mturney mturney has uploaded this change for review.
trogdor: support mbn_version 6 with python build scripts
Developer/Reviewer, be aware of this patch from Mistral:
https://review.coreboot.org/c/coreboot/+/33425/18
Change-Id: I020d1e4d4f5c948948e1b39dd18af1d0e860c279
Signed-off-by: T Michael Turney <mturney@codeaurora.org>
---
M util/qualcomm/createxbl.py
M util/qualcomm/mbn_tools.py
2 files changed, 90 insertions(+), 36 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/06/35506/1
diff --git a/util/qualcomm/createxbl.py b/util/qualcomm/createxbl.py
index 4a21854..769e9f1e 100755
--- a/util/qualcomm/createxbl.py
+++ b/util/qualcomm/createxbl.py
@@ -44,6 +44,7 @@
#
# when who what, where, why
# -------- --- ------------------------------------------------------
+# 05/21/19 rissha Added --mbn_version to add MBN header accordingly
# 03/26/18 tv Added -e to enable extended MBNV5 support
# 09/04/15 et Added -x and -d to embed xbl_sec ELF
# 02/11/15 ck Fixed missing elf type check in ZI OOB feature
@@ -119,6 +120,10 @@
help="Removes ZI segments that have addresses greater" + \
" than 32 bits when converting from a 64 to 32 bit ELF")
+ parser.add_option("--mbn_version",
+ action="store", type="int", dest="mbn_version",
+ help="Add mbn header in elf image. '3', '5' or '6'")
+
(options, args) = parser.parse_args()
if not options.elf_inp_file1:
@@ -206,11 +211,16 @@
else:
zi_oob_enabled = True
+ header_version = 3
+
if options.elf_inp_xbl_sec:
is_ext_mbn_v5 = True
+ header_version = 5
else:
is_ext_mbn_v5 = False
+ if options.mbn_version:
+ header_version = options.mbn_version
mbn_type = 'elf'
header_format = 'reg'
@@ -259,7 +269,7 @@
source_elf,
target_hash,
elf_out_file_name = target_phdr_elf,
- secure_type = image_header_secflag)
+ secure_type = image_header_secflag, header_version = header_version )
if rv:
raise RuntimeError, "Failed to run pboot_gen_elf"
@@ -270,7 +280,8 @@
target_hash_hd,
image_header_secflag,
is_ext_mbn_v5,
- elf_file_name = source_elf)
+ elf_file_name = source_elf,
+ header_version = header_version)
if rv:
raise RuntimeError, "Failed to create image header for hash segment"
diff --git a/util/qualcomm/mbn_tools.py b/util/qualcomm/mbn_tools.py
index 12dc210..079e02e 100755
--- a/util/qualcomm/mbn_tools.py
+++ b/util/qualcomm/mbn_tools.py
@@ -41,6 +41,7 @@
#
# when who what, where, why
# -------- --- ---------------------------------------------------------
+# 05/21/18 rissha Added support for extended MBNV6 and Add support for hashing elf segments with SHA384
# 03/22/18 thiru Added support for extended MBNV5.
# 06/06/13 yliong CR 497042: Signed and encrypted image is corrupted. MRC features.
# 03/18/13 dhaval Add support for hashing elf segments with SHA256 and
@@ -64,23 +65,24 @@
#----------------------------------------------------------------------------
# GLOBAL VARIABLES BEGIN
#----------------------------------------------------------------------------
-PAD_BYTE_1 = 255 # Padding byte 1s
-PAD_BYTE_0 = 0 # Padding byte 0s
-SHA256_SIGNATURE_SIZE = 256 # Support SHA256
-MAX_NUM_ROOT_CERTS = 4 # Maximum number of OEM root certificates
-MI_BOOT_IMG_HDR_SIZE = 40 # sizeof(mi_boot_image_header_type)
-MI_BOOT_SBL_HDR_SIZE = 80 # sizeof(sbl_header)
-BOOT_HEADER_LENGTH = 20 # Boot Header Number of Elements
-SBL_HEADER_LENGTH = 20 # SBL Header Number of Elements
-FLASH_PARTI_VERSION = 3 # Flash Partition Version Number
-MAX_PHDR_COUNT = 100 # Maximum allowable program headers
-CERT_CHAIN_ONEROOT_MAXSIZE = 6*1024 # Default Cert Chain Max Size for one root
-VIRTUAL_BLOCK_SIZE = 131072 # Virtual block size for MCs insertion in SBL1 if ENABLE_VIRTUAL_BLK ON
