65be27dcfd
* gnu/packages/bootloaders.scm (%u-boot-allow-disabling-openssl-patch): New variable. (u-boot): Update to 2021.10. Add patch fixing build without openssl. (u-boot-qemu-riscv64-smode): Add patch fixing build without openssl. (u-boot-tools): Adjust phases to disable CONFIG_TOOLS_LIBCRYPTO. (make-u-boot-package): Add phase disabling CONFIG_TOOLS_LIBCRYPTO. * gnu/packages/patches/u-boot-allow-disabling-openssl.patch: New patch. * gnu/local.mk (dist_patch_DATA): Add patch.
164 lines
4.4 KiB
Diff
164 lines
4.4 KiB
Diff
From f060e90d148270307228315e2759a0065ec1d796 Mon Sep 17 00:00:00 2001
|
|
From: Vagrant Cascadian <vagrant@debian.org>
|
|
Date: Fri, 22 Oct 2021 17:34:53 -0700
|
|
Subject: [PATCH] Revert "tools: kwbimage: Do not hide usage of secure header
|
|
under CONFIG_ARMADA_38X"
|
|
|
|
This reverts commit b4f3cc2c42d97967a3a3c8796c340f6b07ecccac.
|
|
---
|
|
tools/Makefile | 8 ++++++++
|
|
tools/kwbimage.c | 22 ++++++++++++++++++++++
|
|
2 files changed, 30 insertions(+)
|
|
|
|
diff --git a/tools/Makefile b/tools/Makefile
|
|
index 4a86321f64..9517f203fd 100644
|
|
--- a/tools/Makefile
|
|
+++ b/tools/Makefile
|
|
@@ -169,6 +169,14 @@ HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff
|
|
HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER
|
|
endif
|
|
|
|
+ifneq ($(CONFIG_SYS_U_BOOT_OFFS),)
|
|
+HOSTCFLAGS_kwbimage.o += -DCONFIG_SYS_U_BOOT_OFFS=$(CONFIG_SYS_U_BOOT_OFFS)
|
|
+endif
|
|
+
|
|
+ifneq ($(CONFIG_ARMADA_38X),)
|
|
+HOSTCFLAGS_kwbimage.o += -DCONFIG_KWB_SECURE
|
|
+endif
|
|
+
|
|
# MXSImage needs LibSSL
|
|
ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),)
|
|
HOSTCFLAGS_kwbimage.o += \
|
|
diff --git a/tools/kwbimage.c b/tools/kwbimage.c
|
|
index d200ff2425..23d6be3c9a 100644
|
|
--- a/tools/kwbimage.c
|
|
+++ b/tools/kwbimage.c
|
|
@@ -14,6 +14,7 @@
|
|
#include <stdint.h>
|
|
#include "kwbimage.h"
|
|
|
|
+#ifdef CONFIG_KWB_SECURE
|
|
#include <openssl/bn.h>
|
|
#include <openssl/rsa.h>
|
|
#include <openssl/pem.h>
|
|
@@ -39,10 +40,13 @@ void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
|
|
EVP_MD_CTX_reset(ctx);
|
|
}
|
|
#endif
|
|
+#endif
|
|
|
|
static struct image_cfg_element *image_cfg;
|
|
static int cfgn;
|
|
+#ifdef CONFIG_KWB_SECURE
|
|
static int verbose_mode;
|
|
+#endif
|
|
|
|
struct boot_mode {
|
|
unsigned int id;
|
|
@@ -237,6 +241,8 @@ image_count_options(unsigned int optiontype)
|
|
return count;
|
|
}
|
|
|
|
+#if defined(CONFIG_KWB_SECURE)
|
|
+
|
|
static int image_get_csk_index(void)
|
|
{
|
|
struct image_cfg_element *e;
|
|
@@ -259,6 +265,8 @@ static bool image_get_spezialized_img(void)
|
|
return e->sec_specialized_img;
|
|
}
|
|
|
|
+#endif
|
|
+
|
|
/*
|
|
* Compute a 8-bit checksum of a memory area. This algorithm follows
|
|
* the requirements of the Marvell SoC BootROM specifications.
|
|
@@ -353,6 +361,7 @@ static uint8_t baudrate_to_option(unsigned int baudrate)
|
|
}
|
|
}
|
|
|
|
+#if defined(CONFIG_KWB_SECURE)
|
|
static void kwb_msg(const char *fmt, ...)
|
|
{
|
|
if (verbose_mode) {
|
|
@@ -847,6 +856,8 @@ done:
|
|
return ret;
|
|
}
|
|
|
|
+#endif
|
|
+
|
|
static void *image_create_v0(size_t *imagesz, struct image_tool_params *params,
|
|
int payloadsz)
|
|
{
|
|
@@ -977,11 +988,13 @@ static size_t image_headersz_v1(int *hasext)
|
|
*hasext = 1;
|
|
}
|
|
|
|
+#if defined(CONFIG_KWB_SECURE)
|
|
if (image_get_csk_index() >= 0) {
|
|
headersz += sizeof(struct secure_hdr_v1);
|
|
if (hasext)
|
|
*hasext = 1;
|
|
}
|
|
+#endif
|
|
|
|
/*
|
|
* The payload should be aligned on some reasonable
|
|
@@ -1058,6 +1071,8 @@ err_close:
|
|
return -1;
|
|
}
|
|
|
|
+#if defined(CONFIG_KWB_SECURE)
|
|
+
|
|
int export_pub_kak_hash(RSA *kak, struct secure_hdr_v1 *secure_hdr)
|
|
{
|
|
FILE *hashf;
|
|
@@ -1170,6 +1185,7 @@ int add_secure_header_v1(struct image_tool_params *params, uint8_t *ptr,
|
|
|
|
return 0;
|
|
}
|
|
+#endif
|
|
|
|
static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
|
|
uint8_t *ptr, int payloadsz)
|
|
@@ -1177,7 +1193,9 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
|
|
struct image_cfg_element *e;
|
|
struct main_hdr_v1 *main_hdr;
|
|
struct register_set_hdr_v1 *register_set_hdr;
|
|
+#if defined(CONFIG_KWB_SECURE)
|
|
struct secure_hdr_v1 *secure_hdr = NULL;
|
|
+#endif
|
|
size_t headersz;
|
|
uint8_t *image, *cur;
|
|
int hasext = 0;
|
|
@@ -1253,6 +1271,7 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
|
|
if (main_hdr->blockid == IBR_HDR_PEX_ID)
|
|
main_hdr->srcaddr = cpu_to_le32(0xFFFFFFFF);
|
|
|
|
+#if defined(CONFIG_KWB_SECURE)
|
|
if (image_get_csk_index() >= 0) {
|
|
/*
|
|
* only reserve the space here; we fill the header later since
|
|
@@ -1263,6 +1282,7 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
|
|
*next_ext = 1;
|
|
next_ext = &secure_hdr->next;
|
|
}
|
|
+#endif
|
|
|
|
datai = 0;
|
|
register_set_hdr = (struct register_set_hdr_v1 *)cur;
|
|
@@ -1310,9 +1330,11 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
|
|
return NULL;
|
|
}
|
|
|
|
+#if defined(CONFIG_KWB_SECURE)
|
|
if (secure_hdr && add_secure_header_v1(params, ptr, payloadsz,
|
|
headersz, image, secure_hdr))
|
|
return NULL;
|
|
+#endif
|
|
|
|
/* Calculate and set the header checksum */
|
|
main_hdr->checksum = image_checksum8(main_hdr, headersz);
|
|
--
|
|
2.30.2
|
|
|