[coreboot-gerrit] Change in coreboot[master]: trogdor: support mbn_version 6 with python build scripts

20 Sep 2019

mturney mturney has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/35506 )
Change subject: trogdor: support mbn_version 6 with python build scripts
......................................................................
trogdor: support mbn_version 6 with python build scripts
Developer/Reviewer, be aware of this patch from Mistral:
 https://review.coreboot.org/c/coreboot/+/33425/18
Change-Id: I020d1e4d4f5c948948e1b39dd18af1d0e860c279
Signed-off-by: T Michael Turney mturney@codeaurora.org
---
M util/qualcomm/createxbl.py
M util/qualcomm/mbn_tools.py
2 files changed, 90 insertions(+), 36 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/06/35506/1

diff --git a/util/qualcomm/createxbl.py b/util/qualcomm/createxbl.py
index 4a21854..769e9f1e 100755
--- a/util/qualcomm/createxbl.py
+++ b/util/qualcomm/createxbl.py
@@ -44,6 +44,7 @@
 #
 # when       who       what, where, why
 # --------   ---       ------------------------------------------------------
+# 05/21/19   rissha    Added --mbn_version to add MBN header accordingly
 # 03/26/18   tv        Added -e to enable extended MBNV5 support
 # 09/04/15   et        Added -x and -d to embed xbl_sec ELF
 # 02/11/15   ck        Fixed missing elf type check in ZI OOB feature
@@ -119,6 +120,10 @@
                     help="Removes ZI segments that have addresses greater" + \
                          " than 32 bits when converting from a 64 to 32 bit ELF")
+  parser.add_option("--mbn_version",
+                    action="store", type="int", dest="mbn_version",
+                    help="Add mbn header in elf image. '3', '5' or '6'")
+
(options, args) = parser.parse_args()
   if not options.elf_inp_file1:
@@ -206,11 +211,16 @@
   else:
     zi_oob_enabled = True
+  header_version = 3
+
   if options.elf_inp_xbl_sec:
     is_ext_mbn_v5 = True
+    header_version = 5
   else:
     is_ext_mbn_v5 = False
+  if options.mbn_version:
+    header_version = options.mbn_version
mbn_type = 'elf'
   header_format = 'reg'
@@ -259,7 +269,7 @@
                                  source_elf,
    			 target_hash,
                                  elf_out_file_name = target_phdr_elf,
-                                 secure_type = image_header_secflag)
+                                 secure_type = image_header_secflag, header_version = header_version )
     if rv:
        raise RuntimeError, "Failed to run pboot_gen_elf"
@@ -270,7 +280,8 @@
    			target_hash_hd,
                          	image_header_secflag,
    			is_ext_mbn_v5,
-				elf_file_name = source_elf)
+				elf_file_name = source_elf,
+				header_version = header_version)
     if rv:
        raise RuntimeError, "Failed to create image header for hash segment"
diff --git a/util/qualcomm/mbn_tools.py b/util/qualcomm/mbn_tools.py
index 12dc210..079e02e 100755
--- a/util/qualcomm/mbn_tools.py
+++ b/util/qualcomm/mbn_tools.py
@@ -41,6 +41,7 @@
 #
 # when       who     what, where, why
 # --------   ---     ---------------------------------------------------------
+# 05/21/18   rissha  Added support for extended MBNV6 and Add support for hashing elf segments with SHA384
 # 03/22/18   thiru   Added support for extended MBNV5.
 # 06/06/13   yliong  CR 497042: Signed and encrypted image is corrupted. MRC features.
 # 03/18/13   dhaval  Add support for hashing elf segments with SHA256 and
@@ -64,23 +65,24 @@
 #----------------------------------------------------------------------------
 # GLOBAL VARIABLES BEGIN
 #----------------------------------------------------------------------------
-PAD_BYTE_1                = 255             # Padding byte 1s
-PAD_BYTE_0                = 0               # Padding byte 0s
-SHA256_SIGNATURE_SIZE     = 256             # Support SHA256
-MAX_NUM_ROOT_CERTS        = 4               # Maximum number of OEM root certificates
-MI_BOOT_IMG_HDR_SIZE      = 40              # sizeof(mi_boot_image_header_type)
-MI_BOOT_SBL_HDR_SIZE      = 80              # sizeof(sbl_header)
-BOOT_HEADER_LENGTH        = 20              # Boot Header Number of Elements
-SBL_HEADER_LENGTH         = 20              # SBL Header Number of Elements
-FLASH_PARTI_VERSION       = 3               # Flash Partition Version Number
-MAX_PHDR_COUNT            = 100             # Maximum allowable program headers
-CERT_CHAIN_ONEROOT_MAXSIZE = 6*1024          # Default Cert Chain Max Size for one root
-VIRTUAL_BLOCK_SIZE        = 131072          # Virtual block size for MCs insertion in SBL1 if ENABLE_VIRTUAL_BLK ON