-MAGIC_COOKIE_LENGTH = 12 # Length of magic Cookie inserted per VIRTUAL_BLOCK_SIZE
-MIN_IMAGE_SIZE_WITH_PAD = 256*1024 # Minimum image size for sbl1 Nand based OTA feature
+PAD_BYTE_1 = 255 # Padding byte 1s
+PAD_BYTE_0 = 0 # Padding byte 0s
+SHA256_SIGNATURE_SIZE = 256 # Support SHA256
+MAX_NUM_ROOT_CERTS = 4 # Maximum number of OEM root certificates
+MBN_HEADER_VERSION_3 = 3 # Mbn header_version 3
+MBN_HEADER_VERSION_5 = 5 # Mbn header_version 5
+MBN_HEADER_VERSION_6 = 6 # Mbn header_version 6
+MI_BOOT_SBL_HDR_SIZE = 80 # sizeof(sbl_header)
+BOOT_HEADER_LENGTH = 20 # Boot Header Number of Elements
+SBL_HEADER_LENGTH = 20 # SBL Header Number of Elements
+MAX_PHDR_COUNT = 100 # Maximum allowable program headers
+CERT_CHAIN_ONEROOT_MAXSIZE = 6*1024 # Default Cert Chain Max Size for one root
+VIRTUAL_BLOCK_SIZE = 131072 # Virtual block size for MCs insertion in SBL1 if ENABLE_VIRTUAL_BLK ON
+MAGIC_COOKIE_LENGTH = 12 # Length of magic Cookie inserted per VIRTUAL_BLOCK_SIZE
+MIN_IMAGE_SIZE_WITH_PAD = 256*1024 # Minimum image size for sbl1 Nand based OTA feature
-SBL_AARCH64 = 0xF # Indicate that SBL is a Aarch64 image
-SBL_AARCH32 = 0x0 # Indicate that SBL is a Aarch32 image
+SBL_AARCH64 = 0xF # Indicate that SBL is a Aarch64 image
+SBL_AARCH32 = 0x0 # Indicate that SBL is a Aarch32 image
# Magic numbers filled in for boot headers
FLASH_CODE_WORD = 0x844BDCD1
@@ -528,7 +530,7 @@
class Boot_Hdr:
def __init__(self, init_val):
self.image_id = ImageType.NONE_IMG
- self.flash_parti_ver = FLASH_PARTI_VERSION
+ self.flash_parti_ver = MBN_HEADER_VERSION_3
self.image_src = init_val
self.image_dest_ptr = init_val
self.image_size = init_val
@@ -573,6 +575,10 @@
self.reserved_2,
self.reserved_3 ]
+ if self.flash_parti_ver == MBN_HEADER_VERSION_6:
+ values.insert(10, self.metadata_size_qti)
+ values.insert(11, self.metadata_size)
+
if self.image_dest_ptr >= 0x100000000:
values[3] = 0xFFFFFFFF
@@ -584,8 +590,12 @@
# Write 10 entries(40B) or 20 entries(80B) of boot header
if write_full_hdr is False:
- s = struct.Struct('I'* 10)
- values = values[:10]
+ if self.flash_parti_ver == MBN_HEADER_VERSION_6:
+ s = struct.Struct('I'* 12)
+ values = values[:12]
+ else:
+ s = struct.Struct('I'* 10)
+ values = values[:10]
else:
s = struct.Struct('I' * self.getLength())
@@ -912,7 +922,8 @@
write_full_hdr = False,
in_code_size = None,
cert_chain_size_in = CERT_CHAIN_ONEROOT_MAXSIZE,
- num_of_pages = None):
+ num_of_pages = None,
+ header_version = None):
# Preliminary checks
if (requires_preamble is True) and (preamble_file_name is None):
@@ -945,9 +956,12 @@
cert_chain_size = 0
image_size = code_size
+ if header_version:
+ assert header_version in [MBN_HEADER_VERSION_3, MBN_HEADER_VERSION_5, MBN_HEADER_VERSION_6], 'Not a valid MBN header version'
+
# For ELF or hashed images, image destination will be determined from an ELF input file
if gen_dict['IMAGE_KEY_MBN_TYPE'] == 'elf':
- image_dest = get_hash_address(elf_file_name) + MI_BOOT_IMG_HDR_SIZE
+ image_dest = get_hash_address(elf_file_name) + (header_size(header_version))
elif gen_dict['IMAGE_KEY_MBN_TYPE'] == 'bin':
image_dest = gen_dict['IMAGE_KEY_IMAGE_DEST']
image_source = gen_dict['IMAGE_KEY_IMAGE_SOURCE']
@@ -993,10 +1007,17 @@
boot_header.cert_chain_size = cert_chain_size
if is_ext_mbn_v5 == True:
- # If platform image integrity check is enabled
- boot_header.flash_parti_ver = 5 # version
- boot_header.image_src = 0 # sig_size_qc
- boot_header.image_dest_ptr = 0 # cert_chain_size_qc
+ # If platform image integrity check is enabled
+ boot_header.flash_parti_ver = MBN_HEADER_VERSION_5 # version
+ boot_header.image_src = 0 # sig_size_qc
