diff options
author | T Michael Turney <mturney@codeaurora.org> | 2019-08-07 14:26:32 -0700 |
---|---|---|
committer | Julius Werner <jwerner@chromium.org> | 2020-02-07 23:11:45 +0000 |
commit | bcd62f5737f5022b1bbe0041d4222575851b3cb9 (patch) | |
tree | c84ec40a5f2df8d6fa2f30195729d9da417f20c9 /util/qualcomm/mbn_tools.py | |
parent | 01bfa53f772a1a5cf7caa95abc62e35579022024 (diff) | |
download | coreboot-bcd62f5737f5022b1bbe0041d4222575851b3cb9.tar.xz |
trogdor: support mbn_version 6 with python build scripts
Developer/Reviewer, be aware of this patch from Mistral:
https://review.coreboot.org/c/coreboot/+/33425/18
Change-Id: I020d1e4d4f5c948948e1b39dd18af1d0e860c279
Signed-off-by: T Michael Turney <mturney@codeaurora.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35506
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Diffstat (limited to 'util/qualcomm/mbn_tools.py')
-rwxr-xr-x | util/qualcomm/mbn_tools.py | 133 |
1 files changed, 83 insertions, 50 deletions
diff --git a/util/qualcomm/mbn_tools.py b/util/qualcomm/mbn_tools.py index 12dc210cac..6008da5d82 100755 --- a/util/qualcomm/mbn_tools.py +++ b/util/qualcomm/mbn_tools.py @@ -41,6 +41,7 @@ # # when who what, where, why # -------- --- --------------------------------------------------------- +# 05/21/18 rissha Added support for extended MBNV6 and Add support for hashing elf segments with SHA384 # 03/22/18 thiru Added support for extended MBNV5. # 06/06/13 yliong CR 497042: Signed and encrypted image is corrupted. MRC features. # 03/18/13 dhaval Add support for hashing elf segments with SHA256 and @@ -64,23 +65,21 @@ import hashlib #---------------------------------------------------------------------------- # GLOBAL VARIABLES BEGIN #---------------------------------------------------------------------------- -PAD_BYTE_1 = 255 # Padding byte 1s -PAD_BYTE_0 = 0 # Padding byte 0s -SHA256_SIGNATURE_SIZE = 256 # Support SHA256 -MAX_NUM_ROOT_CERTS = 4 # Maximum number of OEM root certificates -MI_BOOT_IMG_HDR_SIZE = 40 # sizeof(mi_boot_image_header_type) -MI_BOOT_SBL_HDR_SIZE = 80 # sizeof(sbl_header) -BOOT_HEADER_LENGTH = 20 # Boot Header Number of Elements -SBL_HEADER_LENGTH = 20 # SBL Header Number of Elements -FLASH_PARTI_VERSION = 3 # Flash Partition Version Number -MAX_PHDR_COUNT = 100 # Maximum allowable program headers -CERT_CHAIN_ONEROOT_MAXSIZE = 6*1024 # Default Cert Chain Max Size for one root -VIRTUAL_BLOCK_SIZE = 131072 # Virtual block size for MCs insertion in SBL1 if ENABLE_VIRTUAL_BLK ON -MAGIC_COOKIE_LENGTH = 12 # Length of magic Cookie inserted per VIRTUAL_BLOCK_SIZE -MIN_IMAGE_SIZE_WITH_PAD = 256*1024 # Minimum image size for sbl1 Nand based OTA feature - -SBL_AARCH64 = 0xF # Indicate that SBL is a Aarch64 image -SBL_AARCH32 = 0x0 # Indicate that SBL is a Aarch32 image +PAD_BYTE_1 = 255 # Padding byte 1s +PAD_BYTE_0 = 0 # Padding byte 0s +SHA256_SIGNATURE_SIZE = 256 # Support SHA256 +MAX_NUM_ROOT_CERTS = 4 # Maximum number of OEM root certificates +MI_BOOT_SBL_HDR_SIZE = 80 # sizeof(sbl_header) +BOOT_HEADER_LENGTH = 20 # Boot Header Number of Elements +SBL_HEADER_LENGTH = 20 # SBL Header Number of Elements +MAX_PHDR_COUNT = 100 # Maximum allowable program headers +CERT_CHAIN_ONEROOT_MAXSIZE = 6*1024 # Default Cert Chain Max Size for one root +VIRTUAL_BLOCK_SIZE = 131072 # Virtual block size for MCs insertion in SBL1 if ENABLE_VIRTUAL_BLK ON +MAGIC_COOKIE_LENGTH = 12 # Length of magic Cookie inserted per VIRTUAL_BLOCK_SIZE +MIN_IMAGE_SIZE_WITH_PAD = 256*1024 # Minimum image size for sbl1 Nand based OTA feature + +SBL_AARCH64 = 0xF # Indicate that SBL is a Aarch64 image +SBL_AARCH32 = 0x0 # Indicate that SBL is a Aarch32 image # Magic numbers filled in for boot headers FLASH_CODE_WORD = 0x844BDCD1 @@ -150,7 +149,6 @@ values. MI_PBT_FLAGS_MASK = 0x0FF00000 # Helper defines to help parse ELF program headers -MI_PROG_BOOT_DIGEST_SIZE = 20 MI_PBT_FLAG_SEGMENT_TYPE_MASK = 0x07000000 