From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id AFB11C05027 for ; Tue, 14 Feb 2023 23:15:22 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 29C8F85763; Wed, 15 Feb 2023 00:15:20 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Jdryq5k1"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 59B1F858BF; Tue, 14 Feb 2023 21:38:02 +0100 (CET) Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C1AEB856D1 for ; Tue, 14 Feb 2023 21:37:58 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=fr0st61te@gmail.com Received: by mail-lj1-x22f.google.com with SMTP id d8so19775383ljq.9 for ; Tue, 14 Feb 2023 12:37:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject :date:message-id:reply-to; bh=BB2uIiUHfhAXELbUU/Xlab5qMs1B29UtU/aVf09zo4w=; b=Jdryq5k15Fvm8WK+HbLgcCD2v0wD6ovvIXUDnk4CX7p+/m6O6M66l5rprj5wr7/6KL Vb+UrFvBZUNS2HQM+kUxCT8EJsEtLaPlM/f0LzjMobSBAffna8mweY2QaGIJqB7s3yuB fLAgX1mG1mskbPFvS/sGNhQzdMiB2AtCy+SuOJMhUYHZ+zaR4G4KhZ5EZLEZfkGvmfhq q7tfJg1rf0R8uX+RBWaeJt8pVCW3MB2ajtedOCyQwafTCEa298njF8LmNn/AwDuh7maq lbzfJIa1GhRwimrzczL4LYkB4QjWavd8B4bNNBorj4gfRBhHIJTUruMoTqwv1OcMkdSc AXfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=BB2uIiUHfhAXELbUU/Xlab5qMs1B29UtU/aVf09zo4w=; b=16h7FUdpHHwDTJWGVDtUm4ZGO/M3/Tv3nx+FEc6IfXIkwAwXtyMEonQyK5PIqZrzon dyX0Pt8gd9olor2FOxGd6NtNIctDEWC7uS8Ns4GkMc/MqZVs3NJaufGd6T0krZwzE+EK t2wkHNIqW+GntjUayo2cOQnS/E661bk99rPgMBwInNpA3ih5pWksz4IYPjrz7WlkJTca MyKdPRaSCAP694C+WPd3YIWuhk/EbYEV4tzc3M19zvjNj/5wvMhsndmZUzwwZGX86Ast xtoVZEXtdP0mEaKZLO/jl0I7f/SiE8Lhira0AAbbsKer0bx8f3+cZ44DZyq/gdNjJruW gtNA== X-Gm-Message-State: AO0yUKWU6B2KhrehtIhyLBKB2nz524K3O+GmUDYLi98kArz0u/O6O+ky 6cixvS8RRWqMu8vdv68Syhs= X-Google-Smtp-Source: AK7set8+nkJpF/TZv9IMem85/280g4w9Uo6dd1hM41+dSAFu3V5N3vjav++m9L0D2upnRc9k2NN3kw== X-Received: by 2002:a2e:9f43:0:b0:293:4ff4:c0b6 with SMTP id v3-20020a2e9f43000000b002934ff4c0b6mr1245048ljk.32.1676407077862; Tue, 14 Feb 2023 12:37:57 -0800 (PST) Received: from [100.119.249.156] (95-31-189-179.broadband.corbina.ru. [95.31.189.179]) by smtp.gmail.com with ESMTPSA id u28-20020ac243dc000000b004a0589786ddsm1140066lfl.69.2023.02.14.12.37.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Feb 2023 12:37:57 -0800 (PST) Message-ID: <28c049752907effca6710f2290fc616e07799a2f.camel@gmail.com> Subject: Re: [PATCH 1/3] binman: add sign option for binman From: Ivan Mikhaylov To: Simon Glass Cc: Alper Nebi Yasak , U-Boot Mailing List , Jan Kiszka Date: Tue, 14 Feb 2023 23:37:55 +0000 In-Reply-To: References: <20220321214319.33254-1-fr0st61te@gmail.com> <20220321214319.33254-2-fr0st61te@gmail.com> <8bf99a710da222864dd608f9cd05dc0f1c5dbda1.camel@gmail.com> <5e3b1dd707d959d029554749d82fa81e9a356126.camel@gmail.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.46.3 MIME-Version: 1.0 X-Mailman-Approved-At: Wed, 15 Feb 2023 00:15:19 +0100 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean On Sat, 2023-02-04 at 15:23 -0700, Simon Glass wrote: > Hi Ivan, >=20 > On Sun, 15 Jan 2023 at 16:54, Ivan Mikhaylov > wrote: > >=20 > > On Fri, 2023-01-13 at 11:00 -0700, Simon Glass wrote: > > > Hi Ivan, > > >=20 > > > On Sat, 24 Dec 2022 at 15:35, Ivan Mikhaylov > > > > > > wrote: > > > >=20 > > > > On Sat, 2022-12-17 at 15:02 -0700, Simon Glass wrote: > > > > > Hi Ivan, > > > > >=20 > > > > > On Tue, 13 Dec 2022 at 11:51, Ivan Mikhaylov > > > > > > > > > > wrote: > > > > > >=20 > > > > > > On Fri, 2022-11-18 at 13:50 -0700, Simon Glass wrote: > > > > > > > Hi Ivan, > > > > > > >=20 > > > > > > > On Thu, 15 Sept 2022 at 13:44, Ivan Mikhaylov > > > > > > > > > > > > > > wrote: > > > > > > > >=20 > > > > > > > > On Wed, 2022-09-07 at 15:10 -0600, Simon Glass wrote: > > > > > > > > > Hi Ivan, > > > > > > > > >=20 > > > > > > > > > Section data comes from the BuildSectionData() > > > > > > > > > method, so > > > > > > > > > you > > > > > > > > > could > > > > > > > > > try calling that. > > > > > > > > >=20 > > > > > > > > > See also collect_contents_to_file() > > > > > > > > >=20 > > > > > > > > > Regards, > > > > > > > > > Simon > > > > > > > >=20 > > > > > > > > Simon, I've tried both these ways and they both don't > > > > > > > > work > > > > > > > > to > > > > > > > > me. > > > > > > > > What > > > > > > > > I've got: > > > > > > > >=20 > > > > > > > > def SignEntries(image_fname, input_fname, > > > > > > > > privatekey_fname, > > > > > > > > algo, > > > > > > > > entry_paths): > > > > > > > > =C2=A0=C2=A0=C2=A0 image_fname =3D os.path.abspath(image_fn= ame) > > > > > > > > =C2=A0=C2=A0=C2=A0 image =3D Image.FromFile(image_fname) > > > > > > > > =C2=A0=C2=A0=C2=A0 state.PrepareFromLoadedData(image) > > > > > > > > =C2=A0=C2=A0=C2=A0 image.LoadData() > > > > > > > >=20 > > > > > > > > 1. BuildSectionData > > > > > > > >=20 > > > > > > > > =C2=A0=C2=A0=C2=A0 for entry_path in entry_paths: > > > > > > > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 entry =3D image.= FindEntryPath(entry_path) > > > > > > > >=20 > > > > > > > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 try: > > > > > > > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 entry.BuildSectionData(True) > > > > > > > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 except Exception= as e: > > > > > > > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 logging.error(traceback.format_exc()) > > > > > > > >=20 > > > > > > > >=20 > > > > > > > > ERROR:root:AttributeError: 'NoneType' object has no > > > > > > > > attribute > > > > > > > > 'run' > > > > > >=20 > > > > > > Hi Simon, sorry for long delay. > > > > > >=20 > > > > > > binman: 'NoneType' object has no attribute 'run' > > > > > >=20 > > > > > > Traceback (most recent call last): > > > > > > =C2=A0 File "/home/fr/upstream_uboot/tools/binman/binman", line > > > > > > 133, > > > > > > in > > > > > > RunBinman > > > > > > =C2=A0=C2=A0=C2=A0 ret_code =3D control.Binman(args) > > > > > > =C2=A0 File "/home/fr/upstream_uboot/tools/binman/control.py", > > > > > > line > > > > > > 684, > > > > > > in > > > > > > Binman > > > > > > =C2=A0=C2=A0=C2=A0 SignEntries(args.image, args.file, args.key,= args.algo, > > > > > > args.paths) > > > > > > =C2=A0 File "/home/fr/upstream_uboot/tools/binman/control.py", > > > > > > line > > > > > > 469, > > > > > > in > > > > > > SignEntries > > > > > > =C2=A0=C2=A0=C2=A0 entry.BuildSectionData(True) > > > > > > =C2=A0 File "/home/fr/upstream_uboot/tools/binman/etype/fit.py"= , > > > > > > line > > > > > > 426, > > > > > > in BuildSectionData > > > > > > =C2=A0=C2=A0=C2=A0 if self.mkimage.run(reset_timestamp=3DTrue, > > > > > > output_fname=3Doutput_fname, > > > > > > AttributeError: 'NoneType' object has no attribute 'run' > > > > > >=20 > > > > >=20 > > > > > You need to call image.CollectBintolls() like ReadEntry() and > > > > > other > > > > > functions similar to yours that read images from a file. This > > > > > is > > > > > the > > > > > only way that the 'mkimage' tool becomes available to fit.py > > > > >=20 > > > > > See fit.AddBintools() which is called by that function and > > > > > sets > > > > > 'self.mkimage' > > > > > >=20 > > > > Simon, thanks, now this part works fine but there is still > > > > issue > > > > with > > > > updating of fit section, saw that there exists some functions > > > > like > > > > WriteData but for section(etype/fit.py) it is not implemented > > > > yet. > > > >=20 > > > > ValueError: Node '/fit': Replacing sections is not implemented > > > > yet > > > >=20 > > > > Also tried SetContents but it doesn't update fit section in > > > > place. > > > > Any > > > > suggestions here? > > >=20 > > > Updating a FIT in the image is not supported, or at least not > > > tested, > > > so presumably doesn't work. > > >=20 > > > I obtained fdt_add_pubkey > > > from > > > https://patchwork.ozlabs.org/project/uboot/list/?series=3D271511&stat= e=3D > > > * > > >=20 > > > I tried this: > > >=20 > > > binman test testSignSimple > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D Running binman tests > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D > > > E > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > =3D=3D=3D=3D > > > =3D > > > ERROR: binman.ftest.TestFunctional.testSignSimple > > > (subunit.RemotedTestCase) > > > binman.ftest.TestFunctional.testSignSimple > > > ----------------------------------------------------------------- > > > ---- > > > - > > > testtools.testresult.real._StringException: ValueError: Error 1 > > > running 'fdt_add_pubkey -a sha256,rsa4096 -k /tmp/binman.1antmyoq > > > -n > > > test_key /tmp/binman.1antmyoq/source.dtb': .dtb too small, > > > increasing > > > size by 1024 bytes > > > .dtb too small, increasing size by 1024 bytes > > > fdt_add_pubkey: Cannot add public key to FIT blob: Unknown error > > > -56 > > >=20 > > >=20 > > > During handling of the above exception, another exception > > > occurred: > > >=20 > > > UnboundLocalError: local variable 'key_dir' referenced before > > > assignment > > >=20 > > >=20 > > > ----------------------------------------------------------------- > > > ---- > > > - > > > Ran 1 test in 1.658s > > >=20 > > > FAILED (errors=3D1) > > >=20 > > > [sjg@kea u ((5cf6f1f8e7c...) $)]$ binman test testSignSimpleExact > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D Running binman tests > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D > > >=20 > > > ----------------------------------------------------------------- > > > ---- > > > - > > > Ran 0 tests in 0.067s > > >=20 > > > OK > > >=20 > > >=20 > > > Can you please: > > >=20 > > > - push your tree again > > > - provide the command line you are using, or test case you are > > > trying > > > to make work > > > - provide the files needed to run it it > > >=20 > > > With that I should be able to figure out what is needed. > > >=20 > > > Regards, > > > Simon > >=20 > > Simon, sorry, I forgot about fdt_add_pubkey, I've updated and added > > version on which I'm working into branch which I posted before. > > There > > was update in add_verify_data call for rsa at least which sending > > node > > number instead of return code because of this you seeing such > > errors > > with run of this toolkit. Now you should see something like this: > >=20 > > binman test testSignSimple > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D Running binman tests > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D > > E > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > =3D=3D=3D > > ERROR: testSignSimple (binman.ftest.TestFunctional) > > Test that a FIT container can be signed in image > > ------------------------------------------------------------------- > > --- > > ValueError: Node '/fit': Replacing sections is not implemented yet > >=20 > > ------------------------------------------------------------------- > > --- > > Ran 1 test in 0.480s > >=20 > > FAILED (errors=3D1) > >=20 > > The command line which I'm using for manual testing: > >=20 > > binman -D sign -i image-updated.bin -k test_key.key -a > > sha256,rsa4096 > > fit >=20 > I've had a crack at this and sent a patch to allow updating sections > in toto. >=20 > https://github.com/sjg20/u-boot/tree/try-ivan >=20 > >=20 > > Also, as I see fdt_add_pubkey application still not in the u-boot > > tree. > > Need I look through and put it in this series or create another > > series > > of patches for fdt_add_pubkey? >=20 > Doing it in this series is fine. >=20 > Regards, > Simon Simon, thanks a lot, now it's looks like working. I've updated my branch on=C2=A0https://github.com/fr0st61te/u-boot/commits/signfit, everything seems ok - fdt_add_pubkey and tests works fine. I want to check everything with qemu or hw, it'll take some time. I'll get back with proper patchsets in 2-3 weeks. Thanks.