Whitebox
/
u-boot
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures

Browse Source 
When generating timestamps in signatures, use imagetool_get_source_date()
so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible
images.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromum.org>
lime2-spi
Alex Kiernan 6 years ago committed by Tom Rini
parent 87925df2b3
commit 795f452eef
3 changed files with 24 additions and 16 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      include/image.h
  2. 3
      tools/fit_image.c
  3. 34
      tools/image-host.c

3
include/image.h
Unescape View File

@ -1009,6 +1009,7 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp);
* @comment: Comment to add to signature nodes * @comment: Comment to add to signature nodes
* @require_keys: Mark all keys as 'required' * @require_keys: Mark all keys as 'required'
* @engine_id: Engine to use for signing * @engine_id: Engine to use for signing
* @cmdname: Command name used when reporting errors
* *
* Adds hash values for all component images in the FIT blob. * Adds hash values for all component images in the FIT blob.
* Hashes are calculated for all component images which have hash subnodes * Hashes are calculated for all component images which have hash subnodes
@ -1022,7 +1023,7 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp);
*/ */
int fit_add_verification_data(const char *keydir, void *keydest, void *fit, int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
const char *comment, int require_keys, const char *comment, int require_keys,
const char *engine_id); const char *engine_id, const char *cmdname);
int fit_image_verify_with_data(const void *fit, int image_noffset, int fit_image_verify_with_data(const void *fit, int image_noffset,
const void *data, size_t size); const void *data, size_t size);

3
tools/fit_image.c
Unescape View File

@ -60,7 +60,8 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
ret = fit_add_verification_data(params->keydir, dest_blob, ptr, ret = fit_add_verification_data(params->keydir, dest_blob, ptr,
params->comment, params->comment,
params->require_keys, params->require_keys,
params->engine_id); params->engine_id,
params->cmdname);
} }
if (dest_blob) { if (dest_blob) {