MI_PBT_FLAG_SEGMENT_TYPE_SHIFT = 0x18 MI_PBT_FLAG_PAGE_MODE_MASK = 0x00100000 @@ -528,7 +526,7 @@ class SegmentInfo: class Boot_Hdr: def __init__(self, init_val): self.image_id = ImageType.NONE_IMG - self.flash_parti_ver = FLASH_PARTI_VERSION + self.flash_parti_ver = 3 self.image_src = init_val self.image_dest_ptr = init_val self.image_size = init_val @@ -573,6 +571,10 @@ class Boot_Hdr: self.reserved_2, self.reserved_3 ] + if self.flash_parti_ver >= 6: + values.insert(10, self.metadata_size_qti) + values.insert(11, self.metadata_size) + if self.image_dest_ptr >= 0x100000000: values[3] = 0xFFFFFFFF @@ -584,8 +586,12 @@ class Boot_Hdr: # Write 10 entries(40B) or 20 entries(80B) of boot header if write_full_hdr is False: - s = struct.Struct('I'* 10) - values = values[:10] + if self.flash_parti_ver >= 6: + s = struct.Struct('I'* 12) + values = values[:12] + else: + s = struct.Struct('I'* 10) + values = values[:10] else: s = struct.Struct('I' * self.getLength()) @@ -904,7 +910,6 @@ def image_header(env, gen_dict, code_file_name, output_file_name, secure_type, - is_ext_mbn_v5, header_format = 'reg', requires_preamble = False, preamble_file_name = None, @@ -912,7 +917,8 @@ def image_header(env, gen_dict, write_full_hdr = False, in_code_size = None, cert_chain_size_in = CERT_CHAIN_ONEROOT_MAXSIZE, - num_of_pages = None): + num_of_pages = None, + header_version = None): # Preliminary checks if (requires_preamble is True) and (preamble_file_name is None): @@ -945,9 +951,12 @@ def image_header(env, gen_dict, cert_chain_size = 0 image_size = code_size + if header_version: + assert header_version in [3, 5, 6], 'Not a valid MBN header version' + # For ELF or hashed images, image destination will be determined from an ELF input file if gen_dict['IMAGE_KEY_MBN_TYPE'] == 'elf': - image_dest = get_hash_address(elf_file_name) + MI_BOOT_IMG_HDR_SIZE + image_dest = get_hash_address(elf_file_name) + (header_size(header_version)) elif gen_dict['IMAGE_KEY_MBN_TYPE'] == 'bin': image_dest = gen_dict['IMAGE_KEY_IMAGE_DEST'] image_source = gen_dict['IMAGE_KEY_IMAGE_SOURCE'] @@ -991,12 +1000,15 @@ def image_header(env, gen_dict, boot_header.sig_size = signature_size boot_header.cert_chain_ptr = image_dest + code_size + signature_size boot_header.cert_chain_size = cert_chain_size + boot_header.flash_parti_ver = header_version # version - if is_ext_mbn_v5 == True: - # If platform image integrity check is enabled - boot_header.flash_parti_ver = 5 # version - boot_header.image_src = 0 # sig_size_qc - boot_header.image_dest_ptr = 0 # cert_chain_size_qc + if header_version >= 5: + boot_header.image_src = 0 # sig_size_qc + boot_header.image_dest_ptr = 0 # cert_chain_size_qc + + if header_version >= 6: + boot_header.metadata_size_qti = 0 # qti_metadata size + boot_header.metadata_size = 0 # oem_metadata size # If preamble is required, output the preamble file and update the boot_header if requires_preamble is True: @@ -1021,12 +1033,22 @@ def pboot_gen_elf(env, elf_in_file_name, last_phys_addr = None, append_xml_hdr = False, is_sha256_algo = True, - cert_chain_size_in = CERT_CHAIN_ONEROOT_MAXSIZE): - global MI_PROG_BOOT_DIGEST_SIZE - if (is_sha256_algo is True): - MI_PROG_BOOT_DIGEST_SIZE = 32 + cert_chain_size_in = CERT_CHAIN_ONEROOT_MAXSIZE, + header_version = None): + sha_algo = 'SHA1' + if is_sha256_algo: + sha_algo = 'SHA256' + + if header_version >= 6: + sha_algo = 'SHA384' + image_header_size = header_size(header_version) + + if (sha_algo == 'SHA384'): + mi_prog_boot_digest_size = 48 + elif sha_algo == 'SHA256': + mi_prog_boot_digest_size = 32 else: - MI_PROG_BOOT_DIGEST_SIZE = 20 + mi_prog_boot_digest_size = 20 # Open Files elf_in_fp = OPEN(elf_in_file_name, "rb") @@ -1052,7 +1074,7 @@ def pboot_gen_elf(env, elf_in_file_name, elf_header_size = ELF32_HDR_SIZE is_elf64 = False - hash = '\0' * MI_PROG_BOOT_DIGEST_SIZE + hash = '\0' * mi_prog_boot_digest_size phdr_start = 0 bytes_to_pad = 0 hash_seg_end = 0 @@ -1071,12 +1093,12 @@ def pboot_gen_elf(env, elf_in_file_name, elf_header.e_phnum += 2 # Create an empty hash entry for PHDR_TYPE - hash_out_fp.write('\0' * MI_PROG_BOOT_DIGEST_SIZE) - hashtable_size += MI_PROG_BOOT_DIGEST_SIZE + hash_out_fp.write('\0' * mi_prog_boot_digest_size) + hashtable_size += mi_prog_boot_digest_size # Create an empty hash entry for the hash segment itself - hash_out_fp.write('\0' * MI_PROG_BOOT_DIGEST_SIZE) - hashtable_size += MI_PROG_BOOT_DIGEST_SIZE + hash_out_fp.write('\0' * mi_prog_boot_digest_size) + hashtable_size += mi_prog_boot_digest_size # Begin hash table generation for i in range(num_phdrs): @@ -1110,14 +1132,14 @@ def pboot_gen_elf(env, elf_in_file_name, fbuf = elf_in_fp.read(hash_size) if MI_PBT_CHECK_FLAG_TYPE(curr_phdr.p_flags) is True: - hash = generate_hash(fbuf, is_sha256_algo) + hash = generate_hash(fbuf, sha_algo) else: - hash = '\0' * MI_PROG_BOOT_DIGEST_SIZE + hash = '\0' * mi_prog_boot_digest_size # Write hash to file hash_out_fp.write(hash) - hashtable_size += MI_PROG_BOOT_DIGEST_SIZE + hashtable_size += mi_prog_boot_digest_size seg_offset += ELF_BLOCK_ALIGN # Copy the hash entry for all that are PAGED segments and those that are not the PHDR type. This is for @@ -1129,14 +1151,14 @@ def pboot_gen_elf(env, elf_in_file_name, file_buff = elf_in_fp.read(data_len) if (MI_PBT_CHECK_FLAG_TYPE(curr_phdr.p_flags) is True) and (data_len > 0): - hash = generate_hash(file_buff, is_sha256_algo) + hash = generate_hash(file_buff, sha_algo) else: - hash = '\0' * MI_PROG_BOOT_DIGEST_SIZE + hash = '\0' * mi_prog_boot_digest_size # Write hash to file hash_out_fp.write(hash) - hashtable_size += MI_PROG_BOOT_DIGEST_SIZE + hashtable_size += mi_prog_boot_digest_size # End hash table generation # Generate the rest of the ELF output file if specified @@ -1151,7 +1173,7 @@ def pboot_gen_elf(env, elf_in_file_name, # Initialize the hash table program header [hash_Phdr, pad_hash_segment, hash_tbl_end_addr, hash_tbl_offset] = \ - initialize_hash_phdr(elf_in_file_name, hashtable_size, MI_BOOT_IMG_HDR_SIZE, ELF_BLOCK_ALIGN, is_elf64) + initialize_hash_phdr(elf_in_file_name, hashtable_size, image_header_size, ELF_BLOCK_ALIGN, is_elf64) # Check if hash segment max size parameter was passed if (hash_seg_max_size is not None): @@ -1252,7 +1274,7 @@ def pboot_gen_elf(env, elf_in_file_name, # Read the program header and compute hash proghdr_buff = elf_out_fp.read(elf_header.e_phnum * phdr_size) - hash = generate_hash(elfhdr_buff + proghdr_buff, is_sha256_algo) + hash = generate_hash(elfhdr_buff + proghdr_buff, sha_algo) # Write hash to file as first hash table entry hash_out_fp.seek(0) @@ -1592,7 +1614,7 @@ def generate_code_hash(env, elf_in_file_name): page = page + elf_in_fp.read(bytes_in_page - len(page)) if (len(page) < DP_PAGE_SIZE): page = page + (struct.pack('b', 0) * (DP_PAGE_SIZE - len(page))) - hashes = hashes + [generate_hash(page, True)] + hashes = hashes + [generate_hash(page, 'SHA256')] bytes_left -= bytes_in_page # And write them to the hash segment @@ -2101,9 +2123,20 @@ def file_copy_offset(in_fp, in_off, out_fp, out_off, num_bytes): #---------------------------------------------------------------------------- # sha1/sha256 hash routine wrapper #---------------------------------------------------------------------------- -def generate_hash(in_buf, is_sha256_algo): +def header_size(header_version): + if header_version >= 6: + return 48 + else: + return 40 + +#---------------------------------------------------------------------------- +# sha1/sha256 hash routine wrapper +#---------------------------------------------------------------------------- +def generate_hash(in_buf, sha_algo): # Initialize a SHA1 object from the Python hash library - if (is_sha256_algo is True): + if sha_algo == 'SHA384': + m = hashlib.sha384() + elif sha_algo == 'SHA256': m = hashlib.sha256() else: m = hashlib.sha1() |