Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform / dev-util / 4c24f66303c28d77d3805a586621f4018a4be022^! / . / host / lib / bundle_firmware.py
commit4c24f66303c28d77d3805a586621f4018a4be022[log] [tgz]
authorSimon Glass <sjg@chromium.org>Fri Jul 19 15:53:02 2013 -0600
committerChromeBot <chrome-bot@google.com>Wed Aug 07 12:43:14 2013 -0700
tree0b27c346bb7f4438fb0c5d908fc6ad4270deadea
parent0a047bcec0a2c5c98d4fb548107510c1d96abfdd [diff] [blame]
cros_bundle_firmware: Support adding a hash to Exynos SPL

For early firmware selection we want to try signing the SPL only, and
verifying U-Boot with a hash stored in SPL. Add a feature to support
this.

When we see 'hash-target' in the SPL node in the flashmap, we create a
hash of the data that SPL plans to load, and put it into the SPL's hash
area. This is right at the end of SPL and is pointed to by a word in
the SPL header (offset 8 in the file).

The format of the hash information is defined by U-Boot:

   16-byte header (signature, version, length of entire hash info, flags)
   32-byte algorithm name ("sha256", \0 terminated)
   32-byte hash

Note: when we implement FDT in SPL, we can store the hash there instead,
provided that the FDT is signed along with SPL, or the signer supports
signing more than one thing.

BUG=chrome-os-partner:21115
TEST=FEATURES=test sudo -E  emerge cros-devutils
Use ghex to check that the hash information looks correct in the resulting
updated-spl.bin

Change-Id: I5e2826de1a88ef1a772872939fe8a291c6a02da1
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/62741

diff --git a/host/lib/bundle_firmware.py b/host/lib/bundle_firmware.py
index 998039e..13dacde 100644
--- a/host/lib/bundle_firmware.py
+++ b/host/lib/bundle_firmware.py

@@ -939,7 +939,8 @@
       pack.AddProperty('keydir', self._keydir)
 
     # Some blobs need to be configured according to the node they are in.
-    for blob in pack.GetMissingBlobs():
+    todo = pack.GetMissingBlobs()
+    for blob in todo:
       if blob.key.startswith('exynos-bl2'):
         bl2 = ExynosBl2(self._tools, self._out)
         pack.AddProperty(blob.key, bl2.MakeSpl(pack, fdt, blob,
@@ -950,6 +951,15 @@
     # Record position and size of all blob members in the FDT
     pack.UpdateBlobPositionsAndHashes(fdt)
 
+    # Recalculate the Exynos BL2, since it may have a hash. The call to
+    # UpdateBlobPositionsAndHashes() may have updated the hash-target so we
+    # need to recalculate the hash.
+    for blob in todo:
+      if blob.key.startswith('exynos-bl2'):
+        bl2 = ExynosBl2(self._tools, self._out)
+        pack.AddProperty(blob.key, bl2.MakeSpl(pack, fdt, blob,
+                                               self.exynos_bl2))
+
     # Make a copy of the fdt for the bootstub
     fdt_data = self._tools.ReadFile(fdt.fname)
     uboot_data = self._tools.ReadFile(self.uboot_fname)