34
tools/image-host.c
Unescape View File

@ -106,7 +106,7 @@ static int fit_image_process_hash(void *fit, const char *image_name,
*/ */
static int fit_image_write_sig(void *fit, int noffset, uint8_t *value, static int fit_image_write_sig(void *fit, int noffset, uint8_t *value,
int value_len, const char *comment, const char *region_prop, int value_len, const char *comment, const char *region_prop,
int region_proplen) int region_proplen, const char *cmdname)
{ {
int string_size; int string_size;
int ret; int ret;
@ -128,8 +128,12 @@ static int fit_image_write_sig(void *fit, int noffset, uint8_t *value,
} }
if (comment && !ret) if (comment && !ret)
ret = fdt_setprop_string(fit, noffset, "comment", comment); ret = fdt_setprop_string(fit, noffset, "comment", comment);
if (!ret) if (!ret) {
ret = fit_set_timestamp(fit, noffset, time(NULL)); time_t timestamp = imagetool_get_source_date(cmdname,
time(NULL));
ret = fit_set_timestamp(fit, noffset, timestamp);
}
if (region_prop && !ret) { if (region_prop && !ret) {
uint32_t strdata[2]; uint32_t strdata[2];
@ -201,7 +205,8 @@ static int fit_image_setup_sig(struct image_sign_info *info,
static int fit_image_process_sig(const char *keydir, void *keydest, static int fit_image_process_sig(const char *keydir, void *keydest,
void *fit, const char *image_name, void *fit, const char *image_name,
int noffset, const void *data, size_t size, int noffset, const void *data, size_t size,
const char *comment, int require_keys, const char *engine_id) const char *comment, int require_keys, const char *engine_id,
const char *cmdname)
{ {
struct image_sign_info info; struct image_sign_info info;
struct image_region region; struct image_region region;
@ -229,7 +234,7 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
} }
ret = fit_image_write_sig(fit, noffset, value, value_len, comment, ret = fit_image_write_sig(fit, noffset, value, value_len, comment,
NULL, 0); NULL, 0, cmdname);
if (ret) { if (ret) {
if (ret == -FDT_ERR_NOSPACE) if (ret == -FDT_ERR_NOSPACE)
return -ENOSPC; return -ENOSPC;
@ -296,7 +301,7 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
*/ */
int fit_image_add_verification_data(const char *keydir, void *keydest, int fit_image_add_verification_data(const char *keydir, void *keydest,
void *fit, int image_noffset, const char *comment, void *fit, int image_noffset, const char *comment,
int require_keys, const char *engine_id) int require_keys, const char *engine_id, const char *cmdname)
{ {
const char *image_name; const char *image_name;
const void *data; const void *data;
@ -333,7 +338,7 @@ int fit_image_add_verification_data(const char *keydir, void *keydest,
strlen(FIT_SIG_NODENAME))) { strlen(FIT_SIG_NODENAME))) {
ret = fit_image_process_sig(keydir, keydest, ret = fit_image_process_sig(keydir, keydest,
fit, image_name, noffset, data, size, fit, image_name, noffset, data, size,
comment, require_keys, engine_id); comment, require_keys, engine_id, cmdname);
} }
if (ret) if (ret)
return ret; return ret;
@ -574,7 +579,7 @@ static int fit_config_get_data(void *fit, int conf_noffset, int noffset,
static int fit_config_process_sig(const char *keydir, void *keydest, static int fit_config_process_sig(const char *keydir, void *keydest,
void *fit, const char *conf_name, int conf_noffset, void *fit, const char *conf_name, int conf_noffset,
int noffset, const char *comment, int require_keys, int noffset, const char *comment, int require_keys,
const char *engine_id) const char *engine_id, const char *cmdname)
{ {
struct image_sign_info info; struct image_sign_info info;
const char *node_name; const char *node_name;
@ -609,7 +614,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
} }
ret = fit_image_write_sig(fit, noffset, value, value_len, comment, ret = fit_image_write_sig(fit, noffset, value, value_len, comment,
region_prop, region_proplen); region_prop, region_proplen, cmdname);
if (ret) { if (ret) {
if (ret == -FDT_ERR_NOSPACE) if (ret == -FDT_ERR_NOSPACE)
return -ENOSPC; return -ENOSPC;
@ -638,7 +643,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
static int fit_config_add_verification_data(const char *keydir, void *keydest, static int fit_config_add_verification_data(const char *keydir, void *keydest,
void *fit, int conf_noffset, const char *comment, void *fit, int conf_noffset, const char *comment,
int require_keys, const char *engine_id) int require_keys, const char *engine_id, const char *cmdname)
{ {
const char *conf_name; const char *conf_name;
int noffset; int noffset;
@ -657,7 +662,7 @@ static int fit_config_add_verification_data(const char *keydir, void *keydest,
strlen(FIT_SIG_NODENAME))) { strlen(FIT_SIG_NODENAME))) {
ret = fit_config_process_sig(keydir, keydest, ret = fit_config_process_sig(keydir, keydest,
fit, conf_name, conf_noffset, noffset, comment, fit, conf_name, conf_noffset, noffset, comment,
require_keys, engine_id); require_keys, engine_id, cmdname);
} }
if (ret) if (ret)
return ret; return ret;
@ -668,7 +673,7 @@ static int fit_config_add_verification_data(const char *keydir, void *keydest,
int fit_add_verification_data(const char *keydir, void *keydest, void *fit, int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
const char *comment, int require_keys, const char *comment, int require_keys,
const char *engine_id) const char *engine_id, const char *cmdname)
{ {
int images_noffset, confs_noffset; int images_noffset, confs_noffset;
int noffset; int noffset;
@ -691,7 +696,8 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
* i.e. component image node. * i.e. component image node.
*/ */
ret = fit_image_add_verification_data(keydir, keydest, ret = fit_image_add_verification_data(keydir, keydest,
fit, noffset, comment, require_keys, engine_id); fit, noffset, comment, require_keys, engine_id,
cmdname);
if (ret) if (ret)
return ret; return ret;
} }
@ -715,7 +721,7 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
ret = fit_config_add_verification_data(keydir, keydest, ret = fit_config_add_verification_data(keydir, keydest,
fit, noffset, comment, fit, noffset, comment,
require_keys, require_keys,
engine_id); engine_id, cmdname);
if (ret) if (ret)
return ret; return ret;
} }

Write Preview
Loading…
Cancel
Save