernel.org> (raw)
In-Reply-To: <20210924210716.29752-1-kabel@kernel.org>
From: Pali Rohár <pali@kernel.org>
It is not possible to modify image with secure header due to
cryptographic signature.
Signed-off-by: Pali Rohár <pali@kernel.org>
[ refactored ]
Signed-off-by: Marek Behún <marek.behun@nic.cz>
---
tools/kwboot.c | 30 +++++++++++++++++++++++++-----
1 file changed, 25 insertions(+), 5 deletions(-)
diff --git a/tools/kwboot.c b/tools/kwboot.c
index 9394a51380..2446d0a7b5 100644
--- a/tools/kwboot.c
+++ b/tools/kwboot.c
@@ -756,6 +756,18 @@ kwboot_img_csum8(void *_data, size_t size)
return csum;
}
+static int
+kwboot_img_is_secure(void *img)
+{
+ struct opt_hdr_v1 *ohdr;
+
+ for_each_opt_hdr_v1 (ohdr, img)
+ if (ohdr->headertype == OPT_HDR_V1_SECURE_TYPE)
+ return 1;
+
+ return 0;
+}
+
static int
kwboot_img_patch_hdr(void *img, size_t size)
{
@@ -764,6 +776,7 @@ kwboot_img_patch_hdr(void *img, size_t size)
uint8_t csum;
size_t hdrsz = sizeof(*hdr);
int image_ver;
+ int is_secure;
rc = -1;
hdr = img;
@@ -796,12 +809,19 @@ kwboot_img_patch_hdr(void *img, size_t size)
goto out;
}
- if (hdr->blockid == IBR_HDR_UART_ID) {
- rc = 0;
- goto out;
- }
+ is_secure = kwboot_img_is_secure(img);
- hdr->blockid = IBR_HDR_UART_ID;
+ if (hdr->blockid != IBR_HDR_UART_ID) {
+ if (is_secure) {
+ fprintf(stderr,
+ "Image has secure header with signature for non-UART booting\n");
+ errno = EINVAL;
+ goto out;
+ }
+
+ kwboot_printv("Patching image boot signature to UART\n");
+ hdr->blockid = IBR_HDR_UART_ID;
+ }
if (image_ver == 0) {
struct main_hdr_v0 *hdr_v0 = img;
--
2.32.0
next prev parent reply other threads:[~2021-09-24 21:14 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-24 21:06 [PATCH u-boot-marvell v3 00/39] kwboot higher baudrate Marek Behún
2021-08-17 22:59 ` [PATCH u-boot-marvell v3 19/39] tools: kwbimage: Simplify iteration over version 1 optional headers Marek Behún
2021-08-25 12:49 ` [PATCH u-boot-marvell v3 39/39] MAINTAINERS: Add entry for kwbimage / kwboot tools Marek Behún
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 01/39] tools: kwbimage: Fix printf format warning Marek Behún
2021-10-01 6:00 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 02/39] tools: kwboot: Fix buffer overflow in kwboot_terminal() Marek Behún
2021-10-01 6:14 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 03/39] tools: kwboot: Make the quit sequence buffer const Marek Behún
2021-10-01 6:14 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 04/39] tools: kwboot: Refactor and fix writing buffer Marek Behún
2021-10-01 6:14 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 05/39] tools: kwboot: Print version information header Marek Behún
2021-10-01 6:15 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 06/39] tools: kwboot: Fix kwboot_xm_sendblock() function when kwboot_tty_recv() fails Marek Behún
2021-10-01 6:15 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 07/39] tools: kwboot: Fix return type of kwboot_xm_makeblock() function Marek Behún
2021-10-01 6:15 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 08/39] tools: kwboot: Fix comparison of integers with different size Marek Behún
2021-10-01 6:16 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 09/39] tools: kwboot: Fix printing progress Marek Behún
2021-10-01 6:16 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 10/39] tools: kwboot: Print newline on error when progress was not completed Marek Behún
2021-10-01 6:16 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 11/39] tools: kwboot: Split sending image into header and data stages Marek Behún
2021-10-01 6:17 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 12/39] tools: kwboot: Use a function to check whether received byte is a Xmodem reply Marek Behún
2021-10-01 6:17 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 13/39] tools: kwboot: Allow non-xmodem text output from BootROM only in a specific case Marek Behún
2021-10-01 6:19 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 14/39] tools: kwboot: Print new line after SPL output Marek Behún
2021-10-01 6:20 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 15/39] tools: kwboot: Allow greater timeout when executing header code Marek Behún