-MAGIC_COOKIE_LENGTH       = 12              # Length of magic Cookie inserted per VIRTUAL_BLOCK_SIZE
-MIN_IMAGE_SIZE_WITH_PAD   = 256*1024        # Minimum image size for sbl1 Nand based OTA feature
+PAD_BYTE_1                  = 255           # Padding byte 1s
+PAD_BYTE_0                  = 0             # Padding byte 0s
+SHA256_SIGNATURE_SIZE       = 256           # Support SHA256
+MAX_NUM_ROOT_CERTS          = 4             # Maximum number of OEM root certificates
+MBN_HEADER_VERSION_3        = 3             # Mbn header_version 3
+MBN_HEADER_VERSION_5        = 5             # Mbn header_version 5
+MBN_HEADER_VERSION_6        = 6             # Mbn header_version 6
+MI_BOOT_SBL_HDR_SIZE        = 80            # sizeof(sbl_header)
+BOOT_HEADER_LENGTH          = 20            # Boot Header Number of Elements
+SBL_HEADER_LENGTH           = 20            # SBL Header Number of Elements
+MAX_PHDR_COUNT              = 100           # Maximum allowable program headers
+CERT_CHAIN_ONEROOT_MAXSIZE  = 6*1024        # Default Cert Chain Max Size for one root
+VIRTUAL_BLOCK_SIZE          = 131072        # Virtual block size for MCs insertion in SBL1 if ENABLE_VIRTUAL_BLK ON
+MAGIC_COOKIE_LENGTH         = 12            # Length of magic Cookie inserted per VIRTUAL_BLOCK_SIZE
+MIN_IMAGE_SIZE_WITH_PAD     = 256*1024      # Minimum image size for sbl1 Nand based OTA feature
-SBL_AARCH64               = 0xF             # Indicate that SBL is a Aarch64 image
-SBL_AARCH32               = 0x0             # Indicate that SBL is a Aarch32 image
+SBL_AARCH64                 = 0xF           # Indicate that SBL is a Aarch64 image
+SBL_AARCH32                 = 0x0           # Indicate that SBL is a Aarch32 image
# Magic numbers filled in for boot headers
 FLASH_CODE_WORD                       = 0x844BDCD1
@@ -528,7 +530,7 @@
 class Boot_Hdr:
    def __init__(self, init_val):
       self.image_id = ImageType.NONE_IMG
-      self.flash_parti_ver = FLASH_PARTI_VERSION
+      self.flash_parti_ver = MBN_HEADER_VERSION_3
       self.image_src = init_val
       self.image_dest_ptr = init_val
       self.image_size = init_val
@@ -573,6 +575,10 @@
                 self.reserved_2,
                 self.reserved_3 ]
+      if self.flash_parti_ver == MBN_HEADER_VERSION_6:
+        values.insert(10, self.metadata_size_qti)
+        values.insert(11, self.metadata_size)
+
       if self.image_dest_ptr >= 0x100000000:
         values[3] = 0xFFFFFFFF
@@ -584,8 +590,12 @@
# Write 10 entries(40B) or 20 entries(80B) of boot header
       if write_full_hdr is False:
-         s = struct.Struct('I'* 10)
-         values = values[:10]
+         if self.flash_parti_ver == MBN_HEADER_VERSION_6:
+            s = struct.Struct('I'* 12)
+            values = values[:12]
+         else:
+            s = struct.Struct('I'* 10)
+            values = values[:10]
       else:
          s = struct.Struct('I' * self.getLength())
@@ -912,7 +922,8 @@
                       write_full_hdr = False,
                       in_code_size = None,
                       cert_chain_size_in = CERT_CHAIN_ONEROOT_MAXSIZE,
-                      num_of_pages = None):
+                      num_of_pages = None,
+                      header_version = None):
# Preliminary checks
    if (requires_preamble is True) and (preamble_file_name is None):
@@ -945,9 +956,12 @@
       cert_chain_size = 0
       image_size = code_size
+   if header_version:
+      assert header_version in [MBN_HEADER_VERSION_3, MBN_HEADER_VERSION_5, MBN_HEADER_VERSION_6], 'Not a valid MBN header version'
+
    # For ELF or hashed images, image destination will be determined from an ELF input file
    if gen_dict['IMAGE_KEY_MBN_TYPE'] == 'elf':
-      image_dest = get_hash_address(elf_file_name) + MI_BOOT_IMG_HDR_SIZE
+      image_dest = get_hash_address(elf_file_name) + (header_size(header_version))
    elif gen_dict['IMAGE_KEY_MBN_TYPE'] == 'bin':
       image_dest = gen_dict['IMAGE_KEY_IMAGE_DEST']
       image_source = gen_dict['IMAGE_KEY_IMAGE_SOURCE']
@@ -993,10 +1007,17 @@
       boot_header.cert_chain_size = cert_chain_size
if is_ext_mbn_v5 == True:
-      	# If platform image integrity check is enabled
-	boot_header.flash_parti_ver = 5   # version
-	boot_header.image_src = 0         # sig_size_qc
-	boot_header.image_dest_ptr = 0    # cert_chain_size_qc
+      # If platform image integrity check is enabled
+         boot_header.flash_parti_ver = MBN_HEADER_VERSION_5   # version
+         boot_header.image_src = 0                            # sig_size_qc
