From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1FCEFC433EF for ; Tue, 28 Sep 2021 09:55:57 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3AB756023B for ; Tue, 28 Sep 2021 09:55:56 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 3AB756023B Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=kaspersky.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1317882FC0; Tue, 28 Sep 2021 11:55:53 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=kaspersky.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=kaspersky.com header.i=@kaspersky.com header.b="wcnb3PQl"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id DE6A482F33; Tue, 28 Sep 2021 11:55:50 +0200 (CEST) Received: from mx13.kaspersky-labs.com (mx13.kaspersky-labs.com [91.103.66.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 094BA80C68 for ; Tue, 28 Sep 2021 11:55:46 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=kaspersky.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=Roman.Kopytin@kaspersky.com Received: from relay13.kaspersky-labs.com (unknown [127.0.0.10]) by relay13.kaspersky-labs.com (Postfix) with ESMTP id 6CD1F521440; Tue, 28 Sep 2021 12:55:45 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kaspersky.com; s=mail202102; t=1632822945; bh=9Nf7vCnGRqu/iLnG72mxXwkDMtHWLmrMsYVie7e8Ds8=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=wcnb3PQlRHygL0PXh9aWg5sbnz2eWpJj+mOr9TuOvaH2i+dnXOr2iVscmUk4BdcSO HzM9gYte9rVkKw+pi5tDKBNvr/aaXr70S+3s9Bwxd38ijfr88qF0kV9Q8Z+zRVd3Gv 1GXSMEDhubJrSlWEszxsaL6/teygC6IfhBBM/gt6hURQBrN8hMHfFf843VAqUpBA3x TvzkMYStM3lQzE5Mw4NJNzD14IiyfLOGuPWxVtwE7uKdY41bdw3eTMr/eh7/qLZ/Ae WTd1SuqbxmNg9VSr7IEyIbOv48LrOhX/HVOtb5TndKgGw5tILSCFSeqryCqUUH55j/ IJD74oQ0GawNA== Received: from mail-hq2.kaspersky.com (unknown [91.103.66.205]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail-hq2.kaspersky.com", Issuer "Kaspersky MailRelays CA G3" (verified OK)) by mailhub13.kaspersky-labs.com (Postfix) with ESMTPS id 2171852141E; Tue, 28 Sep 2021 12:55:44 +0300 (MSK) Received: from hqmailmbx3.avp.ru (10.64.67.243) by hqmailmbx2.avp.ru (10.64.67.242) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.14; Tue, 28 Sep 2021 12:55:43 +0300 Received: from hqmailmbx3.avp.ru ([fe80::5967:ee5:6a84:96b8]) by hqmailmbx3.avp.ru ([fe80::5967:ee5:6a84:96b8%21]) with mapi id 15.01.2308.014; Tue, 28 Sep 2021 12:55:43 +0300 From: Roman Kopytin To: Rasmus Villemoes , "u-boot@lists.denx.de" CC: Alex Kiernan , Simon Glass , Masahiro Yamada Subject: RE: [PATCH] introduce CONFIG_DEVICE_TREE_INCLUDES Thread-Topic: [PATCH] introduce CONFIG_DEVICE_TREE_INCLUDES Thread-Index: AQHXtEbUZcTcOPErG0OKtKR5hfYxiqu5NLPA Date: Tue, 28 Sep 2021 09:55:43 +0000 Message-ID: <4e53c8b67276419aa7e90dd768db8347@kaspersky.com> References: <20210928085651.619892-1-rasmus.villemoes@prevas.dk> In-Reply-To: <20210928085651.619892-1-rasmus.villemoes@prevas.dk> Accept-Language: ru-RU, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.64.68.129] x-kse-serverinfo: hqmailmbx2.avp.ru, 9 x-kse-attachmentfiltering-interceptor-info: no applicable attachment filtering rules found x-kse-antivirus-interceptor-info: scan successful x-kse-antivirus-info: Clean, bases: 28.09.2021 8:29:00 x-kse-bulkmessagesfiltering-scan-result: InTheLimit Content-Type: multipart/mixed; boundary="_004_4e53c8b67276419aa7e90dd768db8347kasperskycom_" MIME-Version: 1.0 X-KLMS-Rule-ID: 52 X-KLMS-Message-Action: clean X-KLMS-AntiSpam-Status: not scanned, disabled by settings X-KLMS-AntiSpam-Interceptor-Info: not scanned X-KLMS-AntiPhishing: Clean, bases: 2021/09/28 07:42:00 X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2021/09/28 06:05:00 #17329214 X-KLMS-AntiVirus-Status: Clean, skipped X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean --_004_4e53c8b67276419aa7e90dd768db8347kasperskycom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, all I prepared 3 patches for fdt_add_pubkey adding. But in our company infrastructure I can't use git send-email. Our IT can't = help me to resolve issue. -----Original Message----- From: Rasmus Villemoes =20 Sent: Tuesday, September 28, 2021 11:57 AM To: u-boot@lists.denx.de Cc: Alex Kiernan ; Simon Glass ; = Roman Kopytin ; Masahiro Yamada ; Rasmus Villemoes Subject: [PATCH] introduce CONFIG_DEVICE_TREE_INCLUDES The build system already automatically looks for and includes an in-tree *-= u-boot.dtsi when building the control .dtb. However, there are some things = that are awkward to maintain in such an in-tree file, most notably the meta= data associated to public keys used for verified boot. The only "official" API to get that metadata into the .dtb is via mkimage, = as a side effect of building an actual signed image. But there are multiple= problems with that. First of all, the final U-Boot (be it U-Boot proper or= an SPL) image is built based on a binary image, the .dtb, and possibly som= e other binary artifacts. So modifying the .dtb after the build requires th= e meta-buildsystem (Yocto, buildroot, whatnot) to know about and repeat som= e of the steps that are already known to and handled by U-Boot's build syst= em, resulting in needless duplication of code. It's also somewhat annoying = and inconsistent to have a .dtb file in the build folder which is not gener= ated by the command listed in the corresponding .cmd file (that of course a= pplies to any generated file). So the contents of the /signature node really needs to be baked into the .d= tb file when it is first created, which means providing the relevant data i= n the form of a .dtsi file. One could in theory put that data into the *-u-= boot.dtsi file, but it's more convenient to be able to provide it externall= y: For example, when developing for a customer, it's common to use a set of= dummy keys for development, while the consultants do not (and should not) = have access to the actual keys used in production. For such a setup, it's e= asier if the keys used are chosen via the meta-buildsystem and the path(s) = patched in during the configure step. And of course, nothing prevents anybo= dy from having DEVICE_TREE_INCLUDES point at files maintained in git, or fo= r that matter from including the public key metadata in the *-u-boot.dtsi d= irectly and ignore this feature. There are other uses for this, e.g. in combination with ENV_IMPORT_FDT it c= an be used for providing the contents of the /config/environment node, so I= don't want to tie this exclusively to use for verified boot. Signed-off-by: Rasmus Villemoes --- Getting the public key metadata into .dtsi form can be done with a little s= cripting (roughly 'mkimage -K' of a dummy image followed by 'dtc -I dtb -O = dts'). I have a script that does that, along with options to set 'required'= and 'required-mode' properties, include u-boot,dm-spl properties in case o= ne wants to check U-Boot proper from SPL with the verified boot mechanism, = etc. I'm happy to share that script if this gets accepted, but it's moot if= this is rejected. I have previously tried to get an fdt_add_pubkey tool accepted [1,2] to dis= entangle the kernel and u-boot builds (or u-boot and SPL builds for that ma= tter!), but as I've since realized, that isn't quite enough - the above points re modifying the .dtb after it is created but before tha= t is used to create further build artifacts still stand. However, such a to= ol could still be useful for creating the .dtsi info without the private ke= ys being present, and my key2dtsi.sh script could easily be modified to use= a tool like that should it ever appear. [1] https://lore.kernel.org/u-boot/20200211094818.14219-3-rasmus.villemoes@= prevas.dk/ [2] https://lore.kernel.org/u-boot/2184f1e6dd6247e48133c76205feeabe@kaspers= ky.com/ dts/Kconfig | 9 +++++++++ scripts/Makefile.lib | 2 ++ 2 files changed, 11 insertions(+) diff --git a/dts/Kconfig b/dts/Kconfig index dabe0080c1..593dddbaf0 100644 --- a/dts/Kconfig +++ b/dts/Kconfig @@ -139,6 +139,15 @@ config DEFAULT_DEVICE_TREE It can be overridden from the command line: $ make DEVICE_TREE=3D =20 +config DEVICE_TREE_INCLUDES + string "Extra .dtsi files to include when building DT control" + depends on OF_CONTROL + help + U-Boot's control .dtb is usually built from an in-tree .dts + file, plus (if available) an in-tree U-Boot-specific .dtsi + file. This option specifies a space-separated list of extra + .dtsi files that will also be used. + config OF_LIST string "List of device tree files to include for DT control" depends on SPL_LOAD_FIT || MULTI_DTB_FIT diff --git a/scripts/Makefile.li= b b/scripts/Makefile.lib index 78bbebe7e9..a2accba940 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -320,6 +320,8 @@ quiet_cmd_dtc =3D DTC $@ # Bring in any U-Boot-specific include at the end of the file cmd_dtc =3D= mkdir -p $(dir ${dtc-tmp}) ; \ (cat $<; $(if $(u_boot_dtsi),echo '$(pound)include "$(u_boot_dtsi)"')) > = $(pre-tmp); \ + $(foreach f,$(subst $(quote),,$(CONFIG_DEVICE_TREE_INCLUDES)), \ + echo '$(pound)include "$(f)"' >> $(pre-tmp);) \ $(CPP) $(dtc_cpp_flags) -x assembler-with-cpp -o $(dtc-tmp) $(pre-tmp) ; = \ $(DTC) -O dtb -o $@ -b 0 \ -i $(dir $<) $(DTC_FLAGS) \ -- 2.31.1 --_004_4e53c8b67276419aa7e90dd768db8347kasperskycom_ Content-Type: application/octet-stream; name="0000-cover-letter.patch" Content-Description: 0000-cover-letter.patch Content-Disposition: attachment; filename="0000-cover-letter.patch"; size=597; creation-date="Fri, 06 Aug 2021 15:20:36 GMT"; modification-date="Fri, 06 Aug 2021 15:15:35 GMT" Content-Transfer-Encoding: base64 RnJvbSBjOWNlYzYzNTg2ZmJjZTFhNWY2NjVmZjIyYjljM2IwMWE0M2NmYmM0IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBSb21hbiBLb3B5dGluIDxSb21hbi5Lb3B5dGluQGthc3BlcnNr eS5jb20+CkRhdGU6IEZyaSwgNiBBdWcgMjAyMSAxODoxNTozNSArMDMwMApTdWJqZWN0OiBbUEFU Q0ggMC8yXSAqKiogU1VCSkVDVCBIRVJFICoqKgoKKioqIEJMVVJCIEhFUkUgKioqCgpSb21hbiBL b3B5dGluICgyKToKICB0b29sczogYWRkIGZkdF9hZGRfcHVia2V5CiAgdGVzdF92Ym9vdC5weTog aW5jbHVkZSB0ZXN0IG9mIGZkdF9hZGRfcHVia2V5IHRvb2wKCiB0ZXN0L3B5L3Rlc3RzL3Rlc3Rf dmJvb3QucHkgfCAgOCArKysKIHRvb2xzLy5naXRpZ25vcmUgICAgICAgICAgICB8ICAxICsKIHRv b2xzL01ha2VmaWxlICAgICAgICAgICAgICB8ICAzICsrCiB0b29scy9mZHRfYWRkX3B1YmtleS5j ICAgICAgfCA5NyArKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrCiA0IGZpbGVz IGNoYW5nZWQsIDEwOSBpbnNlcnRpb25zKCspCiBjcmVhdGUgbW9kZSAxMDA3NTUgdG9vbHMvZmR0 X2FkZF9wdWJrZXkuYwoKLS0gCjIuMjUuMQoK --_004_4e53c8b67276419aa7e90dd768db8347kasperskycom_ Content-Type: application/octet-stream; name="0001-tools-add-fdt_add_pubkey.patch" Content-Description: 0001-tools-add-fdt_add_pubkey.patch Content-Disposition: attachment; filename="0001-tools-add-fdt_add_pubkey.patch"; size=5376; creation-date="Fri, 06 Aug 2021 15:20:36 GMT"; modification-date="Fri, 06 Aug 2021 15:15:35 GMT" Content-Transfer-Encoding: base64 RnJvbSA4YzdlYWI5ZDVlNWExNDI4Yzg0MTE0ZTA0YzIxYTVkMDk0MGYwOTY2IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBSb21hbiBLb3B5dGluIDxSb21hbi5Lb3B5dGluQGthc3BlcnNr eS5jb20+CkRhdGU6IEZyaSwgNiBBdWcgMjAyMSAxNToyMTo1MCArMDMwMApTdWJqZWN0OiBbUEFU Q0ggMS8yXSB0b29sczogYWRkIGZkdF9hZGRfcHVia2V5CgpIYXZpbmcgdG8gdXNlIHRoZSAtSyBv cHRpb24gdG8gbWtpbWFnZSB0byBwb3B1bGF0ZSBVLUJvb3QncyAuZHRiIHdpdGggdGhlCnB1Ymxp YyBrZXkgd2hpbGUgc2lnbmluZyB0aGUga2VybmVsIEZJVCBpbWFnZSBpcyBvZnRlbiBhIGxpdHRs ZQphd2t3YXJkLiBJbiBwYXJ0aWN1bGFyLCB3aGVuIHVzaW5nIGEgbWV0YS1idWlsZCBzeXN0ZW0g c3VjaCBhcwpiaXRiYWtlL1lvY3RvLCBoYXZpbmcgdGhlIHRhc2tzIG9mIHRoZSBrZXJuZWwgYW5k IFUtQm9vdCByZWNpcGVzCmludGVydHdpbmVkLCBtb2RpZnlpbmcgZGVwbG95ZWQgYXJ0aWZhY3Rz IGFuZCByZWJ1aWxkaW5nIFUtQm9vdCB3aXRoCmFuIHVwZGF0ZWQgLmR0YiBpcyBxdWl0ZSBjdW1i ZXJzb21lLiBBbHNvLCBpbiBzb21lIHNjZW5hcmlvcyBvbmUgbWF5Cndpc2ggdG8gYnVpbGQgVS1C b290IGNvbXBsZXRlIHdpdGggdGhlIHB1YmxpYyBrZXkocykgZW1iZWRkZWQgaW4gdGhlCi5kdGIg d2l0aG91dCB0aGUgY29ycmVzcG9uZGluZyBwcml2YXRlIGtleXMgYmVpbmcgcHJlc2VudCBvbiB0 aGUgc2FtZQpidWlsZCBob3N0LgoKU28gdGhpcyBhZGRzIGEgc2ltcGxlIHRvb2wgdGhhdCBhbGxv d3Mgb25lIHRvIGRpc2VudGFuZ2xlIHRoZSBrZXJuZWwKYW5kIFUtQm9vdCBidWlsZHMsIGJ5IHNp bXBseSBjb3B5LXBhc3RpbmcganVzdCBlbm91Z2ggb2YgdGhlIG1raW1hZ2UKY29kZSB0byBhbGxv dyBvbmUgdG8gYWRkIGEgcHVibGljIGtleSB0byBhIC5kdGIuIFdoZW4gdXNpbmcgbWtpbWFnZSwK c29tZSBvZiB0aGUgaW5mb3JtYXRpb24gaXMgdGFrZW4gZnJvbSB0aGUgLml0cyB1c2VkIHRvIGJ1 aWxkIHRoZQprZXJuZWwgKGFsZ29yaXRobSBhbmQga2V5IG5hbWUpLCBzbyB0aGF0IG9mIGNvdXJz ZSBuZWVkcyB0byBiZQpzdXBwbGllZCBvbiB0aGUgY29tbWFuZCBsaW5lLgoKU2lnbmVkLW9mZi1i eTogUm9tYW4gS29weXRpbiA8Um9tYW4uS29weXRpbkBrYXNwZXJza3kuY29tPgpDYzogUmFzbXVz IFZpbGxlbW9lcyA8cmFzbXVzLnZpbGxlbW9lc0BwcmV2YXMuZGs+Ci0tLQogdG9vbHMvLmdpdGln bm9yZSAgICAgICB8ICAxICsKIHRvb2xzL01ha2VmaWxlICAgICAgICAgfCAgMyArKwogdG9vbHMv ZmR0X2FkZF9wdWJrZXkuYyB8IDk3ICsrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysr KysrKysrKwogMyBmaWxlcyBjaGFuZ2VkLCAxMDEgaW5zZXJ0aW9ucygrKQogY3JlYXRlIG1vZGUg MTAwNzU1IHRvb2xzL2ZkdF9hZGRfcHVia2V5LmMKCmRpZmYgLS1naXQgYS90b29scy8uZ2l0aWdu b3JlIGIvdG9vbHMvLmdpdGlnbm9yZQppbmRleCBhODg0NTNmNjRkLi5mMzEyYjc2MGU0IDEwMDY0 NAotLS0gYS90b29scy8uZ2l0aWdub3JlCisrKyBiL3Rvb2xzLy5naXRpZ25vcmUKQEAgLTYsNiAr Niw3IEBACiAvZHVtcGltYWdlCiAvZWFzeWxvZ28vZWFzeWxvZ28KIC9lbnZjcmMKKy9mZHRfYWRk X3B1YmtleQogL2ZkdGdyZXAKIC9maWxlMmluY2x1ZGUKIC9maXRfY2hlY2tfc2lnbgpkaWZmIC0t Z2l0IGEvdG9vbHMvTWFrZWZpbGUgYi90b29scy9NYWtlZmlsZQppbmRleCA0YTg2MzIxZjY0Li40 NGYyNWRkYTE4IDEwMDY0NAotLS0gYS90b29scy9NYWtlZmlsZQorKysgYi90b29scy9NYWtlZmls ZQpAQCAtNzMsNiArNzMsNyBAQCBta2VudmltYWdlLW9ianMgOj0gbWtlbnZpbWFnZS5vIG9zX3N1 cHBvcnQubyBsaWIvY3JjMzIubwogCiBob3N0cHJvZ3MteSArPSBkdW1waW1hZ2UgbWtpbWFnZQog aG9zdHByb2dzLSQoQ09ORklHX1RPT0xTX0xJQkNSWVBUTykgKz0gZml0X2luZm8gZml0X2NoZWNr X3NpZ24KK2hvc3Rwcm9ncy0kKENPTkZJR19UT09MU19MSUJDUllQVE8pICs9IGZkdF9hZGRfcHVi a2V5CiAKIGhvc3Rwcm9ncy0kKENPTkZJR19DTURfQk9PVEVGSV9TRUxGVEVTVCkgKz0gZmlsZTJp bmNsdWRlCiAKQEAgLTE1Myw2ICsxNTQsNyBAQCBkdW1waW1hZ2Utb2JqcyA6PSAkKGR1bXBpbWFn ZS1ta2ltYWdlLW9ianMpIGR1bXBpbWFnZS5vCiBta2ltYWdlLW9ianMgICA6PSAkKGR1bXBpbWFn ZS1ta2ltYWdlLW9ianMpIG1raW1hZ2UubwogZml0X2luZm8tb2JqcyAgIDo9ICQoZHVtcGltYWdl LW1raW1hZ2Utb2JqcykgZml0X2luZm8ubwogZml0X2NoZWNrX3NpZ24tb2JqcyAgIDo9ICQoZHVt cGltYWdlLW1raW1hZ2Utb2JqcykgZml0X2NoZWNrX3NpZ24ubworZmR0X2FkZF9wdWJrZXktb2Jq cyAgIDo9ICQoZHVtcGltYWdlLW1raW1hZ2Utb2JqcykgZmR0X2FkZF9wdWJrZXkubwogZmlsZTJp bmNsdWRlLW9ianMgOj0gZmlsZTJpbmNsdWRlLm8KIAogaWZuZXEgKCQoQ09ORklHX01YMjMpJChD T05GSUdfTVgyOCkkKENPTkZJR19UT09MU19MSUJDUllQVE8pLCkKQEAgLTE5MCw2ICsxOTIsNyBA QCBIT1NUQ0ZMQUdTX2ZpdF9pbWFnZS5vICs9IC1ETUtJTUFHRV9EVEM9XCIkKENPTkZJR19NS0lN QUdFX0RUQ19QQVRIKVwiCiBIT1NUTERMSUJTX2R1bXBpbWFnZSA6PSAkKEhPU1RMRExJQlNfbWtp bWFnZSkKIEhPU1RMRExJQlNfZml0X2luZm8gOj0gJChIT1NUTERMSUJTX21raW1hZ2UpCiBIT1NU TERMSUJTX2ZpdF9jaGVja19zaWduIDo9ICQoSE9TVExETElCU19ta2ltYWdlKQorSE9TVExETElC U19mZHRfYWRkX3B1YmtleSA6PSAkKEhPU1RMRExJQlNfbWtpbWFnZSkKIAogaG9zdHByb2dzLSQo Q09ORklHX0VYWU5PUzUyNTApICs9IG1rZXh5bm9zc3BsCiBob3N0cHJvZ3MtJChDT05GSUdfRVhZ Tk9TNTQyMCkgKz0gbWtleHlub3NzcGwKZGlmZiAtLWdpdCBhL3Rvb2xzL2ZkdF9hZGRfcHVia2V5 LmMgYi90b29scy9mZHRfYWRkX3B1YmtleS5jCm5ldyBmaWxlIG1vZGUgMTAwNzU1CmluZGV4IDAw MDAwMDAwMDAuLjkzMDZlY2VkZDEKLS0tIC9kZXYvbnVsbAorKysgYi90b29scy9mZHRfYWRkX3B1 YmtleS5jCkBAIC0wLDAgKzEsOTcgQEAKKyNpbmNsdWRlIDxpbWFnZS5oPgorI2luY2x1ZGUgImZp dF9jb21tb24uaCIKKworc3RhdGljIGNvbnN0IGNoYXIgKmNtZG5hbWU7CisKK3N0YXRpYyBjb25z dCBjaGFyICphbGdvX25hbWUgPSAic2hhMSxyc2EyMDQ4IjsgLyogLWEgPGFsZ28+ICovCitzdGF0 aWMgY29uc3QgY2hhciAqa2V5ZGlyID0gIi4iOyAvKiAtayA8a2V5ZGlyPiAqLworc3RhdGljIGNv bnN0IGNoYXIgKmtleW5hbWUgPSAia2V5IjsgLyogLW4gPGtleW5hbWU+ICovCitzdGF0aWMgY29u c3QgY2hhciAqcmVxdWlyZV9rZXlzOyAvKiAtciA8Y29uZnxpbWFnZT4gKi8KK3N0YXRpYyBjb25z dCBjaGFyICprZXlkZXN0OyAvKiBhcmd2W25dICovCisKK3N0YXRpYyB2b2lkIHVzYWdlKGNvbnN0 IGNoYXIgKm1zZykKK3sKKwlmcHJpbnRmKHN0ZGVyciwgIkVycm9yOiAlc1xuIiwgbXNnKTsKKwlm cHJpbnRmKHN0ZGVyciwgIlVzYWdlOiAlcyBbLWEgPGFsZ28+XSBbLWsgPGtleWRpcj5dIFstbiA8 a2V5bmFtZT5dIFstciA8Y29uZnxpbWFnZT5dIDxmZHQgYmxvYj5cbiIsCisJCWNtZG5hbWUpOwor CWV4aXQoRVhJVF9GQUlMVVJFKTsKK30KKworc3RhdGljIHZvaWQgcHJvY2Vzc19hcmdzKGludCBh cmdjLCBjaGFyICphcmd2W10pCit7CisJaW50IG9wdDsKKworCXdoaWxlKChvcHQgPSBnZXRvcHQo YXJnYywgYXJndiwgImE6azpuOnI6IikpICE9IC0xKSB7CisJCXN3aXRjaCAob3B0KSB7CisJCWNh c2UgJ2snOgorCQkJa2V5ZGlyID0gb3B0YXJnOworCQkJYnJlYWs7CisJCWNhc2UgJ2EnOgorCQkJ YWxnb19uYW1lID0gb3B0YXJnOworCQkJYnJlYWs7CisJCWNhc2UgJ24nOgorCQkJa2V5bmFtZSA9 IG9wdGFyZzsKKwkJCWJyZWFrOworCQljYXNlICdyJzoKKwkJCXJlcXVpcmVfa2V5cyA9IG9wdGFy ZzsKKwkJCWJyZWFrOworCQlkZWZhdWx0OgorCQkJdXNhZ2UoIkludmFsaWQgb3B0aW9uIik7CisJ CX0KKwl9CisJLyogVGhlIGxhc3QgcGFyYW1ldGVyIGlzIGV4cGVjdGVkIHRvIGJlIHRoZSAuZHRi IHRvIGFkZCB0aGUgcHVibGljIGtleSB0byAqLworCWlmIChvcHRpbmQgPCBhcmdjKQorCQlrZXlk ZXN0ID0gYXJndltvcHRpbmRdOworCisJaWYgKCFrZXlkZXN0KQorCQl1c2FnZSgiTWlzc2luZyBk dGIgZmlsZSB0byB1cGRhdGUiKTsKK30KKworaW50IG1haW4oaW50IGFyZ2MsIGNoYXIgKmFyZ3Zb XSkKK3sKKwlzdHJ1Y3QgaW1hZ2Vfc2lnbl9pbmZvIGluZm87CisJaW50IGRlc3RmZCwgcmV0Owor CXZvaWQgKmRlc3RfYmxvYiA9IE5VTEw7CisJc3RydWN0IHN0YXQgZGVzdF9zYnVmOworCXNpemVf dCBzaXplX2luYyA9IDA7CisKKwljbWRuYW1lID0gYXJndlswXTsKKworCXByb2Nlc3NfYXJncyhh cmdjLCBhcmd2KTsKKworCW1lbXNldCgmaW5mbywgMCwgc2l6ZW9mKGluZm8pKTsKKworCWluZm8u a2V5ZGlyID0ga2V5ZGlyOworCWluZm8ua2V5bmFtZSA9IGtleW5hbWU7CisJaW5mby5uYW1lID0g YWxnb19uYW1lOworCWluZm8ucmVxdWlyZV9rZXlzID0gcmVxdWlyZV9rZXlzOworCWluZm8uY3J5 cHRvID0gaW1hZ2VfZ2V0X2NyeXB0b19hbGdvKGFsZ29fbmFtZSk7CisJaWYgKCFpbmZvLmNyeXB0 bykgeworICAgICAgICAgICAgICAgIGZwcmludGYoc3RkZXJyLCAiVW5zdXBwb3J0ZWQgc2lnbmF0 dXJlIGFsZ29yaXRobSAnJXMnXG4iLCBhbGdvX25hbWUpOworCQlleGl0KEVYSVRfRkFJTFVSRSk7 CisJfQorCisJd2hpbGUgKDEpIHsKKwkJZGVzdGZkID0gbW1hcF9mZHQoY21kbmFtZSwga2V5ZGVz dCwgc2l6ZV9pbmMsICZkZXN0X2Jsb2IsICZkZXN0X3NidWYsIGZhbHNlLCBmYWxzZSk7CisJCWlm IChkZXN0ZmQgPCAwKQorCQkJZXhpdChFWElUX0ZBSUxVUkUpOworCisJCXJldCA9IGluZm8uY3J5 cHRvLT5hZGRfdmVyaWZ5X2RhdGEoJmluZm8sIGRlc3RfYmxvYik7CisKKwkJbXVubWFwKGRlc3Rf YmxvYiwgZGVzdF9zYnVmLnN0X3NpemUpOworCQljbG9zZShkZXN0ZmQpOworCQlpZiAoIXJldCB8 fCByZXQgIT0gLUVOT1NQQykKKwkJCWJyZWFrOworCQlmcHJpbnRmKHN0ZGVyciwgIi5kdGIgdG9v IHNtYWxsLCBpbmNyZWFzaW5nIHNpemUgYnkgMTAyNCBieXRlc1xuIik7CisJCXNpemVfaW5jID0g MTAyNDsKKwl9CisKKwlpZiAocmV0KSB7CisJCWZwcmludGYoc3RkZXJyLCAiJXM6IENhbm5vdCBh ZGQgcHVibGljIGtleSB0byBGSVQgYmxvYjogJXNcbiIsCisJCQljbWRuYW1lLCBzdHJlcnJvcigt cmV0KSk7CisJCWV4aXQoRVhJVF9GQUlMVVJFKTsKKwl9CisKKwlleGl0KEVYSVRfU1VDQ0VTUyk7 Cit9CisKLS0gCjIuMjUuMQoK --_004_4e53c8b67276419aa7e90dd768db8347kasperskycom_ Content-Type: application/octet-stream; name="0002-test_vboot.py-include-test-of-fdt_add_pubkey-tool.patch" Content-Description: 0002-test_vboot.py-include-test-of-fdt_add_pubkey-tool.patch Content-Disposition: attachment; filename="0002-test_vboot.py-include-test-of-fdt_add_pubkey-tool.patch"; size=1810; creation-date="Fri, 06 