2021-10-01 6:20 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 16/39] tools: kwboot: Prevent waiting indefinitely if no xmodem reply is received Marek Behún
2021-10-01 6:21 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 17/39] tools: kwboot: Properly finish xmodem transfer Marek Behún
2021-10-01 6:21 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 18/39] tools: kwboot: Always call kwboot_img_patch_hdr() Marek Behún
2021-10-01 6:22 ` Stefan Roese
2021-09-24 21:06 ` Marek Behún [this message]
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 21/39] tools: kwboot: Patch source address in image header Marek Behún
2021-10-01 6:22 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 22/39] tools: kwboot: Patch destination address to DDR area for SPI image Marek Behún
2021-10-01 6:23 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 23/39] tools: kwbimage: Refactor image_version() Marek Behún
2021-10-01 6:23 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 24/39] tools: kwbimage: Refactor kwbimage header size determination Marek Behún
2021-10-01 6:23 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 25/39] tools: kwbimage: Update comments describing kwbimage v1 structures Marek Behún
2021-10-01 6:24 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 26/39] tools: kwboot: Round up header size to 128 B when patching Marek Behún
2021-10-01 6:24 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 27/39] tools: kwboot: Explicitly check against size of struct main_hdr_v1 Marek Behún
2021-10-01 6:24 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 28/39] tools: kwboot: Support higher baudrates when booting via UART Marek Behún
2021-10-01 6:27 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 29/39] tools: kwboot: Allow any baudrate on Linux Marek Behún
2021-10-01 6:28 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 30/39] tools: kwboot: Check whether baudrate was set to requested value Marek Behún
2021-10-01 6:29 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 31/39] tools: kwboot: Fix initializing tty device Marek Behún
2021-10-01 6:29 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 32/39] tools: kwboot: Disable tty interbyte timeout Marek Behún
2021-10-01 6:29 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 33/39] tools: kwboot: Disable non-blocking mode Marek Behún
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 34/39] tools: kwboot: Cosmetic fix Marek Behún
2021-10-01 6:30 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 35/39] tools: kwboot: Avoid code repetition in kwboot_img_patch() Marek Behún
2021-10-01 6:30 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 36/39] tools: kwboot: Update file header Marek Behún
2021-10-01 6:30 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 37/39] tools: kwboot: Add Pali and Marek as authors Marek Behún
2021-10-01 6:30 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 38/39] doc/kwboot.1: Update man page Marek Behún
2021-10-01 6:31 ` Stefan Roese
2021-09-30 18:14 ` [PATCH u-boot-marvell v3 00/39] kwboot higher baudrate Pali Rohár
2021-10-01 4:52 ` Stefan Roese
2021-10-01 7:46 ` Stefan Roese
2021-10-01 9:16 ` Marek Behún
2021-10-01 9:23 ` Stefan Roese
2021-10-01 9:34 ` Marek Behún
2021-10-01 9:28 ` Pali Rohár
2021-10-01 9:58 ` Stefan Roese
2021-10-01 10:09 ` Pali Rohár
2021-10-01 10:28 ` Stefan Roese
2021-10-01 10:39 ` Pali Rohár
2021-10-01 10:43 ` Stefan Roese
2021-10-01 10:49 ` Pali Rohár
2021-10-01 11:01 ` Stefan Roese
2021-10-01 12:59 ` Tom Rini
2021-10-03 9:52 ` Stefan Roese
2021-10-01 10:36 ` Marek Behún
2021-10-01 10:40 ` Stefan Roese
2021-10-01 10:45 ` Marek Behún
2021-10-22 8:38 ` Stefan Roese
2021-10-22 8:48 ` Pali Rohár
2021-10-22 8:50 ` Stefan Roese
[not found] ` <20210924210716.29752-40-kabel@kernel.org>
2021-10-01 6:31 ` [PATCH u-boot-marvell v3 39/39] MAINTAINERS: Add entry for kwbimage / kwboot tools Stefan Roese
2021-10-01 12:33 ` [PATCH u-boot-marvell v3 00/39] kwboot higher baudrate Stefan Roese
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210924210716.29752-21-kabel@kernel.org \
--to=kabel@kernel.org \
--cc=baruch@tkos.co.il \
--cc=dgilmore@redhat.com \
--cc=jon@solid-run.com \
--cc=judge.packham@gmail.com \
--cc=marek.behun@nic.cz \
--cc=mario.six@gdsys.cc \
--cc=pali@kernel.org \
--cc=sr@denx.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox