Nitheesh Sekar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/33425
Change subject: qcs405: Add support for specifying mbn_version ......................................................................
qcs405: Add support for specifying mbn_version
Change-Id: Ic6e269e0f290692871875000586410217c25fc08 Signed-off-by: Nitheesh Sekar nsekar@codeaurora.org --- M src/soc/qualcomm/qcs405/Makefile.inc M util/qualcomm/createxbl.py M util/qualcomm/mbn_tools.py 3 files changed, 62 insertions(+), 27 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/25/33425/1
diff --git a/src/soc/qualcomm/qcs405/Makefile.inc b/src/soc/qualcomm/qcs405/Makefile.inc index cf8268b..4faaffc 100644 --- a/src/soc/qualcomm/qcs405/Makefile.inc +++ b/src/soc/qualcomm/qcs405/Makefile.inc @@ -126,18 +126,12 @@ qc_sec_file := $(shell ls $(QC_SEC_FILE)) ifneq (,$(findstring $(QC_SEC_FILE),$(qc_sec_file))) $(objcbfs)/bootblock.bin: $(objcbfs)/bootblock.elf - python util/qualcomm/createxbl.py -f $(objcbfs)/bootblock.elf \ + python util/qualcomm/createxbl.py --mbn_version 6 -f $(objcbfs)/bootblock.elf \ -x $(QC_SEC_FILE) -o $(objcbfs)/merged_bb_qcsec.mbn \ -a 64 -d 32 -c 32 -ifeq ($(CONFIG_QC_FLASH_SIMULATE_SDCARD),y) - @printf "\nqgpt.py 512 sector size\n" - python util/qualcomm/qgpt.py -s 512 $(objcbfs)/merged_bb_qcsec.mbn \ - $(objcbfs)/bootblock.bin -else @printf "\nqgpt.py 4K sector size\n" python util/qualcomm/qgpt.py $(objcbfs)/merged_bb_qcsec.mbn \ $(objcbfs)/bootblock.bin -endif
else $(objcbfs)/bootblock.bin: $(objcbfs)/bootblock.raw.bin diff --git a/util/qualcomm/createxbl.py b/util/qualcomm/createxbl.py index 4a21854..ad5934d 100755 --- a/util/qualcomm/createxbl.py +++ b/util/qualcomm/createxbl.py @@ -44,6 +44,7 @@ # # when who what, where, why # -------- --- ------------------------------------------------------ +# 05/21/19 rissha Added --mbn_version to add MBN header accordingly # 03/26/18 tv Added -e to enable extended MBNV5 support # 09/04/15 et Added -x and -d to embed xbl_sec ELF # 02/11/15 ck Fixed missing elf type check in ZI OOB feature @@ -119,6 +120,10 @@ help="Removes ZI segments that have addresses greater" + \ " than 32 bits when converting from a 64 to 32 bit ELF")
+ parser.add_option("--mbn_version", + action="store", type="int", dest="mbn_version", + help="Add mbn header in elf image. '5' or '6'") +
(options, args) = parser.parse_args() if not options.elf_inp_file1: @@ -206,11 +211,16 @@ else: zi_oob_enabled = True
- if options.elf_inp_xbl_sec: + header_version = None + + if options.elf_inp_xbl_sec or options.mbn_version == 5: is_ext_mbn_v5 = True + header_version = 5 else: is_ext_mbn_v5 = False
+ if options.mbn_version: + header_version = options.mbn_version
mbn_type = 'elf' header_format = 'reg' @@ -259,7 +269,7 @@ source_elf, target_hash, elf_out_file_name = target_phdr_elf, - secure_type = image_header_secflag) + secure_type = image_header_secflag, header_version = header_version ) if rv: raise RuntimeError, "Failed to run pboot_gen_elf"
@@ -270,7 +280,8 @@ target_hash_hd, image_header_secflag, is_ext_mbn_v5, - elf_file_name = source_elf) + elf_file_name = source_elf, + header_version = header_version) if rv: raise RuntimeError, "Failed to create image header for hash segment"