Aug 2021 15:20:36 GMT"; modification-date="Fri, 06 Aug 2021 15:15:35 GMT" Content-Transfer-Encoding: base64 RnJvbSBjOWNlYzYzNTg2ZmJjZTFhNWY2NjVmZjIyYjljM2IwMWE0M2NmYmM0IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBSb21hbiBLb3B5dGluIDxSb21hbi5Lb3B5dGluQGthc3BlcnNr eS5jb20+CkRhdGU6IEZyaSwgNiBBdWcgMjAyMSAxNToyMzoxNiArMDMwMApTdWJqZWN0OiBbUEFU Q0ggMi8yXSB0ZXN0X3Zib290LnB5OiBpbmNsdWRlIHRlc3Qgb2YgZmR0X2FkZF9wdWJrZXkgdG9v bAoKU2lnbmVkLW9mZi1ieTogUm9tYW4gS29weXRpbiA8Um9tYW4uS29weXRpbkBrYXNwZXJza3ku Y29tPgpDYzogUmFzbXVzIFZpbGxlbW9lcyA8cmFzbXVzLnZpbGxlbW9lc0BwcmV2YXMuZGs+Ci0t LQogdGVzdC9weS90ZXN0cy90ZXN0X3Zib290LnB5IHwgOCArKysrKysrKwogMSBmaWxlIGNoYW5n ZWQsIDggaW5zZXJ0aW9ucygrKQoKZGlmZiAtLWdpdCBhL3Rlc3QvcHkvdGVzdHMvdGVzdF92Ym9v dC5weSBiL3Rlc3QvcHkvdGVzdHMvdGVzdF92Ym9vdC5weQppbmRleCA2ZGZmNjc3OWQxLi5jZjc0 MTZiMzlhIDEwMDY0NAotLS0gYS90ZXN0L3B5L3Rlc3RzL3Rlc3RfdmJvb3QucHkKKysrIGIvdGVz dC9weS90ZXN0cy90ZXN0X3Zib290LnB5CkBAIC0yMzAsNiArMjMwLDEzIEBAIGRlZiB0ZXN0X3Zi b290KHVfYm9vdF9jb25zb2xlLCBzaGFfYWxnbywgcGFkZGluZywgc2lnbl9vcHRpb25zLCByZXF1 aXJlZCwKICAgICAgICAgY29ucy5sb2cuYWN0aW9uKCclczogQ2hlY2sgc2lnbmVkIGNvbmZpZyBv biB0aGUgaG9zdCcgJSBzaGFfYWxnbykKIAogICAgICAgICB1dGlsLnJ1bl9hbmRfbG9nKGNvbnMs IFtmaXRfY2hlY2tfc2lnbiwgJy1mJywgZml0LCAnLWsnLCBkdGJdKQorICAgICAgICAKKyAgICAg ICAgIyBDcmVhdGUgYSBmcmVzaCAuZHRiIHdpdGhvdXQgdGhlIHB1YmxpYyBrZXlzCisgICAgICAg IGR0Yygnc2FuZGJveC11LWJvb3QuZHRzJykKKyAgICAgICAgIyBUaGVuIGFkZCB0aGUgZGV2IGtl eSB2aWEgdGhlIGZkdF9hZGRfcHVia2V5IHRvb2wKKyAgICAgICAgdXRpbC5ydW5fYW5kX2xvZyhj b25zLCBbZmR0X2FkZF9wdWJrZXksICctYScsICclcyxyc2EyMDQ4JyAlIHNoYV9hbGdvLAorICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnLWsnLCB0bXBkaXIsICctbicsICdkZXYnLCAn LXInLCAnY29uZicsIGR0Yl0pCisgICAgICAgIHV0aWwucnVuX2FuZF9sb2coY29ucywgW2ZpdF9j aGVja19zaWduLCAnLWYnLCBmaXQsICctaycsIGR0Yl0pCiAKICAgICAgICAgaWYgZnVsbF90ZXN0 OgogICAgICAgICAgICAgIyBNYWtlIHN1cmUgdGhhdCBVLUJvb3QgY2hlY2tzIHRoYXQgdGhlIGNv bmZpZyBpcyBpbiB0aGUgbGlzdCBvZgpAQCAtMzcwLDYgKzM3Nyw3IEBAIGRlZiB0ZXN0X3Zib290 KHVfYm9vdF9jb25zb2xlLCBzaGFfYWxnbywgcGFkZGluZywgc2lnbl9vcHRpb25zLCByZXF1aXJl ZCwKICAgICBmaXQgPSAnJXN0ZXN0LmZpdCcgJSB0bXBkaXIKICAgICBta2ltYWdlID0gY29ucy5j b25maWcuYnVpbGRfZGlyICsgJy90b29scy9ta2ltYWdlJwogICAgIGZpdF9jaGVja19zaWduID0g Y29ucy5jb25maWcuYnVpbGRfZGlyICsgJy90b29scy9maXRfY2hlY2tfc2lnbicKKyAgICBmZHRf YWRkX3B1YmtleSA9IGNvbnMuY29uZmlnLmJ1aWxkX2RpciArICcvdG9vbHMvZmR0X2FkZF9wdWJr ZXknCiAgICAgZHRjX2FyZ3MgPSAnLUkgZHRzIC1PIGR0YiAtaSAlcycgJSB0bXBkaXIKICAgICBk dGIgPSAnJXNzYW5kYm94LXUtYm9vdC5kdGInICUgdG1wZGlyCiAgICAgc2lnX25vZGUgPSAnL2Nv bmZpZ3VyYXRpb25zL2NvbmYtMS9zaWduYXR1cmUnCi0tIAoyLjI1LjEKCg== --_004_4e53c8b67276419aa7e90dd768db8347kasperskycom_--