+ boot_header.image_dest_ptr = 0 # cert_chain_size_qc
+
+ if header_version == MBN_HEADER_VERSION_6:
+ boot_header.flash_parti_ver = MBN_HEADER_VERSION_6 # version
+ boot_header.image_src = 0 # sig_size_qc
+ boot_header.image_dest_ptr = 0 # cert_chain_size_qc
+ boot_header.metadata_size_qti = 0 # qti_metadata size
+ boot_header.metadata_size = 0 # oem_metadata size
# If preamble is required, output the preamble file and update the boot_header
if requires_preamble is True:
@@ -1021,9 +1042,20 @@
last_phys_addr = None,
append_xml_hdr = False,
is_sha256_algo = True,
- cert_chain_size_in = CERT_CHAIN_ONEROOT_MAXSIZE):
+ cert_chain_size_in = CERT_CHAIN_ONEROOT_MAXSIZE,
+ header_version = None):
+ sha_algo = 'SHA1'
+ if is_sha256_algo:
+ sha_algo = 'SHA256'
+
+ if header_version == MBN_HEADER_VERSION_6:
+ sha_algo = 'SHA384'
global MI_PROG_BOOT_DIGEST_SIZE
- if (is_sha256_algo is True):
+ image_header_size = header_size(header_version)
+
+ if (sha_algo == 'SHA384'):
+ MI_PROG_BOOT_DIGEST_SIZE = 48
+ elif sha_algo == 'SHA256':
MI_PROG_BOOT_DIGEST_SIZE = 32
else:
MI_PROG_BOOT_DIGEST_SIZE = 20
@@ -1110,7 +1142,7 @@
fbuf = elf_in_fp.read(hash_size)
if MI_PBT_CHECK_FLAG_TYPE(curr_phdr.p_flags) is True:
- hash = generate_hash(fbuf, is_sha256_algo)
+ hash = generate_hash(fbuf, sha_algo)
else:
hash = '\0' * MI_PROG_BOOT_DIGEST_SIZE
@@ -1129,7 +1161,7 @@
file_buff = elf_in_fp.read(data_len)
if (MI_PBT_CHECK_FLAG_TYPE(curr_phdr.p_flags) is True) and (data_len > 0):
- hash = generate_hash(file_buff, is_sha256_algo)
+ hash = generate_hash(file_buff, sha_algo)
else:
hash = '\0' * MI_PROG_BOOT_DIGEST_SIZE
@@ -1151,7 +1183,7 @@
# Initialize the hash table program header
[hash_Phdr, pad_hash_segment, hash_tbl_end_addr, hash_tbl_offset] = \
- initialize_hash_phdr(elf_in_file_name, hashtable_size, MI_BOOT_IMG_HDR_SIZE, ELF_BLOCK_ALIGN, is_elf64)
+ initialize_hash_phdr(elf_in_file_name, hashtable_size, image_header_size, ELF_BLOCK_ALIGN, is_elf64)
# Check if hash segment max size parameter was passed
if (hash_seg_max_size is not None):
@@ -1252,7 +1284,7 @@
# Read the program header and compute hash
proghdr_buff = elf_out_fp.read(elf_header.e_phnum * phdr_size)
- hash = generate_hash(elfhdr_buff + proghdr_buff, is_sha256_algo)
+ hash = generate_hash(elfhdr_buff + proghdr_buff, sha_algo)
# Write hash to file as first hash table entry
hash_out_fp.seek(0)
@@ -1592,7 +1624,7 @@
page = page + elf_in_fp.read(bytes_in_page - len(page))
if (len(page) < DP_PAGE_SIZE):
page = page + (struct.pack('b', 0) * (DP_PAGE_SIZE - len(page)))
- hashes = hashes + [generate_hash(page, True)]
+ hashes = hashes + [generate_hash(page, 'SHA256')]
bytes_left -= bytes_in_page
# And write them to the hash segment
@@ -2101,9 +2133,20 @@
#----------------------------------------------------------------------------
# sha1/sha256 hash routine wrapper
#----------------------------------------------------------------------------
-def generate_hash(in_buf, is_sha256_algo):
+def header_size(header_version):
+ if header_version == MBN_HEADER_VERSION_6:
+ return 48
+ else:
+ return 40
+
+#----------------------------------------------------------------------------
+# sha1/sha256 hash routine wrapper
+#----------------------------------------------------------------------------
+def generate_hash(in_buf, sha_algo):
# Initialize a SHA1 object from the Python hash library
- if (is_sha256_algo is True):
+ if sha_algo == 'SHA384':
+ m = hashlib.sha384()
+ elif sha_algo == 'SHA256':
m = hashlib.sha256()
else:
m = hashlib.sha1()
To view, visit change 35506. To unsubscribe, or for help writing mail filters, visit settings.