diff --git a/util/qualcomm/mbn_tools.py b/util/qualcomm/mbn_tools.py index 12dc210..c702f96 100755 --- a/util/qualcomm/mbn_tools.py +++ b/util/qualcomm/mbn_tools.py @@ -41,6 +41,7 @@ # # when who what, where, why # -------- --- --------------------------------------------------------- +# 05/21/18 rissha Added support for extended MBNV6 and Add support for hashing elf segments with SHA384 # 03/22/18 thiru Added support for extended MBNV5. # 06/06/13 yliong CR 497042: Signed and encrypted image is corrupted. MRC features. # 03/18/13 dhaval Add support for hashing elf segments with SHA256 and @@ -69,6 +70,7 @@ SHA256_SIGNATURE_SIZE = 256 # Support SHA256 MAX_NUM_ROOT_CERTS = 4 # Maximum number of OEM root certificates MI_BOOT_IMG_HDR_SIZE = 40 # sizeof(mi_boot_image_header_type) +MI_BOOT_IMG_HDR_SIZE_v6 = 48 # sizeof(mi_boot_image_header_type) for v6 header MI_BOOT_SBL_HDR_SIZE = 80 # sizeof(sbl_header) BOOT_HEADER_LENGTH = 20 # Boot Header Number of Elements SBL_HEADER_LENGTH = 20 # SBL Header Number of Elements @@ -551,7 +553,7 @@ def getLength(self): return BOOT_HEADER_LENGTH
- def writePackedData(self, target, write_full_hdr): + def writePackedData(self, target, write_full_hdr, header_version = None): values = [self.image_id, self.flash_parti_ver, self.image_src, @@ -573,6 +575,10 @@ self.reserved_2, self.reserved_3 ]
+ if header_version == 6: + values.insert(10, self.metadata_size_qti) + values.insert(11, self.metadata_size) + if self.image_dest_ptr >= 0x100000000: values[3] = 0xFFFFFFFF
@@ -584,8 +590,12 @@
# Write 10 entries(40B) or 20 entries(80B) of boot header if write_full_hdr is False: - s = struct.Struct('I'* 10) - values = values[:10] + if header_version == 6: + s = struct.Struct('I'* 12) + values = values[:12] + else: + s = struct.Struct('I'* 10) + values = values[:10] else: s = struct.Struct('I' * self.getLength())
@@ -912,7 +922,8 @@ write_full_hdr = False, in_code_size = None, cert_chain_size_in = CERT_CHAIN_ONEROOT_MAXSIZE, - num_of_pages = None): + num_of_pages = None, + header_version = None):
# Preliminary checks if (requires_preamble is True) and (preamble_file_name is None): @@ -947,7 +958,7 @@
# For ELF or hashed images, image destination will be determined from an ELF input file if gen_dict['IMAGE_KEY_MBN_TYPE'] == 'elf': - image_dest = get_hash_address(elf_file_name) + MI_BOOT_IMG_HDR_SIZE + image_dest = get_hash_address(elf_file_name) + (MI_BOOT_IMG_HDR_SIZE_v6 if header_version == 6 else MI_BOOT_IMG_HDR_SIZE) elif gen_dict['IMAGE_KEY_MBN_TYPE'] == 'bin': image_dest = gen_dict['IMAGE_KEY_IMAGE_DEST'] image_source = gen_dict['IMAGE_KEY_IMAGE_SOURCE'] @@ -993,17 +1004,24 @@ boot_header.cert_chain_size = cert_chain_size
if is_ext_mbn_v5 == True: - # If platform image integrity check is enabled - boot_header.flash_parti_ver = 5 # version - boot_header.image_src = 0 # sig_size_qc - boot_header.image_dest_ptr = 0 # cert_chain_size_qc + # If platform image integrity check is enabled + boot_header.flash_parti_ver = 5 # version + boot_header.image_src = 0 # sig_size_qc + boot_header.image_dest_ptr = 0 # cert_chain_size_qc + + if header_version == 6: + boot_header.flash_parti_ver = 6 # version + boot_header.image_src = 0 # sig_size_qc + boot_header.image_dest_ptr =0 # cert_chain_size_qc + boot_header.metadata_size_qti = 0 # qti_metadata size + boot_header.metadata_size = 0 # oem_metadata size
# If preamble is required, output the preamble file and update the boot_header if requires_preamble is True: boot_header = image_preamble(gen_dict, preamble_file_name, boot_header, num_of_pages)
# Package up the header and write to output file - boot_header.writePackedData(target = output_file_name, write_full_hdr = write_full_hdr) + boot_header.writePackedData(target = output_file_name, write_full_hdr = write_full_hdr, header_version = header_version)
else: raise RuntimeError, "Header format not supported: " + str(header_format) @@ -1021,13 +1039,23 @@ last_phys_addr = None, append_xml_hdr = False, is_sha256_algo = True, - cert_chain_size_in = CERT_CHAIN_ONEROOT_MAXSIZE): + cert_chain_size_in = CERT_CHAIN_ONEROOT_MAXSIZE, + header_version = None): + is_sha384_algo = False + if header_version == 6: + is_sha384_algo = True global MI_PROG_BOOT_DIGEST_SIZE + image_header_size = MI_BOOT_IMG_HDR_SIZE + if (is_sha256_algo is True): MI_PROG_BOOT_DIGEST_SIZE = 32 else: MI_PROG_BOOT_DIGEST_SIZE = 20
+ if is_sha384_algo: + MI_PROG_BOOT_DIGEST_SIZE = 48 + image_header_size = MI_BOOT_IMG_HDR_SIZE_v6 + # Open Files elf_in_fp = OPEN(elf_in_file_name, "rb") hash_out_fp = OPEN(hash_out_file_name, "wb+") @@ -1110,7 +1138,7 @@ fbuf = elf_in_fp.read(hash_size)
if MI_PBT_CHECK_FLAG_TYPE(curr_phdr.p_flags) is True: - hash = generate_hash(fbuf, is_sha256_algo) + hash = generate_hash(fbuf, is_sha256_algo, is_sha384_algo) else: hash = '\0' * MI_PROG_BOOT_DIGEST_SIZE
@@ -1129,7 +1157,7 @@ file_buff = elf_in_fp.read(data_len)
if (MI_PBT_CHECK_FLAG_TYPE(curr_phdr.p_flags) is True) and (data_len > 0): - hash = generate_hash(file_buff, is_sha256_algo) + hash = generate_hash(file_buff, is_sha256_algo, is_sha384_algo) else: hash = '\0' * MI_PROG_BOOT_DIGEST_SIZE
@@ -1151,7 +1179,7 @@
# Initialize the hash table program header [hash_Phdr, pad_hash_segment, hash_tbl_end_addr, hash_tbl_offset] = \ - initialize_hash_phdr(elf_in_file_name, hashtable_size, MI_BOOT_IMG_HDR_SIZE, ELF_BLOCK_ALIGN, is_elf64) + initialize_hash_phdr(elf_in_file_name, hashtable_size, image_header_size, ELF_BLOCK_ALIGN, is_elf64)
# Check if hash segment max size parameter was passed if (hash_seg_max_size is not None): @@ -1252,7 +1280,7 @@ # Read the program header and compute hash proghdr_buff = elf_out_fp.read(elf_header.e_phnum * phdr_size)
- hash = generate_hash(elfhdr_buff + proghdr_buff, is_sha256_algo) + hash = generate_hash(elfhdr_buff + proghdr_buff, is_sha256_algo, is_sha384_algo)
# Write hash to file as first hash table entry hash_out_fp.seek(0) @@ -2101,9 +2129,11 @@ #---------------------------------------------------------------------------- # sha1/sha256 hash routine wrapper #---------------------------------------------------------------------------- -def generate_hash(in_buf, is_sha256_algo): +def generate_hash(in_buf, is_sha256_algo, is_sha384_algo = False): # Initialize a SHA1 object from the Python hash library - if (is_sha256_algo is True): + if is_sha384_algo: + m = hashlib.sha384() + elif (is_sha256_algo is True): m = hashlib.sha256() else: m = hashlib.sha1()