+         boot_header.image_dest_ptr = 0                       # cert_chain_size_qc
+
+      if header_version == MBN_HEADER_VERSION_6:
+         boot_header.flash_parti_ver = MBN_HEADER_VERSION_6   # version
+         boot_header.image_src = 0                            # sig_size_qc
+         boot_header.image_dest_ptr = 0                       # cert_chain_size_qc
+         boot_header.metadata_size_qti = 0                    # qti_metadata size
+         boot_header.metadata_size = 0                        # oem_metadata size
# If preamble is required, output the preamble file and update the boot_header
       if requires_preamble is True:
@@ -1021,9 +1042,20 @@
                        last_phys_addr = None,
                        append_xml_hdr = False,
                        is_sha256_algo = True,
-                       cert_chain_size_in = CERT_CHAIN_ONEROOT_MAXSIZE):
+                       cert_chain_size_in = CERT_CHAIN_ONEROOT_MAXSIZE,
+                       header_version = None):
+   sha_algo = 'SHA1'
+   if is_sha256_algo:
+       sha_algo = 'SHA256'
+
+   if header_version == MBN_HEADER_VERSION_6:
+       sha_algo = 'SHA384'
    global MI_PROG_BOOT_DIGEST_SIZE
-   if (is_sha256_algo is True):
+   image_header_size = header_size(header_version)
+
+   if (sha_algo == 'SHA384'):
+      MI_PROG_BOOT_DIGEST_SIZE = 48
+   elif sha_algo == 'SHA256':
       MI_PROG_BOOT_DIGEST_SIZE = 32
    else:
       MI_PROG_BOOT_DIGEST_SIZE = 20
@@ -1110,7 +1142,7 @@
             fbuf = elf_in_fp.read(hash_size)
if MI_PBT_CHECK_FLAG_TYPE(curr_phdr.p_flags) is True:
-               hash = generate_hash(fbuf, is_sha256_algo)
+               hash = generate_hash(fbuf, sha_algo)
             else:
                hash = '\0' * MI_PROG_BOOT_DIGEST_SIZE
@@ -1129,7 +1161,7 @@
          file_buff = elf_in_fp.read(data_len)
if (MI_PBT_CHECK_FLAG_TYPE(curr_phdr.p_flags) is True) and (data_len > 0):
-            hash = generate_hash(file_buff, is_sha256_algo)
+            hash = generate_hash(file_buff, sha_algo)
          else:
             hash = '\0' *  MI_PROG_BOOT_DIGEST_SIZE
@@ -1151,7 +1183,7 @@
# Initialize the hash table program header
      [hash_Phdr, pad_hash_segment, hash_tbl_end_addr, hash_tbl_offset] = \
-          initialize_hash_phdr(elf_in_file_name, hashtable_size, MI_BOOT_IMG_HDR_SIZE, ELF_BLOCK_ALIGN, is_elf64)
+            initialize_hash_phdr(elf_in_file_name, hashtable_size, image_header_size, ELF_BLOCK_ALIGN, is_elf64)
# Check if hash segment max size parameter was passed
      if (hash_seg_max_size is not None):
@@ -1252,7 +1284,7 @@
      # Read the program header and compute hash
      proghdr_buff = elf_out_fp.read(elf_header.e_phnum * phdr_size)
-     hash = generate_hash(elfhdr_buff + proghdr_buff, is_sha256_algo)
+     hash = generate_hash(elfhdr_buff + proghdr_buff, sha_algo)
# Write hash to file as first hash table entry
      hash_out_fp.seek(0)
@@ -1592,7 +1624,7 @@
          page = page + elf_in_fp.read(bytes_in_page - len(page))
       if (len(page) < DP_PAGE_SIZE):
          page = page + (struct.pack('b', 0) * (DP_PAGE_SIZE - len(page)))
-      hashes = hashes + [generate_hash(page, True)]
+      hashes = hashes + [generate_hash(page, 'SHA256')]
       bytes_left -= bytes_in_page
# And write them to the hash segment
@@ -2101,9 +2133,20 @@
 #----------------------------------------------------------------------------
 # sha1/sha256 hash routine wrapper
 #----------------------------------------------------------------------------
-def generate_hash(in_buf, is_sha256_algo):
+def header_size(header_version):
+    if header_version == MBN_HEADER_VERSION_6:
+        return 48
+    else:
+        return 40
+
+#----------------------------------------------------------------------------
+# sha1/sha256 hash routine wrapper
+#----------------------------------------------------------------------------
+def generate_hash(in_buf, sha_algo):
    # Initialize a SHA1 object from the Python hash library
-   if (is_sha256_algo is True):
+   if sha_algo == 'SHA384':
+      m = hashlib.sha384()
+   elif sha_algo == 'SHA256':
       m = hashlib.sha256()
    else:
       m = hashlib.sha1()
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/35506
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I020d1e4d4f5c948948e1b39dd18af1d0e860c279
Gerrit-Change-Number: 35506
Gerrit-PatchSet: 1
Gerrit-Owner: mturney mturney mturney@codeaurora.org
Gerrit-MessageType: newchange



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: trogdor: support mbn_version 6 with python build scripts